Paper 2016/794

Message-recovery attacks on Feistel-based Format Preserving Encryption

Mihir Bellare, Viet Tung Hoang, and Stefano Tessaro

Abstract

We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For 4-bit messages, the attacks fully recover the target message using 221 examples for the FF3 NIST standard and 225 examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ACM CCS 2016
DOI
10.1145/2976749.2978390
Keywords
Format-preserving encryptionattacks
Contact author(s)
hviettung @ gmail com
History
2017-05-24: last of 2 revisions
2016-08-20: received
See all versions
Short URL
https://ia.cr/2016/794
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/794,
      author = {Mihir Bellare and Viet Tung Hoang and Stefano Tessaro},
      title = {Message-recovery attacks on Feistel-based Format Preserving Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/794},
      year = {2016},
      doi = {10.1145/2976749.2978390},
      url = {https://eprint.iacr.org/2016/794}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.