### Modifying an Enciphering Scheme after Deployment

Paul Grubbs, Thomas Ristenpart, and Yuval Yarom

##### Abstract

Assume that a symmetric encryption scheme has been deployed and used with a secret key. We later must change the encryption scheme in a way that preserves the ability to decrypt (a subset of) previously encrypted plaintexts. Frequent real-world examples are migrating from a token-based encryption system for credit-card numbers to a format-preserving encryption (FPE) scheme, or extending the message space of an already deployed FPE. The ciphertexts may be stored in systems for which it is not easy or not efficient to retrieve them (to re-encrypt the plaintext under the new scheme). We introduce methods for functionality-preserving modifications to encryption, focusing particularly on deterministic, length-preserving ciphers such as those used to perform format-preserving encryption. We provide a new technique, that we refer to as the Zig-Zag construction, that allows one to combine two ciphers using different domains in a way that results in a secure cipher on one domain. We explore its use in the two settings above, replacing token-based systems and extending message spaces. We develop appropriate security goals and prove security relative to them assuming the underlying ciphers are themselves secure as strong pseudorandom permutations.

Note: Full version

Available format(s)
Publication info
A major revision of an IACR publication in EUROCRYPT 2017
Keywords
format-preserving encryptionsymmetric-key cryptography
Contact author(s)
pag225 @ cornell edu
History
2017-07-05: revised
See all versions
Short URL
https://ia.cr/2017/137

CC BY

BibTeX

@misc{cryptoeprint:2017/137,
author = {Paul Grubbs and Thomas Ristenpart and Yuval Yarom},
title = {Modifying an Enciphering Scheme after Deployment},
howpublished = {Cryptology ePrint Archive, Paper 2017/137},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/137}},
url = {https://eprint.iacr.org/2017/137}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.