Gary Schneir
June 13, 2022
Authentication Cryptography Data Security Encryption Privacy

What is format-preserving encryption (FPE) and its benefits?

Encryption is designed to encode readable data into an unreadable format, generally referred to as ciphertext that is indistinguishable from a random string of bits.

While useful for protecting the privacy of data, the process often changes the format and/or length of the original data, which can be problematic for systems expecting a certain format. For example, let’s imagine a database column that stores last names with a maximum length constraint of 50 characters. If we were to implement a popular symmetric encryption algorithm (e.g., AES-256-GCM) to encrypt last names, the resulting ciphertext will undoubtedly exceed the maximum length allowed by the database. And this, put bluntly, will break things.

So how do you encrypt data without restructuring or breaking your database? A popular option is Format preserving encryption (FPE).

What is FPE?

Format-preserving encryption (FPE) is the process of encrypting data in such a way that the output (ciphertext) remains in the same format as the input (plaintext). The meaning of “format” varies. Typically only finite sets of characters are used; numeric, alphabetic or alphanumeric”. For example:

  • A 9-digit social security number is encrypted into a 9-digit ciphertext string
  • A 16-digit credit card number is encrypted into a 16-digit ciphertext string
  • A 10-digit phone number is encrypted into a 10-digit ciphertext string

This is especially critical for organizations who are running legacy systems, whose code bases and data models cannot be changed or are too burdensome and risky to update. Imagine a database that stores sensitive healthcare data that was deployed nearly 20 years ago and remains in production. Most organizations have little appetite for the risks involved with restructuring a key production system like this.

The National Institute of Standards and Technology (NIST) has recommended two methods (named FF1 and FF3-1) for implementing format-preserving encryption. Both FF1 and FF3-1 are designed to take a 128-bit block cipher (such as AES) and process its input and output to ensure that the data is stored in the desired format, while still being decryptable to the original value. However, achieving an effective data protection strategy isn’t as simple as downloading a popular encryption algorithm and working through basic implementation. FPE algorithms must be carefully implemented to ensure the confidentiality, integrity, and availability of the encrypted data, while preserving critical format requirements, as to not cause any business disruptions.

Encrypt Sensitive Data Without Restructuring Your Database

Data encryption is becoming increasingly important, driven predominantly by regulation and compliance frameworks such as HIPAA, PCI DSS, and GDPR to name a few, and the increased number of data breaches that are impacting large and small organizations alike. Data encryption is one of the most effective ways to protect against them and drive down the associated costs of an incident.

Ideally, an organization would encrypt sensitive data whenever possible, only decrypting when access to the plaintext data is necessary. However, legacy applications and systems may expect data to be in a certain format and be incapable of processing or storing other types of data (such as seemingly random ciphertext) without significant modifications.

FPE makes it possible to deploy widespread encryption without breaking legacy systems. Applications that do not require access to sensitive data are given FPE ciphertexts. When access to data is required by an application, a small decryption function can be inserted into the workflow to provide access to the plaintext.

Example FPE Use Cases

FPE can be applied to a wide range of use cases. A couple of examples include:

  • Payment Card Verification: In the retail and e-commerce sector, payment card data must be collected and stored to make payments. Additionally, employees may need to see and verify the last four digits of a customer’s payment card information. FPE makes it easier to expose only the required information to employees while leaving the other twelve digits protected.
  • Legacy Databases: A telecommunications system may have a multitude of legacy systems that require the use of encrypted data for security. However, it might not be an option for the organization to restructure its databases to store encrypted data. With FPE, the structure of the databases can remain unchanged.

While these are only two potential use cases for FPE, any opportunities to encrypt sensitive data in a constrained storage environment can be a great candidate for FPE. Besides the obvious security benefit of encrypting previously plaintext data, FPE requires far less effort and resources to implement as compared other solutions, because it does not require modifications to the storage layer. If an encrypted credit card number still looks like a credit card number, it doesn’t matter to the database that it requires decryption before becoming usable.

Painlessly Deploying FPE with Ubiq

We empower engineering, security, and compliance teams around the world to reduce their breach risk, free up precious resources, and build compliant and secure-by-design applications, by building native, client-side encryption and key management into any application in minutes. As part of our Enterprise service tier, we enable organizations to easily and safely deploy FPE to meet regulatory compliance requirements and internal security goals, without significant application or any database modifications.

We’re very committed to improving the state of cryptography and data security by sharing knowledge and helping to correct common misconceptions about how cryptography works and how to use it properly. To keep up with this series and our other research and cryptography content, make sure to subscribe to our blog in the page footer below.

Get radically effective data-level protection. Get Ubiq.