Paper 2009/251

Format-Preserving Encryption

Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers

Abstract

Format-preserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of identical format—for example, encrypting a valid credit-card number into a valid creditcard number. The problem has been known for some time, but it has lacked a fully general and rigorous treatment.We provide one, starting off by formally defining FPE and security goals for it.We investigate the natural approach for achieving FPE on complex domains, the “rank-then-encipher” approach, and explore what it can and cannot do. We describe two flavors of unbalanced Feistel networks that can be used for achieving FPE, and we prove new security results for each. We revisit the cycle-walking approach for enciphering on a non-sparse subset of an encipherable domain, showing that the timing information that may be divulged by cycle walking is not a damaging thing to leak.

Note: Fixed typos, some text that got erroneously included in previous version, and inconsistencies between sections.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Selected Areas in Cryptography 2009
Keywords
credt-card encryptionformat-preserving encryption
Contact author(s)
tristenp @ cs ucsd edu
History
2009-12-31: last of 6 revisions
2009-06-01: received
See all versions
Short URL
https://ia.cr/2009/251
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/251,
      author = {Mihir Bellare and Thomas Ristenpart and Phillip Rogaway and Till Stegers},
      title = {Format-Preserving Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/251},
      year = {2009},
      url = {https://eprint.iacr.org/2009/251}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.