Format-preserving encryption (FPE) is an encryption algorithm that transforms plaintext into ciphertext of identical length and format. Unlike standard AES encryption, which expands data size and changes character sets, FPE ensures a 16-digit credit card number encrypts to another 16-digit number, preserving the exact data structure required by downstream systems and databases.
Glossary
Format-Preserving Encryption (FPE)

What is Format-Preserving Encryption (FPE)?
Format-preserving encryption (FPE) is a cryptographic method that encrypts data while strictly maintaining the original plaintext's length and character set, enabling secure processing without breaking legacy application schemas.
FPE operates using Feistel network constructions built on approved block ciphers like AES, specifically the FF1 and FF3-1 modes standardized in NIST Special Publication 800-38G. This technique is critical for retrofitting data protection into legacy mainframe environments where schema changes are cost-prohibitive, allowing organizations to achieve compliance with data residency and data sovereignty mandates without application rewrites.
Key Features of Format-Preserving Encryption
Format-Preserving Encryption (FPE) enables the encryption of sensitive data while maintaining its original length and character set, allowing legacy systems to process protected data without schema modifications.
Schema Preservation
FPE produces ciphertext that exactly matches the length and character set of the plaintext input. A 16-digit credit card number encrypts to another 16-digit number; a 9-character alphanumeric code remains 9 characters. This eliminates the need to resize database columns or modify application logic that validates field lengths, making it the only encryption mode suitable for brownfield deployments where schema changes are prohibitively expensive.
Feistel Network Construction
Most FPE implementations use a Feistel network with a block cipher like AES as the round function. The algorithm splits the input into two halves and iteratively applies the round function over multiple cycles:
- FF1 (FFX mode 1): Uses 10 rounds, suitable for longer strings
- FF3-1 (FFX mode 3-1): Uses 8 rounds with a tweak, optimized for shorter inputs Both modes are standardized in NIST SP 800-38G Rev. 1, ensuring cryptographic rigor.
Tweakable Encryption
FPE supports a tweak—an additional public input that modifies the encryption without being secret. This enables:
- Domain separation: Encrypting the same plaintext to different ciphertexts based on context (e.g., a user ID)
- Tokenization replacement: The tweak can bind ciphertext to a specific transaction or record, preventing substitution attacks The tweak is not secret but must be unique per encryption context to maintain semantic security.
Radix-Aware Processing
FPE operates over arbitrary radices (alphabets), not just binary. The algorithm performs arithmetic in base-radix, where the radix equals the size of the allowed character set:
- Digits 0-9: radix 10
- Alphanumeric: radix 36
- Printable ASCII: radix 95 This radix-aware arithmetic ensures ciphertext characters are always valid members of the target alphabet, preventing application-layer validation failures.
Cycle-Walking for Domain Completion
When the Feistel network produces a ciphertext outside the valid range, FPE employs cycle-walking: re-encrypting the output iteratively until it falls within the acceptable domain. This guarantees the ciphertext is always a valid element of the target format. The expected number of iterations is small due to the birthday bound, making the performance overhead negligible for most practical domains.
Deterministic vs. Randomized Modes
FPE can operate in two distinct modes depending on the use case:
- Deterministic: Same plaintext + same key + same tweak always produces identical ciphertext. Essential for lookup operations where encrypted fields must be searchable without decryption
- Randomized: Incorporates a random nonce to produce different ciphertexts for identical plaintexts. Used when unlinkability between records is required This flexibility allows FPE to serve both operational and analytical workloads within the same cryptographic framework.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear answers to the most common technical and architectural questions about Format-Preserving Encryption (FPE) and its role in securing data within geofenced pipelines without breaking legacy system schemas.
Format-Preserving Encryption (FPE) is a cryptographic algorithm that encrypts plaintext into ciphertext that retains the exact same length and character set as the original input. Unlike standard AES encryption, which produces binary ciphertext of arbitrary length, FPE operates by restricting the ciphertext to a specific alphabet—such as digits for a credit card number or alphanumeric characters for an email address. The core mechanism relies on Feistel network constructions built on top of a standard block cipher (typically AES). The most widely adopted mode is FF1 (defined in NIST Special Publication 800-38G), which uses a 10-round Feistel structure with AES-128 as the round function. During encryption, the plaintext is split into two halves, and multiple rounds of substitution and permutation are applied using a tweak (a non-secret value that provides variability, such as a database primary key). The result is a ciphertext that fits perfectly into the original data field's constraints—a 16-digit credit card number encrypts to another 16-digit number, and a 10-character surname encrypts to a 10-character string using the same character set. This property eliminates the need to expand database column widths or modify application validation logic, making FPE uniquely suited for retrofitting encryption into legacy systems without schema changes.
Related Terms
Format-Preserving Encryption (FPE) operates within a broader landscape of data protection and compliance technologies. These related concepts define the architectural, legal, and technical boundaries that make FPE a critical tool for modern data engineering.
Data Masking vs. FPE
While both protect sensitive data, they operate fundamentally differently. Static Data Masking (SDM) creates a structurally similar but inauthentic copy of a database, irreversibly replacing original values. Dynamic Data Masking (DDM) obfuscates query results in real-time without altering stored data. In contrast, Format-Preserving Encryption is a reversible, deterministic cryptographic operation. The ciphertext retains the exact format of the plaintext, allowing legacy applications to process it natively. FPE is preferred when the original data must be recoverable by an authorized key holder, whereas masking is sufficient for non-production testing environments where realism is required but reversibility is not.
Tokenization
Tokenization substitutes a sensitive data element with a non-sensitive equivalent, called a token, that has no extrinsic or exploitable meaning. A token vault stores the mapping between the original data and the token. Unlike FPE, tokenization typically does not preserve format without significant vault complexity. FPE is often preferred for retrofitting legacy systems because it requires no database schema changes and no external vault lookup for decryption. However, tokenization can offer stronger separation of duties, as the token vault can be isolated from the application processing the tokenized data.
Pseudonymization under GDPR
FPE is a powerful technical measure for implementing pseudonymization as defined by Article 4(5) of the GDPR. Pseudonymization is the processing of personal data in such a way that it can no longer be attributed to a specific data subject without additional information (the cryptographic key). Because FPE is reversible, the data is pseudonymized, not anonymized. This distinction is critical for compliance: pseudonymized data remains within the scope of GDPR, but applying FPE can demonstrate adherence to the 'data protection by design and default' principle and can reduce the risk profile of a processing activity, potentially easing the burden of Data Protection Impact Assessments (DPIAs).
Homomorphic Encryption Contrast
Homomorphic Encryption (HE) allows computation directly on ciphertext, producing an encrypted result that, when decrypted, matches the result of operations performed on the plaintext. While HE is a more general solution for privacy-preserving computation, it is computationally intensive and produces massive ciphertext expansion. Format-Preserving Encryption is far more efficient and solves a narrower, highly practical problem: making ciphertext fit into existing application schemas. FPE does not allow computation on the ciphertext (e.g., arithmetic), but it allows storage and retrieval systems to function without modification, a pragmatic advantage that HE cannot yet match for most enterprise applications.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us