Format-Transforming Encryption (FTE) is a cryptographic primitive explored in the paper Protocol Misidentification Made Easy with Format-Transforming Encryption [1]. FTE allows a user to specify the format of their ouput ciphertexts using regular expressions. The libfte library implements the primitive presented in [1].
If you are interested in the proxy system that uses FTE to bypass DPI systems, please see fteproxy.
- Build tools (e.g., gcc, g++, etc.)
- Python 2.6.x/2.7.x (https://python.org/)
- GMP 5.1.x (https://gmplib.org/)
- PyCrypto 2.6.x (https://www.dlitz.net/software/pycrypto/)
- regex2dfa (https://github.com/kpdyer/regex2dfa)
To install libfte as a python module, please do the following:
python setup.py install
You can verify that libfte was built correctly by running:
python setup.py test
To verify that libfte was installed correctly, try running one of the scripts in the examples/
directory.
The following is an example usage of libfte.
import regex2dfa
import fte.encoder
regex = '^(a|b)+$'
fixed_slice = 512
input_plaintext = 'test'
dfa = regex2dfa.regex2dfa(regex)
fteObj = fte.encoder.DfaEncoder(dfa, fixed_slice)
ciphertext = fteObj.encode(input_plaintext)
[output_plaintext, remainder] = fteObj.decode(ciphertext)
print 'input_plaintext='+input_plaintext
print 'ciphertext='+ciphertext[:16]+'...'+ciphertext[-16:]
print 'output_plaintext='+output_plaintext
And the ouput of the above script would be the following, where the ouput ciphertext is a fixed_slice
-length string consisting of the characters a
and b
, as defined by the regex
variable.
input_plaintext=test
ciphertext=aaaaaaaabaaaaaba...aabbbbbbbbaababb
output_plaintext=test
[1] Protocol Misidentification Made Easy with Format-Transforming Encryption Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart and Thomas Shrimpton