Format-Preserving Encryption Summer Reading
Hello again, format-preserving encryption enthusiasts and data security fans around the globe!
This week we saw an insightful article published into the merits of Format-Preserving Encryption (FPE) backed by well-vetted methods in Connect Converge, the magazine for the HPE NonStop community. Here is another good case for adopting proven security, without compromising performance.
Read the full article, “Format-Preserving Encryption – And then there was one” by Karen Martin in the Summer issue of Connect Converge.
Let’s recap recent events in the encryption world. The National Institute of Standards and Technology (NIST) originally considered three FPE modes—FF1, FF2, and FF3—as modes of operation of the Advanced Encryption Standard (AES). FF2 did not survive to publication after an attack that demonstrated the security strength of FF2 is less than 128 bits. Recently, FF3 has been broken by researchers Betül Durak (Rutgers University) and Serge Vaudenay (Ecole Polytechnique Fédérale de Lausanne). Note: these attacks are independent of NIST continued endorsement of FF1 format-preserving encryption.
For further background, see our blog post titled, “Can I Trust My Vendor’s Security Claims? Peer-reviewed vs. self-certification methods.”
Moving the discussion forward further, author Karen Martin now continues the conversation in her compelling article and states in her argument:
“The three FFX modes were very similar, but not identical. FF1 was designed to handle longer messages and longer tweaks than the other two algorithms and used a 10-round Feistel network; FF2 was designed for shorter messages and tweaks than FF1 and used a 10-round Feistel network; FF3 fixed the length of the tweak at 64-bits and only used an 8-round Feistel network, which made it slightly faster. The differences in the three modes were slight, but crucial. As of today (May 2017), only FF1 is approved by NIST.”
What do you think? When does it make sense to accept more security risk to improve performance? Or can you achieve the best of both worlds without unnecessary compromise? Read the full article and join the discussion. As always, we’re happy to join the debate with you and help answer difficult questions that separate the proven methods from the empty claims. Happy encrypting!