Closed anitgandhi closed 6 years ago
If desired, the functions could be refactored to be follow a new pattern (vs current NewCipher
--> Encrypt
/Decrypt
) like NewCipherWithoutTweak
--> EncryptWithTweak
/DecryptWithTweak
.
All the rest of the code basically remains the same.
In practical applications of FPE, Tweak must be passed in every Encrypt/Decrypt operation. For instance, in protecting credit card PANs, the tweak may be dynamically extracted from the plaintext PAN as first 6 and last 4 digits of the PAN.
Right now, the
tweak
parameter toNewCipher
prevents re-use of the same cipher for different data inputs.So, would it be better to instead pass in
tweak
toEncrypt
andDecrypt
?This would likely cause a breaking change to the current API.