Format-transforming encryption

In cryptography, format-transforming encryption (FTE) refers to encryption where the format of the input plaintext and output ciphertext are configurable. Descriptions of formats can vary, but are typically compact set descriptors, such as a regular expression.^[1]

Format-transforming encryption is closely related to, and a generalization of, format-preserving encryption.

Applications of FTE

Restricted fields or formats

Similar to format-preserving encryption, FTE can be used to control the format of ciphertexts. The canonical example is a credit card number, such as 1234567812345670 (16 bytes long, digits only). However, FTE does not enforce that the input format must be the same as the output format.

Censorship circumvention

FTE is used by the Tor Project to circumvent deep packet inspection by pretending to be some other protocols.^[2] The implementation is fteproxy; it was written by the authors who came up with the FTE concept.^[3]

References

^ "Protocol Misidentification Made Easy with Format-Transforming Encryption" (PDF). Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security: 61-72. November 2013. doi:10.1145/2508859.2516657. ISBN 9781450324779. S2CID 526039. {{cite journal}}: Unknown parameter |authors= ignored (help)
^ "Tor Project: Pluggable Transports". torproject.org. Retrieved 2016-08-05.
^ Dyer, Kevin P. (27 February 2020). "kpdyer/fteproxy".

[1] "Protocol Misidentification Made Easy with Format-Transforming Encryption" (PDF). Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security: 61-72. November 2013. doi:10.1145/2508859.2516657. ISBN 9781450324779. S2CID 526039. {{cite journal}}: Unknown parameter |authors= ignored (help)

[Tor_Project:_Pluggable_Transports-2] "Tor Project: Pluggable Transports". torproject.org. Retrieved 2016-08-05.

[3] Dyer, Kevin P. (27 February 2020). "kpdyer/fteproxy".

[1]

[2]

[3]