A Generalized Format Preserving Encryption Framework Using MDS Matrices

The construction SPF, presented in Inscrypt-2016, was the first known substitution permutation network (SPN)–based format preserving encryption (FPE) algorithm. In this work, we present a new family of SPN-based FPE algorithms “eSPF” that significantly improves the performance and flexibility of SPF. The eSPF uses a MDS matrix instead of the binary matrix used in SPF. The optimal diffusion of MDS matrix leads to an efficient and secure design. However, this change leads to violations in the message format. To mitigate this, we propose a discarding algorithm to drop the symbols that are not the elements of the format thus preserving it. In this work, we propose the general framework of eSPF and then show how our construction can be adapted under different use cases. We provide detailed analysis of eSPF for four popular concrete instantiations—digits , alphabets, case-insensitive alphanumeric, and case-sensitive alphanumeric. We provide security and performance analysis for all these use cases. We also compare our construction with existing FPE algorithms like FFX and SPF and show that the proposed design is approx ten times faster than FFX for most of the practical applications.