Inferensys

Glossary

Format-Preserving Encryption (FPE)

An encryption algorithm that transforms data into a ciphertext that retains the same length and format as the original plaintext, allowing legacy systems to process protected data without schema changes.
Developer building agentic RAG system, retrieval pipeline diagram on laptop, technical workspace with notes.
CRYPTOGRAPHIC DATA PROTECTION

What is Format-Preserving Encryption (FPE)?

Format-preserving encryption (FPE) is a cryptographic method that encrypts data while strictly maintaining the original plaintext's length and character set, enabling secure processing without breaking legacy application schemas.

Format-preserving encryption (FPE) is an encryption algorithm that transforms plaintext into ciphertext of identical length and format. Unlike standard AES encryption, which expands data size and changes character sets, FPE ensures a 16-digit credit card number encrypts to another 16-digit number, preserving the exact data structure required by downstream systems and databases.

FPE operates using Feistel network constructions built on approved block ciphers like AES, specifically the FF1 and FF3-1 modes standardized in NIST Special Publication 800-38G. This technique is critical for retrofitting data protection into legacy mainframe environments where schema changes are cost-prohibitive, allowing organizations to achieve compliance with data residency and data sovereignty mandates without application rewrites.

STRUCTURE-PRESERVING CRYPTOGRAPHY

Key Features of Format-Preserving Encryption

Format-Preserving Encryption (FPE) enables the encryption of sensitive data while maintaining its original length and character set, allowing legacy systems to process protected data without schema modifications.

01

Schema Preservation

FPE produces ciphertext that exactly matches the length and character set of the plaintext input. A 16-digit credit card number encrypts to another 16-digit number; a 9-character alphanumeric code remains 9 characters. This eliminates the need to resize database columns or modify application logic that validates field lengths, making it the only encryption mode suitable for brownfield deployments where schema changes are prohibitively expensive.

02

Feistel Network Construction

Most FPE implementations use a Feistel network with a block cipher like AES as the round function. The algorithm splits the input into two halves and iteratively applies the round function over multiple cycles:

  • FF1 (FFX mode 1): Uses 10 rounds, suitable for longer strings
  • FF3-1 (FFX mode 3-1): Uses 8 rounds with a tweak, optimized for shorter inputs Both modes are standardized in NIST SP 800-38G Rev. 1, ensuring cryptographic rigor.
03

Tweakable Encryption

FPE supports a tweak—an additional public input that modifies the encryption without being secret. This enables:

  • Domain separation: Encrypting the same plaintext to different ciphertexts based on context (e.g., a user ID)
  • Tokenization replacement: The tweak can bind ciphertext to a specific transaction or record, preventing substitution attacks The tweak is not secret but must be unique per encryption context to maintain semantic security.
04

Radix-Aware Processing

FPE operates over arbitrary radices (alphabets), not just binary. The algorithm performs arithmetic in base-radix, where the radix equals the size of the allowed character set:

  • Digits 0-9: radix 10
  • Alphanumeric: radix 36
  • Printable ASCII: radix 95 This radix-aware arithmetic ensures ciphertext characters are always valid members of the target alphabet, preventing application-layer validation failures.
05

Cycle-Walking for Domain Completion

When the Feistel network produces a ciphertext outside the valid range, FPE employs cycle-walking: re-encrypting the output iteratively until it falls within the acceptable domain. This guarantees the ciphertext is always a valid element of the target format. The expected number of iterations is small due to the birthday bound, making the performance overhead negligible for most practical domains.

06

Deterministic vs. Randomized Modes

FPE can operate in two distinct modes depending on the use case:

  • Deterministic: Same plaintext + same key + same tweak always produces identical ciphertext. Essential for lookup operations where encrypted fields must be searchable without decryption
  • Randomized: Incorporates a random nonce to produce different ciphertexts for identical plaintexts. Used when unlinkability between records is required This flexibility allows FPE to serve both operational and analytical workloads within the same cryptographic framework.
FORMAT-PRESERVING ENCRYPTION

Frequently Asked Questions

Clear answers to the most common technical and architectural questions about Format-Preserving Encryption (FPE) and its role in securing data within geofenced pipelines without breaking legacy system schemas.

Format-Preserving Encryption (FPE) is a cryptographic algorithm that encrypts plaintext into ciphertext that retains the exact same length and character set as the original input. Unlike standard AES encryption, which produces binary ciphertext of arbitrary length, FPE operates by restricting the ciphertext to a specific alphabet—such as digits for a credit card number or alphanumeric characters for an email address. The core mechanism relies on Feistel network constructions built on top of a standard block cipher (typically AES). The most widely adopted mode is FF1 (defined in NIST Special Publication 800-38G), which uses a 10-round Feistel structure with AES-128 as the round function. During encryption, the plaintext is split into two halves, and multiple rounds of substitution and permutation are applied using a tweak (a non-secret value that provides variability, such as a database primary key). The result is a ciphertext that fits perfectly into the original data field's constraints—a 16-digit credit card number encrypts to another 16-digit number, and a 10-character surname encrypts to a 10-character string using the same character set. This property eliminates the need to expand database column widths or modify application validation logic, making FPE uniquely suited for retrofitting encryption into legacy systems without schema changes.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.