Abstract
Format-preserving encryption (FPE), a kind of symmetric encryption, has caught a great deal of attention of late years. FPE, as the name suggests, does not change the format of inputs which may include the length of inputs, coding of characters or data size of inputs. It is very useful to encrypt or generate some data with fixed format such as credit card numbers (CCN), social security numbers (SSN) or even address. With this encryption, we can add encryption to existing applications without changing structures including input-output format or decreasing those performance. In this work we develop and discuss block cipher modes of operation for FPE which are applicable for messages consisting of multibyte characters and their securities. This paper also gives a way to implement these modes for the format consisting of characters encoded by EUC or UTF-8 and its performance. Formats consisting of multibyte characters – we call those “heterogeneous formats” – are very important in many countries including Japan where “Kanji” or other multibyte characters are used. In addition, this paper gives an efficient way to encrypt messages of such formats and modes of operations to realize a high performance encryption algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We assume that the maximum entropy described in Sect. 2.1 of characters in plaintexts is smaller than s.
- 2.
The entropy of the last block may be a little bigger than 2s with a little possibility.
References
Agbeyibor, R., Butts, J., Grimaila, M., Mills, R.: Evaluation of format-preserving encryption algorithms for critical infrastructure protection. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 245–261. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_16
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of The 38th Annual Symposium on Foundations of Computer Science (FOCS 1997), pp. 394–405. IEEE (1997)
Black, J., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45760-7_9
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_19
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: The FFX mode of operation for Format-preserving encryption. NIST submission (2010)
Brier, E., Peyrin, T., Stern, J.: BPS: a format-preserving encryption proposal. NIST submission (2010)
Brightwell, M., Smith, H.: Using datatype-preserving encryption to enhance data warehouse security. In: Proceedings of the Twentieth National Information Systems Security Conference (1997)
Morris, B., Rogaway, P., Stegers, T.: How to encipher messages on a small domain. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 286–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_17
Ma, H.Y., Liu, Z.L., Jia, C.F., Yuan, K.: Generalized format-preserving encryption for character data. Science paper Online (2013)
NIST Special Publication 800–38G: Recommendation for Block Cipher Modes of Operation - Methods for Format-Preserving Encryption, March 2016
Rogaway, P.: A Synopsis of Format-Preserving Encryption (2010)
Spies, T.: Format Preserving Encryption. Voltage Security, Cupertino, California (2008)
Spies, T.: Feistel Finite Set Encryption Mode. National Institute of Standards and Technology, Gaithersburg (2008)
Vance, J.: VAES3 Scheme for FFX: An Addendum to the FFX Mode of Operation for Format Preserving Encryption. National Institute of Standards and Technology, Gaithersburg (2011)
Vance, J., Bellare, M.: An extension of the FF2 FPE Scheme. Submission to NIST, July 2014
Weiss, M., Rozenberg, B., Barham, M.: Practical solutions for format-preserving encryption. arXiv:1506.04113
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Example of Encryption
Here, we give an example of an encryption data with EUC coding. Parameter settings are just as mentioned in Sect. 5 and the mode is 2. The key K, initial vector \(\mathrm {IV}\), tweak T, plaintext and ciphertext are as follows;
Note that we didn’t use the permutation option for this encryption.
B Implementation for UTF-8
We give a way to construct an FPE algorithm for UTF-8 encoding. As mentioned in Sect. 5, all we have to do is to define rank functions and chara functions for UTF-8. Other algorithms do not depend on the character codes once we define such functions. Here we give an example of such constructions.
We use only 1-byte characters, 2-byte characters and 3-byte characters for simplification. Accordingly, we define three sets \(C_{\mathrm {utf8}, 1}\), \(C_{\mathrm {utf8}, 2}\), \(C_{\mathrm {utf8}, 3}\) consisting of 1-byte, 2-byte and 3-byte characters, respectively, the sizes of which are 95, 127 and 27880.
1-Byte. Rank and chara functions for \(C_{\mathrm {utf8}, 1}\) are constructed in the exactly similar way as those for EUC-JP.
2-Byte. To avoid the use of platform dependent characters, we use only characters appeared in 2-byte characters in EUC-JP. Then we can give a table for defining the rank and chara functions for \(C_{\mathrm {utf8}, 2}\). The algorithm for these functions is the same as shown in Algorithms 4 and 5. An example of table is given in Table 3
3-Byte. It is a little more complicated to define a table for 3-byte characters. We define two subsets \(C_{\mathrm {utf8}, 3.1}\), \(C_{\mathrm {utf8}, 3.2}\) of \(C_{\mathrm {utf8}, 3}\) which are a set containing no “Kanji” and set containing only “Kanji”. For simplification, we use only characters appeared in 2-byte characters in EUC-JP for \(C_{\mathrm {utf8}, 3.1}\). The table for this set is given in Table 5. We also use only CJK “Kanji” and CJK “Kanji” A appeared in Unicode 1.1 for simplification. The table for this set is showed in Table 4. The rank and chara functions are easily constructed from these tables.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Shimizu, T., Shimoyama, T. (2017). Block Cipher Modes of Operation for Heterogeneous Format Preserving Encryption. In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-72359-4_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72358-7
Online ISBN: 978-3-319-72359-4
eBook Packages: Computer ScienceComputer Science (R0)