Unhash online dating
Say you wanted to preserve the linkage to people and their birthdates.
Basically, an FPE scheme for, say, dates within a year, is a keyed invertible pseudorandom permutation of the set (plus 366 for leap years; of course, in practice, you'd also want to use the year as a "tweak" for the scheme, so it won't be the same permutation each year).
Every time you feed in the same unencrypted date, the same encrypted date will come out; it will just tend to flatten out any long-term monthly / weekly trends, since the dates will be shuffled around (pseudo)randomly.
OK, so somebody suspects that your data has been encrypted.
(Or maybe they just know that it is; it's generally safest to assume that they do.) How would they go about breaking the encryption?
This topic shows how to use the Encrypt, Decrypt, and Re Encrypt operations in the AWS KMS API.
These operations are designed to encrypt and decrypt data keys.How would they know that their efforts are resulting in the correct original value?Could someone even recognize that the values are encrypted? You're correct that the values would all appear to be valid dates (this is known as format-preserving encryption, by the way), so they would not look to let them guess whether they're plausible or not, they might not notice anything amiss.For this simple cipher, this will also immediately reveal the key.(A more complex format-preserving cipher would typically yield a frequency distribution that looks a lot closer to uniform than normal data would.For details about the Java implementation of the Encrypt operation, see the encrypt method in the // Encrypt a data key // // Replace the fictitious key ID value with a valid key ID, key ARN, or alias of an AWS CMK.