Various embodiments of this disclosure relate to encryption and, more particularly, to format-preserving encryption of data fields.
Encryption is a method to encode data such that only authorized parties can view it. With symmetric encryption, a single key value both encrypts and decrypts the data. The symmetric encryption algorithms used in Advanced Encryption Standard (AES) and Triple Data Encryption Standard (TDES), among others, use a key and with an optional initialization vector (IV) to scramble the data, producing ciphertext in which all bytes appear to be random numeric values from 0-255. The IV is a value incorporated into the encryption, where variation of this value ensures that the resulting ciphertext will vary even when inputting the same plaintext to be encrypted.
These algorithms work on blocks of data having eight or sixteen bytes per block. Thus, when a string is encrypted, the resulting ciphertext becomes binary, and its length grows to a multiple of the block size. While this makes for high security, it can be a problem for information technology systems that need to hold or channel data without actually processing it. Take for example a database in which one of the columns is a plaintext social security number (SSN). Updating the database to now have the SSN encrypted would require a schema change to change the SSN field from text to binary and to increase the size of the field from nine to sixteen bytes, resulting in increased storage usage.
Format-preserving encryption (FPE) exists to address the above issue. FPE encrypts data in place without changing the size or character set of the data being encrypted. In other words, the resulting ciphertext has the same size and character set as the original plaintext data.
There are several accepted FPE methods, including FFX[Radix], VAES3, BPS-BC, and Visa FPE (VFPE). The first three of these accomplish FPE by performing multiple rounds of encryption on the data. While this works, it requires considerable overhead. As a percentage of the entire operation, that overhead can be quite large for small data fields such as social security numbers, credit card numbers, and other sensitive personal data. The last of these methods, VFPE, was designed for performance. It differs from the others in that it is a stream cipher, as opposed to a block cipher, and therefore avoids the need for multiple rounds of encryption. However, VFPE has a drawback in that it is not secure if the key/IV combination is ever reused for multiple plaintext streams.