[Cryptography] [dns-operations] IP address encryption: pseudonymization
Christian Huitema
huitema at huitema.net
Mon Feb 26 19:44:57 EST 2018
On 2/26/2018 3:40 PM, Viktor Dukhovni wrote:
>> On Feb 26, 2018, at 6:23 PM, Jimmy Hess <mysidia at gmail.com> wrote:
>>
>>> Another easy to describe approach, be it at a higher memory cost, is a
>>> random permutation of 2^32 4 byte elements requires just 16GB of storage.
>> 1* Arguably "bespoke 32-bit block cipher".... and "In-Place
>> Scrambling" are questionable.
>> I would have some doubts about the strength of the cipher.
The filter that they use is IPCrypt (https://github.com/veorq/ipcrypt)
designed by Jean-Philippe Aumasson. It takes a 128 bit key, splits it
into 4 32 bit words, and combines it with the input as follow:
input -> XOR(Key1) -> Permutation -> XOR(key2) ->Permutation ->
XOR(key3) -> Permutation-> XOR(key4) -> output
The permutation is effected by splitting the 32 bit word in 4 octets,
and then doing a series of rotations, additions and XOR combination of
these octets.
The design has limitations, such as not being robust to some related key
attacks, but is seems otherwise to be fairly natural.
> Keyed ciphers try to be indistinguishable from a random permutation, an
> actual random permutation is about as strong as it gets.
>
> What is unavoidably problematic is that the same input needs to
> produce the same output each time. But this, IIRC, is a requirement,
> the mapping should keep distinct inputs distinct and identical inputs
> identical. That is a permutation (random or secret-keyed) is required.
I understand that when collecting logs they are rotating keys very
frequently, in part for that reason. In any case, the working set of IP
addresses seen by a DNS resolver is well below 4 billions. I would be
surprised if it was more than a few millions, maybe a few tens of
millions for very large providers.
-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180226/da111ece/attachment-0001.html>
More information about the cryptography
mailing list