Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Analysis of VAES3 (FF2)



Morris J. Dworkin, Ray A. Perlner


The National Institute of Standards and Technology (NIST) specified three methods for format-preserving encryption (FPE) in Draft NIST Special Publication (SP) 800-38G, which was released for public comment in July, 2013. Each method was a mode of operation of the Advanced Encryption Standard (AES). One of the three modes, VAES3, was specified under the name FF2 in the NIST draft. This note describes a theoretical chosen-plaintext attack that shows the security strength of FF2 is less than 128 bits.
Cryptology ePrint Archive


Advanced Encryption Standard, FF2, format-preserving encryption, mode of operation, VAES3


Dworkin, M. and Perlner, R. (2015), Analysis of VAES3 (FF2), Cryptology ePrint Archive, [online],, (Accessed May 23, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created April 2, 2015, Updated February 19, 2017