Paper 2016/794
Message-recovery attacks on Feistel-based Format Preserving Encryption
Mihir Bellare and Viet Tung Hoang and Stefano Tessaro
Abstract
We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For $4$-bit messages, the attacks fully recover the target message using $2^{21}$ examples for the FF3 NIST standard and $2^{25}$ examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Minor revision. ACM CCS 2016
- DOI
- http://dx.doi.org/10.1145/2976749.2978390
- Keywords
- Format-preserving encryptionattacks
- Contact author(s)
- hviettung @ gmail com
- History
- 2017-05-24: last of 2 revisions
- 2016-08-20: received
- See all versions
- Short URL
- https://ia.cr/2016/794
- License
-
CC BY