In cryptography, format-transforming encryption (FTE) refers to encryption where the format of the input plaintext and output ciphertext are configurable. Descriptions of formats can vary, but are typically compact set descriptors, such as a regular expression.[1]
Format-transforming encryption is closely related to, and a generalization of, format-preserving encryption.
Applications of FTE
editRestricted fields or formats
editSimilar to format-preserving encryption, FTE can be used to control the format of ciphertexts. The canonical example is a credit card number, such as 1234567812345670
(16 bytes long, digits only).
However, FTE does not enforce that the input format must be the same as the output format.
Censorship circumvention
editFTE is used by the Tor Project to circumvent deep packet inspection by pretending to be some other protocols.[2] The implementation is fteproxy; it was written by the authors who came up with the FTE concept.[3]
References
edit- ^ Kevin P. Dyer; Scott E. Coull; Thomas Ristenpart; Thomas Shrimpton (November 2013). "Protocol misidentification made easy with format-transforming encryption" (PDF). Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. pp. 61–72. doi:10.1145/2508859.2516657. ISBN 9781450324779. S2CID 526039.
- ^ "Tor Project: Pluggable Transports". torproject.org. Retrieved 2016-08-05.
- ^ Dyer, Kevin P. (27 February 2020). "kpdyer/fteproxy". GitHub.