aboutsummaryrefslogtreecommitdiffstats
path: root/doc/fpe.txt
blob: 243be87d927e83e06b734acb9ee82b10641b14f3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

Format Preserving Encryption
========================================

Format preserving encryption (FPE) refers to a set of techniques for
encrypting data such that the ciphertext has the same format as the
plaintext. For instance, you can use FPE to encrypt credit card
numbers with valid checksums such that the ciphertext is also an
credit card number with a valid checksum, or similiarly for bank
account numbers, US Social Security numbers, or even more general
mappings like English words onto other English words.

The scheme currently implemented in botan is called FE1, and described
in the paper `Format Preserving Encryption
<http://eprint.iacr.org/2009/251>`_ by Mihir Bellare, Thomas
Ristenpart, Phillip Rogaway, and Till Stegers. FPE is an area of
ongoing standardization and it is likely that other schemes will be
included in the future.

To use FE1, use these functions, from ``fpe_fe1.h``:

.. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \
   const SymmetricKey& key, const MemoryRegion<byte>& tweak)

   Encrypts the value *X* modulo the value *n* using the *key* and
   *tweak* specified. Returns an integer less than *n*. The *tweak* is
   a value that does not need to be secret that parameterizes the
   encryption function. For instance, if you were encrypting a
   database column with a single key, you could use a per-row-unique
   integer index value as the tweak.

   To encrypt an arbitrary value using FE1, you need to use a ranking
   method. Basically, the idea is to assign an integer to every value
   you might encrypt. For instance, a 16 digit credit card number
   consists of a 15 digit code plus a 1 digit checksum. So to encrypt
   a credit card number, you first remove the checksum, encrypt the 15
   digit value modulo 10\ :sup:`15`, and then calculate what the
   checksum is for the new (ciphertext) number.

.. cpp:function:: BigInt FPE::fe1_decrypt(const BigInt& n, const BigInt& X, \
   const SymmetricKey& key, const MemoryRegion<byte>& tweak)

   Decrypts an FE1 ciphertext produced by :cpp:func:`fe1_encrypt`; the
   *n*, *key* and *tweak* should be the same as that provided to the
   encryption function. Returns the plaintext.

   Note that there is not any implicit authentication or checking of
   data, so if you provide an incorrect key or tweak the result is
   simply a random integer.

This example encrypts a credit card number with a valid
`Luhn checksum <http://en.wikipedia.org/wiki/Luhn_algorithm>`_ to
another number with the same format, including a correct checksum.

.. literalinclude:: examples/fpe.cpp