ABSTRACT
Introduction When an application encrypts data using a standard block cipher (e.g., TDES, IDEA, or AES),* or all but the special class of algorithms know as format preserving encryption (FPE), the process changes the format to that of a binary string, usually of ‚xed length. If a datum were a social security account number (SSAN), e.g., with a format that is NNN-NN-NNNN, an AES 128-bit electronic codebook mode (ECB) encryption might look (in hexadecimal) like 3E07D4719AF32558BC02411F931E51846. If a preexisting database had a template for the SSAN (3 digits, a hyphen, 2 digits, a hyphen, 4 digits) taking up 12 bytes of storage, then the encrypted value (32-hexadecimal digits or 16 ASCII characters) would be wrong in length and type. Œis poses a challenge for legacy systems where a complete redesign of data structures is not a business’ ‚rst choice. In some applications, the data must pass through intervening service providers who have standardized on a message format that does not allow changes. In both of these cases, to protect the data through encryption requires a mechanism that does not violate the format requirements. FPE becomes the obvious choice. However, not all encryption techniques that preserve formatting are equally secure.
