Cisco Blogs

Cisco Blog > Security

Open Sourcing FNR an Experimental Block Cipher

Traditional block ciphers work on fixed blocks of data—as an example, AES is well-defined for 128/192/256 bits. But one of the issues is the need for padding—so if you need to encrypt small amounts of data you may end with a huge difference in input vs. output size. As an example, using AES/128 on ECB mode to encrypt an IPv4 address results in an input size of 32 bits, but an output size of 128 bits. This may not be desired for some applications.

To address such needs, we have designed the FNR encryption scheme. FNR stands for Flexible Naor and Reingold. Our proposed encryption scheme is a practical variant of Naor and Reingold’s[1] work. We are releasing the reference implementation of the FNR encryption scheme under open source license LGPLv2.

FNR is an experimental small domain block cipher for encrypting objects (< 128 bits) like IPv4 addresses, MAC addresses, arbitrary strings, etc. while preserving their input lengths. Such length preserving encryption would be useful when encrypting sensitive fields of rigid packet formats, database columns of legacy systems, etc. in order to avoid any re-engineering efforts for privacy preservation.

Read More »

Tags: , , , ,