Three Third Generation Attacks on the Format Preserving Encryption Scheme FF3

Ohad Amon, Orr Dunkelman, Nathan Keller, Eyal Ronen, Adi Shamir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Format-Preserving Encryption (FPE) schemes accept plaintexts from any finite set of values (such as social security numbers or birth dates) and produce ciphertexts that belong to the same set. They are extremely useful in practice since they make it possible to encrypt existing databases or communication packets without changing their format. Due to industry demand, NIST had standardized in 2016 two such encryption schemes called FF1 and FF3. They immediately attracted considerable cryptanalytic attention with decreasing attack complexities. The best currently known attack on the Feistel construction FF3 has data and memory complexity of O(N11 / 6) and time complexity of O(N17 / 6), where the input belongs to a domain of size N× N. In this paper, we present and experimentally verify three improved attacks on FF3. Our best attack achieves the tradeoff curve D= M= O~ (N2-t), T= O~ (N2+t) for all t≤ 0.5. In particular, we can reduce the data and memory complexities to the more practical O~ (N1.5), and at the same time, reduce the time complexity to O~ (N2.5). We also identify another attack vector against FPE schemes, the related-domain attack. We show how one can mount powerful attacks when the adversary is given access to the encryption under the same key in different domains, and show how to apply it to efficiently distinguish FF3 and FF3-1 instances.

Original languageEnglish
Title of host publicationAdvances in Cryptology – EUROCRYPT 2021 - 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsAnne Canteaut, François-Xavier Standaert
PublisherSpringer Science and Business Media Deutschland GmbH
Pages127-154
Number of pages28
ISBN (Print)9783030778859
DOIs
StatePublished - 2021
Event40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021 - Zagreb, Croatia
Duration: 17 Oct 202121 Oct 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12697 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2021
Country/TerritoryCroatia
CityZagreb
Period17/10/2121/10/21

Bibliographical note

Funding Information:
We also identify another attack vector against FPE schemes, the related-domain attack. We show how one can mount powerful attacks O. Amon—is supported in part by Len Blavatnik and the Blavatnik Family foundation and by the Blavatnik ICRC. O. Dunkelman—was supported in part by the Center for Cyber, Law, and Policy in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office and by the Israeli Science Foundation through grants No. 880/18 and 3380/19. N. Keller—was supported by the European Research Council under the ERC starting grant agreement n. 757731 (LightCrypt) and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. E. Ronen—is a member of CPIIS.

Publisher Copyright:
© 2021, International Association for Cryptologic Research.

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)

Fingerprint

Dive into the research topics of 'Three Third Generation Attacks on the Format Preserving Encryption Scheme FF3'. Together they form a unique fingerprint.

Cite this