Paper 2016/794

Message-recovery attacks on Feistel-based Format Preserving Encryption

Mihir Bellare, Viet Tung Hoang, and Stefano Tessaro

Abstract

We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ACM CCS 2016
DOI
10.1145/2976749.2978390
Keywords
Format-preserving encryptionattacks
Contact author(s)
hviettung @ gmail com
History
2017-05-24: last of 2 revisions
2016-08-20: received
See all versions
Short URL
https://ia.cr/2016/794
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/794,
      author = {Mihir Bellare and Viet Tung Hoang and Stefano Tessaro},
      title = {Message-recovery attacks on Feistel-based Format Preserving Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/794},
      year = {2016},
      doi = {10.1145/2976749.2978390},
      note = {\url{https://eprint.iacr.org/2016/794}},
      url = {https://eprint.iacr.org/2016/794}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.