Format Preserving Encryption

Background

Our world runs on data. With the increase in digitization, more and more data is being generated, captured, and stored by different companies. Such a high volume of data warrants securing the same. There are different ways to protect the data like imposing role-based access controls, data encryption, etc. Data encryption protects digital data confidentiality as the data is transmitted between systems via the internet. There are various encryption techniques and algorithms. The intention of this article is to introduce you to the encryption technique which is not new but is relatively unknown to the developer community. Nevertheless, it is to this day even unknown to many seasoned cryptographers.

Format Preserving Encryption (FPE)

Format Preserving Encryption is as the name suggests, an encryption technique in which the format of the encrypted data is maintained. When a plaintext is encrypted with FPE, the ciphertext then has the same format as that of plaintext.
As per  NIST 800-38G Format-preserving encryption (FPE) is designed for data that is not necessarily binary. In particular, given any finite set of symbols, like the decimal numerals, a method for FPE transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format, including the length, as the original data. Thus, an FPE encrypted SSN would be a sequence of nine decimal digits.

The meaning of "format" mentioned on Wikipedia varies. Typically only finite sets of characters are used; numeric, alphabetic, or alphanumeric. For example:

• Encrypting a 9-digit social security number will produce the ciphertext as a 9-digit number only.
• Encrypting an 8 characters name/string will produce output as 8 characters cipher text preserving not only the format but also the length.

Figure 1: Credit card number encryption output with AES and FPE

As illustrated in the example: As compare to FPE other encryption algorithms like AES significantly alters not only the format but also the length of the ciphertext.  For example, a 16-digit credit card number (1234 5678 9012 3456) encrypted with AES, produces a long, unrecognizable, alphanumeric string (a6asdf5646asadfasdf21asdf312asdf56wer8). However at the same time, if the same credit card number is encrypted with FPE instead, it will give string in the exact same format and length as that of the original text (7894 1456 9537 7594).

The main benefit of using FPE as the preferred choice of encryption is, neither man nor machine can identify if the text is even encrypted as the format remains intact.

FPE works and fits very well in a scenario where the data in existing legacy systems needs to be encrypted. The main motivation behind using FPE in such legacy systems is to achieve Backwards Compatibility. Considering the format of both actual as well as encrypted data will be exactly the same, it will not attract changes in datatypes, data structure, as well as database and there, will be very minimal changes in code to implement encryption logic so the integrity of the existing system will remain intact.     

Advantages

1. With FPE, encryption is not noticed without analysis of the data as the ciphertext has the exactly same format as that of plain text.
2. By definition FPE, preserves the format of ciphertext (encrypted data) which is the same as plain text,  encryption of existing data does neither attracts changes in the database nor in domain objects.

Summary

In this article, we had a high-level overview of Format Preserving Encryption (FPE).