New Open Source FNR Cipher Released by Cisco
A new open source block cipher released by Cisco. It is developed for small blocks of data encryption, such as IP addresses or MAC addresses. The source code of the cipher along with a demo application have been released by Cisco, however the cipher is still in an experimental stage.
The new cipher is called “FNR” (Flexible Naor and Reingold). The company states that it may be ideal for some cloud related scenarios, precisely network monitoring for the cloud. Interesting fact that the cipher is based on a paper that has been written in 1999. If implemented now it could result in storage and bandwidth saving.
FNR is used in ECB mode, it works on a deterministic encryption scheme. Just like all deterministic encryption methods this one also does not provide semantic security, however, determinism is important in cases where anonymizing telemetry and log data is needed. Searchable encryption operations might also be achieved with this new cipher.
You can look at the source code of the FNR published by Cisco on GitHub. There is also a demo application there, which is designed to encrypt IPv4 addresses. The new cipher from Cisco is designed to encrypt data blocks that are smaller than 128 bits and it preserves the length of inputs as well. It means that the length of plain text and cipher text remains same.
Such length preserving encryption would be beneficial when encrypting susceptible fields of solid packet formats, database columns of legacy systems and other similar instances. wanting to avoid any reconstruction needed for privacy preservation.
Small domain block ciphers are very helpful tool in designing privacy of sensitive data fields of smaller length, but smaller blocks lead to important security issues and building a secure small block cipher is known to be a tricky task.