[botan-devel] Questions of Botan Crypto Library

Jack Lloyd lloyd at randombit.net
Thu Apr 26 07:46:17 EDT 2012

On Thu, Apr 26, 2012 at 10:24:17AM +0000, Sharada Acharya wrote:

> 1)      Does this FPE implementation support string data or is the support limited to numeric data only ?
> If it doesn't provide the support for string data, is it possible to write an application on top of this library which will add support for the same ?

> 2)      In the standard FPE specifications, it is mentioned that the length of the input text and the cipher text is same, i.e. length is preserved.
> On the contrary, I found that Botan FPE gives a cipher text which is of different length than the input text. Is this behavior expected ?

The FPE scheme currently in botan is based around what is called
rank-then-encipher. First, each possible input (whatever it might be)
is ranked - assigned an integer value 0, 1, 2, ... n. Then, encryption
of a particular input P is done modulo n using FPE. Then, the output
of the encryption process, C, is de-ranked, converting that integer
back to the original input set.

So you see that length preservation is not a requirement for FPE. For
instance one might use FPE to encrypt dictionary words. Each
ciphertext would be a dictionary word, preserving the format, but the
encryption would not be length preserving. In other cases, such as tax
ID numbers, the length is intrinsic to the format and thus the length
is preserved as a side effect of preserving the format.

As I hinted with the dictionary example, yes, the FPE scheme supports
string data, but it requires you to be able to order and number the
possible inputs. Since this depends on what the application inputs
are, it is difficult to support directly in the library.

> 3)      In the sample program of FPE (doc/examples/fpe.cpp), it seems that the length of cipher text depends on the parameter 'n' (first argument to fe1_encrypt). Length of the ciphertext always comes out to be equal the length of 'n', irrespective of the length of the input text. As per the documentation, it encrypts X modulo n, where X is input number. I tried running the program by changing the values of 'n'. When n=1, the program crashes. The length of the output is also not consistent when the value of n = 3.  Can the value of 'n' be used as the configuration parameter for length of ciphertext ?

Yes, n is configurable. The example n value is set for a 15 digit
input which is consistent with a typical credit card number (without
the final checksum digit, which is removed by the rank operation).

The FE1 FPE scheme requires that n be factored into two numbers,
ideally of about the same size. That is impossible if n is prime. I
would add that for n=1, you're saying you are encrypting a single
possible input onto a single possible output...


More information about the botan-devel mailing list