Format-preserving encryption

About: Format-preserving encryption is a research topic. Over the lifetime, 112 publications have been published within this topic receiving 2050 citations.

Achieve Efficient and Verifiable Conjunctive and Fuzzy Queries over Encrypted Data in Cloud

Abstract: Due to the high demands of searchability over encrypted data, searchable encryption (SE) has recently received considerable attention and been widely suggested in encrypted cloud storage. Typically, the cloud server is assumed to be honestbut- curious in most SE-based cloud storage systems, i.e., the cloud server should follow the protocol to return valid and complete search results to users. However, this trust assumption is not always true due to some unanticipated situations, such as misconfigurations and malfunctions. Therefore, the function of verifiability of search results becomes crucial for the success of SE-based cloud storage systems. For this reason, many verifiable SE schemes have been proposed; however, they either fail to support query operators "OR", "AND", "*" and "?" simultaneously, or require many time-consuming operations. Aiming at addressing this problem, in this paper, we propose a new verifiable SE scheme for encrypted cloud storage. The proposed scheme is characterized by integrating various techniques, i.e., bitmap index, radix tree, format preserving encryption, keyedhash message authentication code and symmetric key encryption, for achieving efficient and verifiable conjunctive and fuzzy queries over encrypted data in the cloud. Detailed security analysis shows that our proposed scheme holds the confidentiality of data and verifiability of search results at the same time. In addition, extensive experiments are conducted, and the results demonstrate our proposed scheme is efficient and suitable for users to retrieve their data from the cloud to their mobile devices.

Physical Layer Encryption for Industrial Ethernet in Gigabit Optical Links

Abstract: Industrial Ethernet is a technology widely spread in factory floors and critical infrastructures where a high amount of data need to be collected and transported. Fiber optic networks at gigabit rates fit well with that type of environment, where speed, system performance, and reliability are critical. In this paper, a new encryption method for high-speed optical communications suitable for such kinds of networks is proposed. This new encryption method consists of a symmetric streaming encryption of the 8b/10b data flow at physical coding sublayer level. It is carried out thanks to a format preserving encryption block cipher working in CTR (counter) mode. The overall system has been simulated and implemented in a field programmable gate array. Thanks to experimental results, it can be concluded that it is possible to cipher traffic at this physical level in a secure way. In addition, no overhead is introduced during encryption, getting minimum latency and maximum throughput.

Formatted Encryption Beyond Regular Languages

Abstract: Format-preserving and format-transforming encryption (FPE and FTE, respectively) are relatively new cryptographic primitives, yet are already being used in a broad range of real-world applications. The most flexible existing FPE and FTE implementations use regular expressions to specify plaintext and/or ciphertext formats. These constructions rely on the ability to efficiently map strings accepted by a regular expression to integers and back, called ranking and unranking, respectively. In this paper, we provide new algorithms that allow encryption with formats specified by context-free grammars (CFGs). Our work allows for CFGs as they appear in practice, partly a pure grammar for describing syntax, and partly a set of lexical rules for handling tokens. We describe a new relaxed ranking method, structural ranking, that naturally accommodates practical CFGs, thereby empowering new FPE and FTE designs. We provide a new code library for implementing structural ranking, and a tool that turns a simple YACC/LEX-style grammar specification into ranking code. Our experimental analysis of the code shows that the new \CFG ranking algorithm is efficient in interesting settings, even when the grammars are ambiguous. For example, we show that one can efficiently rank C programs of size thousands of kilobytes in milliseconds.

Format-Preserving Encryption Algorithms Using Families of Tweakable Blockciphers

Abstract: We present two new algorithms, FEA-1 and FEA-2, for secure and efficient format-preserving encryption. Each algorithm is built from a family of dedicated tweakable blockciphers supporting various block bit-lengths. The tweakable blockciphers in the same family have similar structures and are based on common building blocks, enabling security analyses in the same frameworks. Their security follows largely from the structures, the round functions, and the tweak schedules. Their structures are new tweakable Feistel schemes, which are shown to be indistinguishable from tweakable random permutations against adaptive chosen tweak, plaintext, and ciphertext attacks. Their building blocks are shown to have cryptographically strong properties. The proposed algorithms outperform existing ones. They are several times faster than FF1-AES on test platforms.

Building blockcipher from small-block tweakable blockcipher

Abstract: How to build a secure blockcipher is one of the central problems in symmetric cryptography. While the popular approach, initiated by the seminal paper of Luby and Rackoff, is based on a pseudorandom function, Minematsu (in: Dunkelman (ed.) FSE, 2009) and Minematsu and Iwata (in: Chen (ed.) IMA, 2011) proposed different schemes to efficiently achieve a better security. The point of these works is that they use tweakable blockcipher (TBC) as an internal module rather than pseudorandom function. This paper further extends the previous schemes and considers the case that the target blockcipher has much larger block size than that of the TBC we use. Assuming the tweak of TBC is long, we propose a scheme similar to unbalanced Feistel cipher that achieves stronger security than the previous schemes of Minematsu and Minematsu-Iwata. We also present a blockcipher-based instantiation of our scheme for the encryption over some unusual domains, such as decimal space, as a typical problem of format-preserving encryption.