Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Format-Preserving Encryption

1 min read
Pronunciation
[fawr-mat pri-zur-ving en-krip-shuhn]
Analogy
Imagine you need to secretly replace a 9-digit social security number on an old paper form with another 9-digit number that looks like a social security number but is actually encrypted. Format-Preserving Encryption does this digitally: it encrypts your SSN into a ciphertext that is still a 9-digit number, so it fits perfectly into the existing database field without requiring system changes.
Definition
A type of encryption where the encrypted output (ciphertext) has the same format and length as the original input (plaintext). This is useful for encrypting data in legacy systems or databases where changing the data format is difficult or impossible.
Key Points Intro
FPE allows encryption of structured data without altering its original format.
Key Points

Ciphertext has the same format as the plaintext (e.g., same length, character set).

Useful for encrypting data in existing databases or applications with fixed field formats (e.g., credit card numbers, social security numbers).

Avoids the need to modify database schemas or application logic to accommodate different ciphertext formats.

NIST has standardized FPE modes like FF1 and FF3 (though FF3 had weaknesses and FF1 is preferred).

Example
A database storing 16-digit credit card numbers might use FPE to encrypt them. The encrypted values will also be 16-digit numbers, allowing them to be stored in the same database column and processed by legacy applications that expect that format, while the actual card numbers remain protected.
Technical Deep Dive
FPE schemes are typically built using block ciphers (like AES) in special modes of operation. These modes often involve Feistel networks or other constructions that can operate on arbitrary finite domains (not just blocks of bits). The key idea is to map the input domain (e.g., all 16-digit numbers) to itself in a pseudorandom, key-dependent way. The NIST SP 800-38G standard specifies approved FPE modes.
Security Warning
While FPE preserves format, it may be weaker than traditional encryption if the input space is very small, as this could make brute-force attacks on the ciphertext feasible (even if the key is unknown). The security of FPE depends on the underlying block cipher and the size of the domain being encrypted. It's crucial to use standardized and well-vetted FPE algorithms.
Related Terms
FPE
Encryption
Cryptography

Format-Preserving Encryption - Related Articles

No related articles for this term.