npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

feistel-cipher

v1.5.13

Published

Feistel cipher implementation for format-preserving encryption

Downloads

238

Readme

feistel-cipher

GitHub tag (latest by date) npm GitHub last commit GitHub issues NPM

This is a TypeScript library implementing the Feistel cipher for format-preserving encryption (FPE).

Motivation

The main objective of this library is not to provide a secure encryption scheme but rather a safe obfuscation tool.

Formal description

This library operates on the concept of the Feistel cipher described in Wikipedia as:

A Feistel network is subdivided into several rounds or steps. In its balanced version, the network processes the data in two parts of identical size. On each round, the two blocks are exchanged, then one of the blocks is combined with a transformed version of the other block. Half of the data is encoded with the key, then the result of this operation is added using an XOR operation to the other half of the data. Then in the next round, we reverse: it is the turn of the last half to be encrypted and then to be xored to the first half, except that we use the data previously encrypted. The diagram below shows the data flow (the ${\oplus}$ represents the XOR operation). Each round uses an intermediate key, usually taken from the main key via a generation called key schedule. The operations performed during encryption with these intermediate keys are specific to each algorithm.

The algorithmic description (provided by Wikipedia) of the encryption is as follows:

  • Let $n+1$ be the number of steps, $K_{0},K_{1},...,K_{n}$ the keys associated with each step and $F:\Omega\times\mathcal{K}\mapsto\Omega$ a function of the $(words{\times}keys)$ space to the $words$ space.
  • For each step $i{\in}[0;n]$, note the encrypted word in step $i,m_{i}=L_{i}||R_{i}$:
    • $L_{i+1}=R_{i}$
    • $R_{i+1}=L_{i}{\oplus}F(L_{i},K_{i})$
  • $m_{0}=L_{0}||R_{0}$ is the unciphered text, $m_{n+1}=L_{n+1}||R_{n+1}$ is the ciphered word.

There is no restriction on the $F$ function other than the XOR operation must be possible. For simplicity, we will choose $L_1$ of the same size as $R_1$ and the function $F$ shall transform a word of length $k$ into a word of length $k$ (and this for all $k$).

NB: You may also read my original white paper here as well as the latest one on the full FPE version.

Usage

npm i feistel-cipher

To get an obfuscated string from a source data using the SHA-256 hashing function at each round, first instantiate a Cipher object, passing it a key and a number of rounds. Then, use the encrypt() method with the source data as argument. The result will be a Buffer. To ensure maximum security, I recommend you use a 256-bit key or longer and a minimum of 10 rounds.

The decryption process uses the obfuscated buffered data and pass it to the decrypt() method of the Cipher.

import * as feistel from 'feistel-cipher'

const source = 'my-source-data'

// Encrypt
const cipher = new feistel.Cipher('some-32-byte-long-key-to-be-safe', 10)
const obfuscated = cipher.encrypt(source)

// Decrypt
const deciphered = cipher.decrypt(obfuscated)

assert(deciphered == source)

NB: This is the same default behaviour as in my Golang implementation (see below).

You may also want to use your own set of keys with CustomCipher and a number of rounds depending on the number of provided keys, eg.

const cipher = new feistel.CustomCipher([
  '1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef',
  '9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba',
  'abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789'
])

Finally, you might want to use the latest FPECipher providing true format-preserving encryption for strings:

import { SHA_256 } from 'feistel-cipher'

const cipher = new feistel.FPECipher(SHA_256, 'some-32-byte-long-key-to-be-safe', 128)
const obfuscated = cipher.encrypt(source)
assert(obfuscated.length, source.length)

If you want to use FPE for numbers, you might want to use the encryptNumber() method on the FPECipher which will return a number that you may pad if need be to match your requirements:

const obfuscatedNumber = cipher.encryptNumber(sourceNumber)
const deobfuscatedNumber = cipher.decryptNumber(obfuscatedNumber)
assert(sourceNumber == deobfuscatedNumber)

NB: For stability and security purposes, the number 0 always returns itself.

Dependencies

This library relies on four dependencies:

Besides, to run the tests, you would need to install live-server:

npm i -g live-server

To run specific tests for NodeJS, run the following: (eg. decryptNumber in node.spec.ts)

$ npm run test-node -- --grep "decryptNumber"

Other implementations

For those interested, I also made two other implementations of these Feistel ciphers:

License

This module is distributed under a MIT license.
See the LICENSE file.