Cisco Open sources experimental small domain block cipher

In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits.

Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key and algorithm to a block of data at once as a group rather than to one bit at a time, so that identical blocks of text do not get encrypted the same way.

However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a small block cipher, what it calls “FNR” (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software.

Sashank Dara, software engineer at the security technology group Cisco, says in a detailed explanation that FNR is a flexible length small domain block cipher for encrypting objects that works without the need for padding, as happens in the traditional block ciphers such as AES (Advanced Encryption Standard) and DES (Data Encryption Standard).

 

“But one of the issues is the need for padding—so if you need to encrypt small amounts of data you may end with a huge difference in input vs. output size. As an example, using AES/128 on ECB mode to encrypt an IPv4 address results in an input size of 32 bits, but an output size of 128 bits. This may not be desired for some applications.” Sashank Dara said.

FEATURES OF FNR

1. Format-preserving encryption (FPE) - the length of plaintext and ciphertext remains same.
2. FNR is flexible for large input domains that are greater than 32 bits and less than 128 bits.
3. The encryption key length is not dependent on the input length and rather depends on underlying pseudo-random function (PRF).

I have taken an example from Wikipedia to explain the importance of Format-preserving encryption (FPE):

 

Suppose we want to encrypt a 16-digit credit card number 1234567812345670 using AES algorithm like ECB or CBC that will transform a credit card number into a large, fixed-length, binary value i.e. hexadecimal output value - 0x96a45cbcf9c2a9425cde9e274948cb67, which contains many bytes that are considered invalid when compared to a typical credit card number. If a credit card number is stored in a column of a database whose entries are char or varchar data, then the encrypted data cannot be stored in same column without changing the format of the column. If the encrypted data is Base64 encoded to ensure that it only contains valid characters, the size of the encrypted credit card number increases from 16 bytes to 24 bytes, changing the encrypted credit card number to lqRcvPnCqUJc3p4nSUjLZw==. In either case, applications that process the credit number may similarly be unable to handle an encrypted value without some modification.

SMALL-BLOCK ENCRYPTION SECURITY?

Small domain block ciphers are useful tool in designing privacy of sensitive data fields of smaller length, but smaller blocks leads to important security issues and building a secure small block cipher is known to be a tricky task.

According to Cisco, FNR is an experimental small domain block cipher for encrypting objects like IPv4, Port numbers, MAC Addresses, IPv6 address and any random short strings and numbers, while preserving their input length.

“Like all deterministic encryption methods, this does not provide semantic security, but determinism is needed in situations where anonymizing telemetry and log data (especially in cloud based network monitoring scenarios) is necessary,” Cisco warned.

Cisco has Open Sourced the FNR encryption scheme under open source license LGPLv2 on Github.