Paper 2009/251

Format-Preserving Encryption

Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers


Format-preserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of identical format—for example, encrypting a valid credit-card number into a valid creditcard number. The problem has been known for some time, but it has lacked a fully general and rigorous treatment.We provide one, starting off by formally defining FPE and security goals for it.We investigate the natural approach for achieving FPE on complex domains, the “rank-then-encipher” approach, and explore what it can and cannot do. We describe two flavors of unbalanced Feistel networks that can be used for achieving FPE, and we prove new security results for each. We revisit the cycle-walking approach for enciphering on a non-sparse subset of an encipherable domain, showing that the timing information that may be divulged by cycle walking is not a damaging thing to leak.

Note: Fixed typos, some text that got erroneously included in previous version, and inconsistencies between sections.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Selected Areas in Cryptography 2009
credt-card encryptionformat-preserving encryption
Contact author(s)
tristenp @ cs ucsd edu
2009-12-31: last of 6 revisions
2009-06-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Thomas Ristenpart and Phillip Rogaway and Till Stegers},
      title = {Format-Preserving Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2009/251},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.