You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The `ipcrypt-pfx` instantiation implements prefix-preserving encryption using a pseudorandom function based on the XOR of two independently keyed AES-128 encryptions.
423
423
424
-
### Pseudorandom Function Construction
424
+
### Encryption Process
425
425
426
-
The pseudorandom function requires a 32-byte key split into two independent 16-byte AES-128 keys (`K1` and `K2`). For each bit position, the algorithm performs:
426
+
The encryption uses a pseudorandom function based on the XOR of two independently keyed AES-128 encryptions. The 32-byte key is split into two independent 16-byte AES-128 keys (`K1` and `K2`).
427
427
428
-
1. Padding: The prefix (all bits processed so far from the original IP address) is padded to 128 bits using the format `zeros || 1 || prefix_bits`, where:
428
+
For each bit position (processing from MSB to LSB):
429
+
430
+
1. Prefix Padding: The prefix (all bits processed so far from the original IP address) is padded to 128 bits using the format `zeros || 1 || prefix_bits`, where:
429
431
- The prefix bits are extracted from the most significant bits of the original IP address
430
432
- A single `1` bit serves as a delimiter at position `prefix_len_bits`
431
433
- The prefix bits are placed immediately after the delimiter, from high to low positions
432
434
- For an empty prefix (processing the first bit), this produces a block with only a single `1` bit at position 0
433
435
434
-
2. Dual Encryption: The padded prefix is encrypted independently with both `K1` and `K2`, producing two 128-bit outputs (`e1` and `e2`).
435
-
436
-
3. XOR Combination: The final PRF output is computed as `e = e1 ⊕ e2`.
437
-
438
-
### Bit Encryption Process
436
+
2. Pseudorandom Function Computation: The padded prefix is encrypted independently with both `K1` and `K2`, producing two 128-bit outputs (`e1` and `e2`). The final PRF output is computed as `e = e1 ⊕ e2`.
439
437
440
-
For each bit position (processing from MSB to LSB):
441
-
442
-
1. Pad the prefix (bits processed so far from the original IP) to 128 bits
443
-
2. Compute the PRF output using the padded prefix: `e = AES(K1, padded_prefix) ⊕ AES(K2, padded_prefix)`
444
-
3. Extract the least significant bit from the PRF output as the cipher bit
445
-
4. XOR the cipher bit with the original bit at the current position to produce the encrypted bit
438
+
3. Bit Encryption: The least significant bit is extracted from the PRF output as the cipher bit, which is then XORed with the original bit at the current position to produce the encrypted bit.
446
439
447
440
Complete pseudocode implementation is provided in {{prefix-preserving-encryption-ipcrypt-pfx}}.
0 commit comments