The National Institute of Standards and Technology has issued a second public draft of the revised Special Publication 800-38G, or SP 800-38G, to invite public comment on the document.
The initial revision of the “Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption” includes key technical changes, such as increased domain size of the FF1 encryption method and unspecified FF3 encryption method, NIST said Monday. Under the new draft, the inverse advanced encryption standard cipher and floating point arithmetic have been disallowed.
Addressing Sensitive Information Management
First published in March 2016, SP 800-38G was designed to specify and approve the FF1 and FF3 methods for format-preserving encryption, or FPE. The publication intended to address issues, such as sensitive information management of software packages. According to NIST, the document provides ways to convert a digital code and make it indecipherable to hackers.
Since the publication came out, researchers have identified several FPE vulnerabilities that prompted NIST to implement revisions. For instance, the FF3 tweak parameter was reduced to 56 bits and named FF3-1. The adjustment also led NIST to set the minimum domain size for FF1 and FF3-1 at one million.
Interested parties can submit their comments on the revised draft by April 4.