ANSI X9.124-5 pdf free download

ANSI X9.124-5 pdf free download.Symmetric Key Cryptography For the Financial Services Industry一 Format Preserving Encryption- Part 5 Format-preserving Feistel-based Mode FF3.1.
5 FF3.1’s development history The sections below describe the FF3.1 FPE block cipher. This cipher is constructed using a Feistel network methodology. FF3 is based on a publication by Brier, Peyrin and Stern intitled“BPS: a Format-Preserving Encryption Proposal”. However, a cryptanalysis of BPS showed that round functions might be controlled by an attacker. In response to this analysis, FF3.1 was proposed as an evolution for BPS and is resistant to this attack. BPS was originally included in NIST SP 800-38G as FF3. The BPS core function makes use of a tweak that is exclusive-ORed with the round counter in order to diversify round functions. However, this may not be correctly achieved, as it depends on a tweak that can be manipulated in: order to have common round functions from one tweak to another. Diversification can be established at very small cost using a well-established technique called domain separation. Domain separation is an efficient means to construct different function instances from a single underlying function. If the underlying function is secure, the derived functions can be considered as independent functions. In 2017, F. Betil Durak and Serge Vaudenay published a cryptanalytic attack taking advantage of the BPS domain separation weakness in their paper titled “Breaking the FF3 Format-Preserving Encryption Standard Over Small Domains’ ‘, https://eprint. iacr.org/2018/1 08. The attack relies on a manipulation of two bytes of the tweak and reaches its goal by reducing the original eight (8) round Feistel complexity to a four (4) round Feistel attack complexity. Preventing an attacker from manipulating the first nibbles of each tweak’s half prohibits the attack. Indeed, as the round counter is exclusive-ORed as follows: round_ tweak xor i, setting the bits of the tweak that are exclusive- ORed to the round counter to zero removes the root cause of the attack. Doing so will change the exclusive-OR operation to behave like an OR operation as follows: round_ tweak or i, which respects domain separatio
6.2.1 Base Cipher Definitions FF3.1 operates as a mode of an underlying block cipher, meaning that the algorithm makes calls to some underlying block cipher and bases its security on the security of that underlying cipher. The FF3.1 mode is specified for use with the Advanced Encryption Standard (AES) or the Triple Data Encryption Algorithm (TDEA). References for the definitions of this algorithm can be found in the ASC X9 SD-34 registry. Within the algorithm descriptions below, the following constants are used to specify the block size (in bytes) of the AES and TDEA algorithm: AES BYTES = 16 TDEA BYTES = 8 6.2.2 Tweak consideration BPS makes use of a 64-bit tweak and suffers from the domain separation issue as explained in Section 5. To overcome this issue, FF3.1 takes a 56-bit tweak and constructs a 64-bit tweak by setting two 4-bit nibbles to zero. FF3.1 checks that the tweak has a length of 56 bits and constructs a 64-bit tweak by copying the 56-bit tweak to bits 0 to 55 of the 64-bit tweak, and moving bits 28 to 31 (of either tweak) to bits 56-59 of the 64-bit tweak. Bits 28 to 31 and bits 60 to 63 of the 64-bit tweak are then set to zero. 6.3 The FF3.1 Technique The FF3.1 FPE is a Feistel-based algorithm that operates in a way similar to FF1 and FF2.1 on a single block of input (see parts 3 and 4, respectively). This specification describes the FF3.1 algorithm. FF3.1 is defined for use with 128-bit AES, 192-bit AES, 256-bit AES, 2-key TDEA and 3-key TDEA.
ANSI X9.124-5 pdf download.