Secure Format-Preserving Encryption for Message Recovery Attack

Sooyong Jeong, Dowon Hong, Changho Seo

http://doi.org/10.5626/JOK.2017.44.8.860

Recently, due to the personal information security act, the encryption of personal information has attracted attention. However, if the conventional encryption scheme is used directly, the database schema must be changed because the conventional encryption scheme does not preserve the format of the data, which can yield a large cost. Therefore, the Format-Preserving Encryption(FPE) has emerged as an important technique that ensures the confidentiality of the data and maintains the database schema naturally. Accordingly, National Institute of Standards and Technology(NIST) recently published the FF1 and FF3 as standards for FPE, although problems have been found in the security of FF1 and FF3 against message recovery attacks. In this paper, we study and analyze FF1 and FF3 as the standards of FPE, as well as the message recovery attack on these schemes. We also study a secure FPE against message recovery attack and verify the efficiency by implementing standardized FF1 and FF3.