Special Publication 800-38G specifies the FF1 and FF3 format-preserving encryption (FPE) modes of the AES algorithm. The acronym indicates that each mode is a Feistel-based method for FPE. Previously approved confidentiality modes are designed for binary data; FPE modes are designed for any kind of data, including non-binary formats, such as credit card numbers and social security numbers. Consequently, FPE facilitates the retrofitting of encryption technology to existing devices or software, where a conventional encryption mode might not be feasible.
FF1 was submitted to NIST by Bellare, Rogaway and Spies under the name FFX[Radix]; FF3 is the main component of the BPS mechanism that was submitted to NIST by Brier, Peyrin, and Stern.
Letter of Assurance: Voltage Security, Inc. (which in the interim was acquired by HP, Inc.) provided NIST with a Letter of Assurance regarding the licensing of patents that may be relevant for the use of FPE modes.