Cisco has released a new experimental block cipher dubbed FNR or Flexible Naor and Reingold, which it claims is suitable for data with less than 128 bits or where preservation of input length is a must.
Sashank Dara, software engineer at Cisco, explains that traditional block ciphers including AES work well with data of sizes greater than 128, 192 or 256 bits, but in cases wherein data transmission involves small chunks of data like IP addresses and MAC addresses and AES is used, the small blocks of data get bloated because of the padding requirement.
In case of less data transmission – for example in case of an encrypted chat between two messenger contacts – this isn’t a great deal of a problem because the amount of data won’t be that high. However, in case of cloud application service providers, data used for analytics may involve large number of smaller chunks of data – possibly from hundreds of thousands of users.
This is where FNR comes in handy as it proposes “invertible matrices to provide a neat and generic way to achieve pair-wise independence for any arbitrary length”.
FNR also ensures that application developers won’t need to change the field formats to support encryption of data used by the application. Further, FNR also opens up the window of encryption of legacy databases where length preservation is one of the requirements or where application developers want least amount of re-engineering.
“FNR is an experimental small domain block cipher for encrypting objects (< 128 bits) like IPv4 addresses, MAC addresses, arbitrary strings, etc. while preserving their input lengths”, explains Dara.
“Such length preserving encryption would be useful when encrypting sensitive fields of rigid packet formats, database columns of legacy systems, etc. in order to avoid any re-engineering efforts for privacy preservation.”
Cisco has offered the code at github under the LPGLv2 and has also provided an application demoing IPV4 address encryption.
