Format-preserving encryption

About: Format-preserving encryption is a research topic. Over the lifetime, 112 publications have been published within this topic receiving 2050 citations.

Format preserving-based database transparent encryption method

Abstract: The invention provides a format preserving-based transparent database encryption method. The security of a database can be effectively protected and storage is performed in a ciphertext form. A legal user can be transparentized; the same addition, deletion, modification and query methods as a non encrypted database are provided; and use of the user is not influenced. According to the method, a record in each data item of the database is encrypted in a format preserving encryption manner, so that the record can be stored in the database in the form of a ciphertext with the same data type. When the user needs to perform addition, deletion, modification and query on the encrypted database, a plaintext field input by the user is encrypted and converted into the ciphertext with the same data type, thereby enabling the plaintext field to be consistent with the data in the encrypted database; and a result obtained by a query is decrypted and presented to the user in a plaintext form, so that the user is transparentized.

Self-Synchronized Encryption for Physical Layer in 10Gbps Optical Links

Abstract: In this work a new self-synchronized encryption method for 10 Gigabit optical links is proposed and developed. Necessary modifications to introduce this kind of encryption in physical layers based on 64b/66b encoding, such as 10 GBase-R, have been considered. The proposed scheme encrypts directly the 64b/66b blocks by using a symmetric stream cipher based on an FPE (Format Preserving Encryption) block cipher operating in PSCFB (Pipelined Statistical Cipher Feedback) mode. One of the main novelties in this paper is the security analysis done for this mode. For the first time, an expression for the IND-CPA (Indistinguishability under Chosen-Plaintext Attack) advantage of any adversary over this scheme has been derived. Moreover, it has been concluded that this mode can be considered secure in the same way of traditional modes are. In addition, the overall system has been simulated and implemented in an FPGA (Field Programmable Gate Array). An encrypted optical link has been tested with Ethernet data frames, concluding that it is possible to cipher traffic at this level, getting maximum throughput and hiding traffic pattern from passive eavesdroppers.

Three Third Generation Attacks on the Format Preserving Encryption Scheme FF3

Abstract: Format-Preserving Encryption (FPE) schemes accept plaintexts from any finite set of values (such as social security numbers or birth dates) and produce ciphertexts that belong to the same set. They are extremely useful in practice since they make it possible to encrypt existing databases or communication packets without changing their format. Due to industry demand, NIST had standardized in 2016 two such encryption schemes called FF1 and FF3. They immediately attracted considerable cryptanalytic attention with decreasing attack complexities. The best currently known attack on the Feistel construction FF3 has data and memory complexity of \({O}(N^{11/6})\) and time complexity of \({O}(N^{17/6})\), where the input belongs to a domain of size \(N \times N\).

Format preserving encryption with padding

Abstract: Techniques for using padding in format preserving encryption are provided. In one aspect, it may be determined if padding of a plaintext undergoing format preserving encryption is needed. A pseudo random padding length may be calculated when it is determined that padding is needed. The calculated length of padding may be added to the plaintext when it is determined that padding is needed. The plaintext and added padding may be encrypted using format preserving encryption to create a cipher text.