What is Format-Preserving Encryption?
Format-Preserving Encryption in Google Cloud
- Using one of four values that represent the most common character sets/alphabets
- Using a radix value specifying the size of the alphabet. Specifying 2 gives an alphabet consisting of the numbers 0 and 1, while specifying 95 gives an alphabet with all numeric, upper-case alpha, lower-case alpha, and symbol characters
- By building an alphabet containing the exact characters to be used
Format preserving encryption is extremely important for users who wish to keep the ciphertext after encryption as the same length as the plaintext. Of the several different FPE-FFX methods used on Google Cloud, FF1 is the best practice method to use, due to the extra rounds of the Feistel function it goes through.Structured data requires a surrogate annotation be prepended on the ciphertext to allow for re-identification of data. Google Cloud has a strong implementation of FPE in place for customer use. For those in need of same length plaintext and ciphertext, Google Cloud’s FPE-FFX is their best choice.
Riley Dickens is an Intern at Encryption Consulting, working with PKIs, creating Google Cloud applications, and working as a consultant with high-profile clients. He recently graduated from the University of Central Florida in Orlando Florida.