FAST: Secure and High Performance Format-Preserving Encryption and Tokenization

We propose a new construction for format-preserving encryption. Our design provides the flexibility for use in format-preserving encryption (FPE) and for static table-driven tokenization. Our algorithm is a substitution-permutation network based on random Sboxes. Using pseudorandom generators and pseudorandom functions, we prove a strong adaptive security based on the super-pseudorandom permutation assumption of our core design. We obtain empirical parameters to reach this assumption. We suggest parameters for quantum security. Our design accommodates very small domains, with a radix a from 4 to the Unicode alphabet size and a block length l starting 2. The number of Sbox evaluations per encryption is asymptotically l 3 2 , which is also the number of bytes we need to generate using AES in CTR mode for each tweak setup. For instance, we tokenize 10 decimal digits using 29 (parallel) AES computations to be done only once, when the tweak changes.

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Donghoon Chang,et al.  SPF: A New Family of Efficient Format-Preserving Encryption Algorithms , 2016, Inscrypt.

[3]  Jérémie O. Lumbroso Optimal Discrete Uniform Generation from Coin Flips, and Applications , 2013, ArXiv.

[4]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[5]  Serge Vaudenay,et al.  Generic Round-Function-Recovery Attacks for Feistel Networks over Small Domains , 2018, ACNS.

[6]  Ralph C. Merkle,et al.  Fast Software Encryption Functions , 1990, CRYPTO.

[7]  H. Feistel Cryptography and Computer Privacy , 1973 .

[8]  Thomas Peyrin,et al.  BPS : a Format-Preserving Encryption Proposal , 2010 .

[9]  Stefano Tessaro,et al.  The Curse of Small Domains: New Attacks on Format-Preserving Encryption , 2018, IACR Cryptol. ePrint Arch..

[10]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[11]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[12]  Éric Levieil,et al.  Pseudorandom Permutation Families over Abelian Groups , 2006, FSE.

[13]  Mihir Bellare,et al.  Message-Recovery Attacks on Feistel-Based Format Preserving Encryption , 2016, CCS.

[14]  Eli Biham,et al.  How to decrypt or even substitute DES-encrypted messages in 228 steps , 2002, Inf. Process. Lett..

[15]  Serge Vaudenay,et al.  Breaking the FF3 Format-Preserving Encryption Standard over Small Domains , 2017, CRYPTO.

[16]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[17]  Joachim Vance VAES 3 scheme for FFX An addendum to “ The FFX Mode of Operation for Format-Preserving Encryption ” , 2011 .

[18]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..

[19]  Jacques Stern,et al.  Linear Cryptanalysis of Non Binary Ciphers , 2007, Selected Areas in Cryptography.

[20]  Phillip Rogaway,et al.  A Synopsis of Format-Preserving Encryption , 2010 .

[21]  Thomas Baignères,et al.  Dial C for Cipher , 2006, Selected Areas in Cryptography.

[22]  Cuauhtemoc Mancillas-López,et al.  FAST: Disk Encryption and Beyond , 2017, IACR Cryptol. ePrint Arch..

[23]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[24]  John Black,et al.  Ciphers with Arbitrary Finite Domains , 2002, CT-RSA.

[25]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption , 2016 .

[26]  Donghoon Chang,et al.  eSPF: A Family of Format-Preserving Encryption Algorithms Using MDS Matrices , 2017, SPACE.

[27]  David Miller,et al.  Attacks Only Get Better: How to Break FF3 on Large Domains , 2019, IACR Cryptol. ePrint Arch..