Several Proofs of Security for a Tokenization Algorithm
This work addresses security requirements for tokenization in payment card data protection, as specified by PCI DSS guidelines, but appears incremental as it builds on existing cryptographic methods.
The authors proposed a reversible hybrid tokenization algorithm based on a block cipher with a secret key and additional input, providing formal proofs that it satisfies key PCI DSS security requirements, and analyzed its efficiency and security with concrete cryptographic primitives and fixed PAN length.
In this paper we propose a tokenization algorithm of Reversible Hybrid type, as defined in PCI DSS guidelines for designing a tokenization solution, based on a block cipher with a secret key and (possibly public) additional input. We provide some formal proofs of security for it, which imply our algorithm satisfies the most significant security requirements described in PCI DSS tokenization guidelines. Finally, we give an instantiation with concrete cryptographic primitives and fixed length of the PAN, and we analyze its efficiency and security.