Paper 2009/251
Format-Preserving Encryption
Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers
Abstract
Format-preserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of identical format—for example, encrypting a valid credit-card number into a valid creditcard number. The problem has been known for some time, but it has lacked a fully general and rigorous treatment.We provide one, starting off by formally defining FPE and security goals for it.We investigate the natural approach for achieving FPE on complex domains, the “rank-then-encipher” approach, and explore what it can and cannot do. We describe two flavors of unbalanced Feistel networks that can be used for achieving FPE, and we prove new security results for each. We revisit the cycle-walking approach for enciphering on a non-sparse subset of an encipherable domain, showing that the timing information that may be divulged by cycle walking is not a damaging thing to leak.
Note: Fixed typos, some text that got erroneously included in previous version, and inconsistencies between sections.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Selected Areas in Cryptography 2009
- Keywords
- credt-card encryptionformat-preserving encryption
- Contact author(s)
- tristenp @ cs ucsd edu
- History
- 2009-12-31: last of 6 revisions
- 2009-06-01: received
- See all versions
- Short URL
- https://ia.cr/2009/251
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/251, author = {Mihir Bellare and Thomas Ristenpart and Phillip Rogaway and Till Stegers}, title = {Format-Preserving Encryption}, howpublished = {Cryptology {ePrint} Archive, Paper 2009/251}, year = {2009}, url = {https://eprint.iacr.org/2009/251} }