Protegrity Warns That NIST-Approved Format-Preserving Encryption (FPE) Standard May Leave Organizations Vulnerable to Attack

STAMFORD, Conn.--()--Protegrity today warned data security practitioners to closely inspect how and where they are using NIST-approved format-preserving encryption techniques after the standards body announced that the previously approved FF3 mode of operation of the Advanced Encryption Standard (AES) block cipher algorithm is no longer suitable as a general-purpose FPE method.

In a recent news alert, NIST described how two researchers performed a cryptanalytic attack on the FF3 technique for format-preserving encryption, demonstrating that FF3 clearly does not achieve the intended 128-bit security level, even for 9-digit decimal strings like Social Security numbers. “For any significantly smaller domains of confidential data--including the middle-six digits of credit card numbers, the format that FF3 was designed to encrypt--the level of computation for the attack might be practical for many attackers,” the alert stated.

NIST expects to revise Special Publication 800-38G later this year after the details of the attack are published, either to change the FF3 specification, or to withdraw the approval of FF3. NIST originally considered three FPE modes called FF1, FF2, and FF3. FF2 did not survive to publication and now FF3 has been broken by researchers.

“It’s unfortunate an attack vector was found in FF3 less than a year into being named a standard, but we will continue to monitor ongoing developments, and will support any future improvements to the FF3 algorithm leading to its reinstatement as a standard,” said Dominic Sartorio, Protegrity’s Senior Vice President of Products & Development. “Meanwhile, other format-preserving approaches such as tokenization can still be safely used. Tokenization has much greater flexibility regarding breadth of tokens the data can be converted to, has higher key-strength equivalent (similar to AES-256 or more), and has been in use for many years without such attack vectors being discovered.”

“Protegrity is committed to standards, while also being committed to customer choice,” continued Sartorio. “By offering a variety of data protection methods including Vaultless Tokenization, masking, and various encryption methods, customers have the freedom to choose the best protection methods for their datasets and workloads in accordance with established best practices, including the freedom to change as their needs change or if a vulnerability is found in any given method.”

About Protegrity: Proven Experts in Data Security

Protegrity is the only enterprise data security software platform that leverages scalable, data-centric encryption, tokenization and masking to help businesses secure sensitive information while maintaining data usability. Built for complex, heterogeneous business environments, the Protegrity Data Security Platform provides unprecedented levels of data security certified across applications, data warehouses, mainframes, big data, and cloud environments. Companies trust Protegrity to help them manage risk, achieve compliance, enable business analytics, and confidently adopt new platforms. For additional information visit

© 2017 Protegrity USA, Inc. All rights reserved. Protegrity and the Protegrity logo are trademarks of Protegrity Corporation. All other trademarks are the property of their respective owners.


Follow us on Twitter
Follow us on LinkedIn


Michael Maloney, 203-569-4670

Release Summary

Protegrity warned data security practitioners to closely inspect how and where they are using the FF3 format-preserving encryption standard that is no longer suitable as a general-purpose FPE method.


Michael Maloney, 203-569-4670