# Targeted Ciphers for Format-Preserving Encryption

## Abstract

We introduce Targeted Ciphers, which typically encipher points on domain \(\mathcal {X}\), but can be easily modified to instead encipher points on some subset \(\mathcal{S}\subseteq \mathcal {X}\). Ciphers that can directly support this domain targeting are useful in Format-Preserving Encryption, where one wishes to encipher points on a potentially complex domain \(\mathcal{S}\). We propose two targeted ciphers and analyze their security. The first, Targeted Swap-or-Not, is a modification of the Swap-or-Not cipher proposed by Hoang, Morris, and Rogaway (CRYPTO 2012). The second, a new cipher we call Mix-Swap-Unmix, achieves the stronger notion of full security. Our targeted ciphers perform domain targeting more efficiently than the recently proposed Cycle Slicer algorithm of Miracle and Yilek (ASIACRYPT 2017).

## Keywords

Format-preserving encryption Small-domain block ciphers Markov chains Matchings## Notes

### Acknowledgements

We thank the SAC 2018 anonymous reviewers for their detailed and helpful comments.

## Supplementary material

## References

- 1.Bellare, M., Hoang, V.T.: Identity-based format-preserving encryption. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1515–1532. ACM Press, October/November 2017Google Scholar
- 2.Bellare, M., Hoang, V.T., Tessaro, S.: Message-recovery attacks on Feistel-based format preserving encryption. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 444–455. ACM Press, October 2016Google Scholar
- 3.Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_19CrossRefGoogle Scholar
- 4.Bellare, M., Rogaway, P., Spies, T.: The FFX mode of operation for format-preserving encryption, February 2010. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffx-spec.pdf
- 5.Bernstein, M.: The mixing time for a random walk on the symmetric group generated by random involutions. In: Proceedings of the 28th International Conference on Formal Power Series and Algebraic Combinatorics (FPSAC) (2016)Google Scholar
- 6.Black, J., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 114–130. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45760-7_9CrossRefGoogle Scholar
- 7.Brier, E., Peyrin, T., Stern, J.: BPS: a format-preserving encryption proposal. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/bps/bps-spec.pdf
- 8.Brightwell, M., Smith, H.: Using datatype-preserving encryption to enhance data warehouse security. In: National Information Systems Security Conference (NISSC) (1997)Google Scholar
- 9.Czumaj, A., Kutylowski, M.: Delayed path coupling and generating random permutations. Random Struct. Algorithms
**17**, 238–259 (2000)MathSciNetCrossRefGoogle Scholar - 10.Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the chi-squared method. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 497–523. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_17CrossRefGoogle Scholar
- 11.Durak, F.B., Vaudenay, S.: Breaking the FF3 format-preserving encryption standard over small domains. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 679–707. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_23CrossRefGoogle Scholar
- 12.Dworkin, M.: Recommendation for block cipher modes of operation: methods for format preserving-encryption. NIST Special Publication 800–38G (2016). http://dx.doi.org/10.6028/NIST.SP.800-38G
- 13.Granboulan, L., Pornin, T.: Perfect block ciphers with small blocks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 452–465. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74619-5_28CrossRefGoogle Scholar
- 14.Grubbs, P., Ristenpart, T., Yarom, Y.: Modifying an enciphering scheme after deployment. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 499–527. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_17CrossRefGoogle Scholar
- 15.Hoang, V.T., Morris, B., Rogaway, P.: An enciphering scheme based on a card shuffle. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 1–13. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_1CrossRefGoogle Scholar
- 16.Luchaup, D., Dyer, K.P., Jha, S., Ristenpart, T., Shrimpton, T.: LibFTE: a toolkit for constructing practical, format-abiding encryption schemes. In: Proceedings of the 23rd USENIX Security Symposium, pp. 877–891 (2014)Google Scholar
- 17.Luchaup, D., Shrimpton, T., Ristenpart, T., Jha, S.: Formatted encryption beyond regular languages. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 1292–1303. ACM Press, November 2014Google Scholar
- 18.Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_8CrossRefGoogle Scholar
- 19.Miracle, S., Yilek, S.: Reverse cycle walking and its applications. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 679–700. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_25CrossRefGoogle Scholar
- 20.Miracle, S., Yilek, S.: Cycle slicer: an algorithm for building permutations on special domains. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 392–416. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_14CrossRefGoogle Scholar
- 21.Morris, B., Rogaway, P.: Sometimes-recurse shuffle - almost-random permutations in logarithmic expected time. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 311–326. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_18CrossRefzbMATHGoogle Scholar
- 22.Morris, B., Rogaway, P., Stegers, T.: How to encipher messages on a small domain. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 286–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_17CrossRefGoogle Scholar
- 23.Naor, M., Reingold, O.: Constructing pseudo-random permutations with a prescribed structure. J. Cryptol.
**15**(2), 97–102 (2002)MathSciNetCrossRefGoogle Scholar - 24.Ristenpart, T., Yilek, S.: The mix-and-cut shuffle: small-domain encryption secure against
*N*queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 392–409. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_22CrossRefGoogle Scholar - 25.Spies, T.: Format-preserving encryption. Unpublished whitepaper (2008). https://www.voltage.com/wp-content/uploads/Voltage-Security-WhitePaper-Format-Preserving-Encryption.pdf