CrySP Speaker Series on Privacy

This speaker series is made possible by an anonymous charitable donation in memory of cypherpunks and privacy advocates Len Sassaman, Hugh Daniel, Hal Finney, and Caspar Bowden.

View the list of past and upcoming speakers

Libfte: A User-Friendly Toolkit for Constructing Practical Format-Abiding Encryption Schemes

Kevin Dyer, Portland State University

[Download (MP4)] [View on Youtube]

March 27, 2014 3:00pm, in DC 2585


Encryption schemes where the ciphertext must abide by a specified format have a range of applications: in-place encryption in databases, in-browser encryption for web forms or per-message encryption of network traffic for censorship circumvention. Despite the interest in format-abiding encryption schemes, a unifying framework for general-purpose deployments is notably absent. However, addressing format-abiding encryption in its full generality requires new approaches. In this talk, Kevin will present a general-purpose library (called libfte) that aides engineers in the development and deployment of format-preserving encryption (FPE) and format-transforming encryption (FTE) schemes. As one example, we present a solution to the open problem of performing FPE/FTE encryption from the nondeterministic finite-state automata (NFA) representation of a regular expression — an approach previously considered unworkable.

Compared to other encryption solutions, libfte introduces negligible latency overhead and can *decrease* diskspace usage by as much as 62.5%, when used for simultaneous encryption and compression in a PostgreSQL database. In the censorship circumvention setting we show that, using regular-expression formats lifted from the Snort IDS, libfte can reduce client/server memory requirements by as much as 30%.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University.