Format-Preserving Encryption (FPE) is a symmetric encryption algorithm that constrains the ciphertext to the same character set and length as the input plaintext. Unlike standard AES encryption, which produces binary ciphertext that expands data size, FPE ensures a 16-digit credit card number encrypts to another 16-digit number. This is achieved using Feistel network constructions operating over a small, defined domain, typically leveraging the FF1 and FF3-1 modes standardized in NIST Special Publication 800-38G.
Glossary
Format-Preserving Encryption (FPE)

What is Format-Preserving Encryption (FPE)?
Format-preserving encryption (FPE) is a cryptographic method where the ciphertext retains the exact format and length of the plaintext, enabling encryption of structured data without breaking existing database schemas or application logic.
FPE is critical for retrofitting data protection into legacy systems where schema modifications are prohibitively expensive. By preserving format, encrypted data passes existing validation rules and fits into fixed-width database columns without requiring application rewrites. Common use cases include protecting primary account numbers (PANs) in payment processing, Social Security numbers in healthcare databases, and structured identifiers in cloud data warehouses, effectively reducing the scope of compliance audits without disrupting transactional integrity.
Key Features of FPE
Format-Preserving Encryption (FPE) provides a unique cryptographic approach that preserves the structure of data while rendering it unreadable. These features make it indispensable for retrofitting security into legacy systems.
Strict Format Preservation
The ciphertext output maintains the exact length and character set of the plaintext input. A 16-digit credit card number encrypts to another 16-digit number; a Social Security Number (XXX-XX-XXXX) retains its dashes and numeric structure. This is achieved using Feistel network constructions operating within a small, finite domain, ensuring the output is indistinguishable from a random permutation of the input space.
Schema-Neutral Integration
Because the data type and length do not change, FPE can be injected into existing workflows without modifying database schemas, application logic, or validation rules. Legacy COBOL systems, mainframe applications, and rigid ETL pipelines can enforce encryption transparently. This eliminates the costly and risky refactoring typically associated with implementing standard AES encryption, which expands ciphertext size and changes data types.
Referential Integrity Maintenance
FPE preserves deterministic relationships across tables. If a primary key is encrypted with FPE, the corresponding foreign keys in related tables can be encrypted to the same value, maintaining join operations without decryption. This is critical for preserving analytical utility in de-identified datasets where relational structures must remain intact for machine learning feature engineering.
Strong Cryptographic Guarantees
Modern FPE standards, such as FF1 and FF3-1 (defined in NIST SP 800-38G Rev. 1), provide provable security based on the underlying AES block cipher. The FF3-1 revision specifically addresses a vulnerability in the original FF3 mode, ensuring resistance to chosen-plaintext attacks. The security strength is directly tied to the key length, typically 128, 192, or 256 bits.
Partial Encryption Support
FPE allows for selective encryption of specific segments within a data field while leaving other parts in the clear. For example, the last four digits of a credit card can be preserved for customer service verification while the first twelve are encrypted. This enables granular data utility in non-production environments, balancing operational needs with strict privacy compliance.
Tokenization Alternative
Unlike vault-based tokenization, which requires a secure database to map surrogate values back to original data, FPE is stateless. The encryption is purely algorithmic, eliminating the need for token vault storage, synchronization, and high-availability management. This reduces infrastructure complexity and latency, making FPE ideal for high-throughput de-identification pipelines where vault lookups become a bottleneck.
FPE vs. Tokenization vs. Conventional Encryption
A technical comparison of three distinct approaches to protecting sensitive data elements, evaluating their impact on schema, referential integrity, and cryptographic properties.
| Feature | Format-Preserving Encryption | Tokenization | Conventional Encryption |
|---|---|---|---|
Preserves original format and length | |||
Requires schema changes | |||
Cryptographically reversible without vault | |||
External vault or token store required | |||
Preserves referential integrity across systems | |||
Supports deterministic encryption for joins | |||
Typical ciphertext expansion | 0% | 0% | 20-50% |
Retrofittable into legacy applications |
Real-World Applications of FPE
Format-Preserving Encryption bridges the gap between strong cryptographic protection and legacy system compatibility. These cards illustrate the critical enterprise scenarios where FPE's unique ability to maintain data structure while providing robust security is indispensable.
Legacy Database Retrofit
FPE enables encryption of sensitive columns in legacy databases without modifying the database schema. Because the ciphertext matches the original column's data type and length, applications, validation rules, and stored procedures continue to function unmodified.
- No schema changes: Encrypt VARCHAR(16) to VARCHAR(16)
- No application logic changes: Field length validations remain intact
- Example: Encrypting a
VARCHAR(9)Social Security Number field to another 9-character string, preserving all downstream ETL jobs
Payment Card Industry (PCI) Compliance
FPE is a foundational technology for reducing PCI DSS audit scope. By encrypting Primary Account Numbers (PANs) while preserving the 16-digit format and passing the Luhn check, FPE allows internal systems to operate on tokenized-like values without exposing real cardholder data.
- Preserves BIN ranges: The first 6 digits can be left in the clear or encrypted with format preservation
- Luhn-valid output: Encrypted PANs can pass basic validation checks in payment gateways
- Example: A 16-digit PAN
4111 1111 1111 1111encrypts to another valid-format 16-digit number, allowing fraud detection systems to run without accessing real data
Cloud Data Warehouse Tokenization
In cloud environments like Snowflake or BigQuery, FPE acts as a deterministic, in-place tokenization mechanism. Unlike vault-based tokenization, FPE requires no external lookup service, enabling high-performance joins on encrypted identifiers without network latency.
- Deterministic encryption: Same plaintext always produces the same ciphertext, preserving referential integrity
- No token vault: Eliminates the single point of failure and latency of a vault lookup
- Example: Encrypting customer IDs across multiple tables while maintaining the ability to JOIN on the encrypted column directly
Test Data Management
FPE generates realistic, format-valid test data from production datasets without exposing sensitive information. Unlike masking with 'XXXX', FPE produces functional synthetic data that passes front-end validation and mimics production distributions.
- Preserves data characteristics: Length, character set, and checksums remain valid
- Referential integrity: Deterministic FPE ensures foreign key relationships survive encryption
- Example: Encrypting a production name field 'John Smith' to 'Bkrn Pqalm' for a UAT environment, preserving the alphabetic character set and length for UI testing
Mainframe Data Protection
FPE is uniquely suited for mainframe environments where fixed-width record formats are non-negotiable. COBOL copybooks and VSAM files expect exact byte lengths; FPE encrypts data in-place without altering the record layout.
- No copybook changes: Encrypted fields occupy the same PIC clause
- EBCDIC compatibility: FPE can operate within the mainframe's native character encoding
- Example: Encrypting a PIC X(10) field in a COBOL program to another 10-byte value, requiring zero changes to the application's WORKING-STORAGE definitions
Data Sharing Under GDPR
FPE enables pseudonymization as defined by GDPR Article 4(5). By encrypting direct identifiers while preserving analytical utility, organizations can share data with processors or third parties under a reduced compliance burden.
- Pseudonymization, not anonymization: Encrypted data is still personal data but with reduced risk
- Analytical utility preserved: Format preservation means statistical tools and scripts continue to work
- Example: A healthcare provider encrypts patient MRNs before sharing clinical data with a research partner, maintaining the ability to link records across visits without revealing real identifiers
Frequently Asked Questions
Clear answers to common questions about how Format-Preserving Encryption secures data without breaking existing database schemas or application logic.
Format-Preserving Encryption (FPE) is a cryptographic method that encrypts plaintext into ciphertext that retains the exact same format, length, and character set as the original input. Unlike standard AES encryption, which expands ciphertext and changes its data type, FPE uses a Feistel network construction operating on a restricted domain to ensure a 16-digit credit card number encrypts to another 16-digit number, and a Social Security Number retains its XXX-XX-XXXX structure. The underlying mechanism relies on the FF1 and FF3-1 modes standardized in NIST Special Publication 800-38G, which apply multiple rounds of a pseudorandom function combined with modular addition to permute elements within a strictly defined alphabet. This format invariance allows organizations to retrofit encryption into legacy systems—such as mainframe databases and COBOL applications—without modifying field lengths, validation rules, or downstream processing logic.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Format-Preserving Encryption is a specialized primitive that bridges classical cryptography and data de-identification. The following concepts define the ecosystem of techniques used alongside FPE to protect structured data without breaking legacy systems.
Tokenization
A data security technique that substitutes a sensitive data element with a non-sensitive equivalent, called a token, which retains the format but has no extrinsic value. Unlike FPE, tokenization typically relies on a vault that maps tokens back to original values via a database lookup rather than a reversible cryptographic algorithm. This makes tokenization ideal for payment processing where the original Primary Account Number (PAN) must be recoverable in a controlled environment, while FPE is preferred for test data generation where decryption is not always required.
Pseudonymization
The processing of personal data so it can no longer be attributed to a specific data subject without the use of additional information. Under GDPR, pseudonymized data remains personal data. FPE is a strong technical enabler of pseudonymization because it allows direct identifiers (like a Social Security Number) to be replaced with a ciphertext that looks exactly like a valid SSN, maintaining referential integrity across databases while separating the identity from the payload.
Data Masking
The process of creating a structurally similar but inauthentic version of data to protect sensitive information in non-production environments. FPE is a superior alternative to static masking for specific use cases because it preserves referential integrity across tables. If a customer ID is encrypted with FPE, the join between the orders table and the customers table remains intact without exposing the real ID, unlike random substitution masking which breaks foreign key relationships.
Differential Privacy
A mathematical framework providing provable privacy guarantees by injecting calibrated noise into query results. While FPE is a deterministic, reversible transformation used for data-at-rest protection, differential privacy is a statistical property of an algorithm used for data-in-use protection. They are complementary: FPE can de-identify the storage layer, while differential privacy protects the outputs of analytics running on that data, ensuring that no single individual's presence is inferable from aggregate statistics.
k-Anonymity
A privacy model ensuring each record is indistinguishable from at least k-1 other records with respect to quasi-identifiers. FPE supports k-anonymity by allowing generalization hierarchies to be applied to encrypted values. For example, an FPE-encrypted ZIP code can be truncated to its first three digits post-encryption, ensuring the ciphertext still fits the schema while contributing to the anonymity set size. This prevents singling out individuals in the de-identified dataset.
Data Residency
The regulatory requirement that data is stored and processed within a specific geographical jurisdiction. FPE is a critical tool for data residency compliance because it allows organizations to move format-compatible ciphertext across borders for processing while keeping the cryptographic keys securely anchored in the required jurisdiction. The ciphertext is useless without the key, satisfying sovereignty requirements without requiring a full local stack for every application.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us