Format-preserving encryption

Abstract: We propose a new cryptographic primitive, the "tweakable block cipher." Such a cipher has not only the usual inputs - message and cryptographic key - but also a third input, the "tweak." The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable block ciphers are easy to design, (2) the extra cost of making a block cipher "tweakable" is small, and (3) it is easier to design and prove modes of operation based on tweakable block ciphers.

Abstract: We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs) Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block However, in a UFN the two parts need not be of equal size Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security

Abstract: A method of protecting a digital work uses a format preserving encryption scheme to encrypt the digital work. This enables any native replay application or rendering application to transform an encrypted digital work into encrypted presentation data. The originator's digital content is protected in its original form by not being decrypted. This method enables the rendering or replay application to process the encrypted document into encrypted presentation data without decrypting it first. Encrypted presentation data is then decrypted just before it is displayed to the user. An additive encryption scheme is a particular type of encryption scheme which preserves formatting of a digital work.

Abstract: Format-preserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of identical format--for example, encrypting a valid credit-card number into a valid credit-card number. The problem has been known for some time, but it has lacked a fully general and rigorous treatment. We provide one, starting off by formally defining FPE and security goals for it. We investigate the natural approach for achieving FPE on complex domains, the "rank-then-encipher" approach, and explore what it can and cannot do. We describe two flavors of unbalanced Feistel networks that can be used for achieving FPE, and we prove new security results for each. We revisit the cycle-walking approach for enciphering on a non-sparse subset of an encipherable domain, showing that the timing information that may be divulged by cycle walking is not a damaging thing to leak.

Abstract: With the advent of cloud computing, individuals and organizations have become interested in moving their databases from local to remote cloud servers However, data owners and cloud service providers are not in the same trusted domain in practice For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective database utilization a very challenging task To address this challenge, in this paper, we propose L-EncDB, a novel lightweight encryption mechanism for database, which (i) keeps the database structure and (ii) supports efficient SQL-based queries To achieve this goal, a new format-preserving encryption (FPE) scheme is constructed in this paper, which can be used to encrypt all types of character strings stored in database Extensive analysis demonstrates that the proposed L-EncDB scheme is highly efficient and provably secure under existing security model