Cisco releases source code for experimental block cipher

A team of Cisco software engineers has created a new encryption scheme, and has released it to the public along with the caveat that this new block cypher is not ready for production, i.e. is still in the experimental phase.

It’s been dubbed FNR (shortened for “Flexible Naor and Reingold”), and is a “practical variant” of the work proposed in an earlier work by researchers Moni Naor and Omer Reingold.

“There is a compelling need for privacy of sensitive fields before data is shared with any cloud provider, semi-trusted vendors, partners etc. For example network telemetry data, transaction logs etc. are often required to be shared for benefiting from variety of Software as Service applications. Such sensitive data fields are of prescribed and arbitrary lengths,” the researchers explained in the paper.

“While designing privacy for sensitive fields, it may be desirable to preserve the length of the inputs, in order to avoid any re-engineering of packet formats or database columns of existing systems.”

The FNR cypher is meant to achieve that, and would be great for encrypting objects that are less than 128 bits in size, such as IPv4 addresses, MAC addresses, credit card numbers, arbitrary strings, and so on.

“When FNR is used in ECB mode, it realizes a deterministic encryption scheme. Like all deterministic encryption methods, this does not provide semantic security, but determinism is needed in situations where anonymizing telemetry and log data (especially in cloud based network monitoring scenarios) is necessary,” explained Sashank Dara, one of the two engineers.

Cisco has released the reference implementation of the FNR encryption scheme under open source license LGPLv2, and it’s source code can be found here.