Skip to content

Format Preserving Encryption

Format Preserving Encryption (FPE) is a cryptographic technique standardized in NIST SP 800-38G specification that allows the encryption of data while preserving its original format or structure. Unlike traditional encryption methods that transform data into ciphertext with a different format, FPE ensures that the encrypted output maintains the same format as the original input, such as preserving the length, character set, and other specific formatting requirements.

The purpose of Format Preserving Encryption is to provide confidentiality for sensitive data while minimizing the impact on applications or systems that rely on the original data format. This technique finds applications in scenarios where data format constraints are critical, such as databases, legacy systems, or data interchange processes.

FPE-FF1, the underlying cryptographic primitive, is a normalized algorithm that uses symmetric encryption, but it’s not as fast or secure as standardized symmetric (or public key) encryption methods like AES or ChaCha. It should only be used where the format of the ciphertext container is constrained (e.g., a fixed database schema that cannot be changed).


Cosmian FPE implementation supports the encryption of strings, floats and big integers.

In order to keep the format of the input plaintext, the alphabet used for plaintext must be specified.

There are multiple pre-defined alphabets available:

  • alpha-> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  • alpha_lower-> abcdefghijklmnopqrstuvwxyz
  • numeric-> 0123456789
  • hexa_decimal-> 0123456789abcdef
  • alpha_numeric-> 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
  • chinese
  • latin1sup
  • latin1sup_alphanum

These alphabets can easily be extended with any character.

Implementations and quick start

The FPE techniques are open-source and written in Rust. For the cryptographic documentation and implementation details, please check its Github repository.

Unless low-level programming in Rust, implementers should use those techniques through the various Cloudproof user libraries:

All these libraries are open-source and available on Github

The user libraries all contain extensive tests, and it is highly recommended to start by hacking those tests.


The library is published on npm: simply install the library in your package.json

npm install cloudproof_js

The library contains web assembly for cryptographic speed

The version 4.0.0 is available on PyPI:

pip install cloudproof_py

Import classes:

from cloudproof_py.cover_crypt import Policy, PolicyAxis, Attribute, CoverCrypt

# needed if you use Cosmian KMS
from cloudproof_py.kms import KmsClient

Encrypting integers

The most common example when using FPE is the encryption of credit card numbers. Here the alphabet numeric is used (characters of this alphabet being 0123456789) as follow:

Warning encryption integers or big integers

When encrypting integers, the important parameters are radix and digits.

- `radix` is the base of the number representation (must be between 2 and 16 inclusive)
- `digits` is the maximum number of digits in the representation. A value of 10 will limit the ciphertext output size to 10.

Also, integers must be passed as string

Here are various examples for integers encryption:

Encrypting chinese plaintexts

Using the chinese alphabet can be done as follow:

Encrypting using a custom alphabet

© Copyright 2018-2023 Cosmian. All rights reserved.