IP IPCrypt

IPCrypt Examples

Interactive examples and demonstrations of IPCrypt encryption modes and use cases.

IPCrypt Examples

This page provides interactive examples and demonstrations of IPCrypt in action. You can explore the different encryption modes, see how they work, and understand their practical applications.

Interactive Playground

Try IPCrypt directly in your browser with our interactive playground:

IPCrypt Playground

Experiment with different encryption modes and see the results in real-time.

Open Playground

Encryption Modes Comparison

The following examples demonstrate the three encryption modes of IPCrypt:

Deterministic Encryption (ipcrypt-deterministic)

ipcrypt-deterministic

Input

IP Address:
192.0.2.1
Key (Hex):
2b7e151628aed2a6abf7158809cf4f3c

Output

Encrypted IP:
1dbd:c1b9:fff1:7586:7d0b:67b4:e76e:4777
Hex Representation:
1dbdc1b9fff175867d0b67b4e76e4777
Key Characteristics:
  • Same input always produces the same output with the same key
  • Format-preserving (output is a valid IP address)
  • Reveals patterns in the data (repeated inputs have identical outputs)
  • 16-byte output (same size as input)

Non-Deterministic Encryption (ipcrypt-nd)

ipcrypt-nd

Input

IP Address:
192.0.2.1
Key (Hex):
1032547698badcfeefcdab8967452301
Tweak (Hex):
21bd1834bc088cd2

Output

Encrypted Output (Hex):
21bd1834bc088cd2e5e1fe55f95876e639faae2594a0caad
Key Characteristics:
  • Same input produces different outputs due to random tweak
  • Not format-preserving (output is larger than a standard IP address)
  • Hides patterns in the data (repeated inputs have different outputs)
  • 24-byte output (8-byte tweak + 16-byte ciphertext)
  • Uses KIASU-BC tweakable block cipher

Non-Deterministic Extended Encryption (ipcrypt-ndx)

ipcrypt-ndx

Input

IP Address:
2001:db8::1
Key (Hex):
2b7e151628aed2a6abf7158809cf4f3c3c4fcf098815f7aba6d2ae2816157e2b
Tweak (Hex):
21bd1834bc088cd2b4ecbe30b70898d7

Output

Encrypted Output (Hex):
21bd1834bc088cd2b4ecbe30b70898d76089c7e05ae30c2d10ca149870a263e4
Key Characteristics:
  • Same input produces different outputs due to random tweak
  • Not format-preserving (output is larger than a standard IP address)
  • Hides patterns in the data (repeated inputs have different outputs)
  • 32-byte output (16-byte tweak + 16-byte ciphertext)
  • Uses AES-XTS tweakable block cipher
  • Highest security margin with 128-bit tweak space

Use Case Examples

The following examples demonstrate practical applications of IPCrypt:

Privacy-Preserving Logging

Web Server Logging

Traditional Log Format (Privacy Risk)

192.0.2.1 - - [24/Apr/2025:10:15:32 +0100] "GET /index.html HTTP/1.1" 200 2326
198.51.100.17 - - [24/Apr/2025:10:15:33 +0100] "GET /style.css HTTP/1.1" 200 1128
203.0.113.42 - - [24/Apr/2025:10:15:35 +0100] "POST /login HTTP/1.1" 302 0
192.0.2.1 - - [24/Apr/2025:10:16:12 +0100] "GET /profile HTTP/1.1" 200 4582

IPCrypt-Protected Log Format

1dbd:c1b9:fff1:7586:7d0b:67b4:e76e:4777 - - [24/Apr/2025:10:15:32 +0100] "GET /index.html HTTP/1.1" 200 2326
a3f5:e7c2:b918:d46a:5e2f:c0d3:8b7a:1f9e - - [24/Apr/2025:10:15:33 +0100] "GET /style.css HTTP/1.1" 200 1128
6b9d:4f2e:8a7c:1d5b:3f9e:2c8d:7a6b:5e4d - - [24/Apr/2025:10:15:35 +0100] "POST /login HTTP/1.1" 302 0
1dbd:c1b9:fff1:7586:7d0b:67b4:e76e:4777 - - [24/Apr/2025:10:16:12 +0100] "GET /profile HTTP/1.1" 200 4582
Benefits:
  • IP addresses are encrypted, protecting user privacy
  • Format preservation allows existing log analysis tools to work
  • Deterministic encryption enables tracking user sessions and unique visitor counts
  • Original IP addresses are not stored, reducing compliance burden

Rate Limiting with Encrypted IPs

API Rate Limiting

Implementation Example (Python)

from ipcrypt import IPCrypt
from flask import Flask, request, jsonify
import time

app = Flask(__name__)

# Initialize IPCrypt with a secure key
key = bytes.fromhex("2b7e151628aed2a6abf7158809cf4f3c")
ipcrypt = IPCrypt(key)

# Simple in-memory rate limiter
rate_limits = {}  # Maps encrypted IPs to (count, reset_time)
RATE_LIMIT = 10   # Requests per minute

@app.route('/api/data')
def get_data():
    # Get client IP
    client_ip = request.remote_addr
    
    # Encrypt the IP (deterministic mode)
    encrypted_ip = ipcrypt.encrypt_deterministic(client_ip)
    
    # Check rate limit
    current_time = time.time()
    if encrypted_ip in rate_limits:
        count, reset_time = rate_limits[encrypted_ip]
        
        # Reset counter if minute has passed
        if current_time > reset_time:
            rate_limits[encrypted_ip] = (1, current_time + 60)
        # Increment counter if under limit
        elif count < RATE_LIMIT:
            rate_limits[encrypted_ip] = (count + 1, reset_time)
        # Reject if over limit
        else:
            return jsonify({"error": "Rate limit exceeded"}), 429
    else:
        # First request from this IP
        rate_limits[encrypted_ip] = (1, current_time + 60)
    
    # Process the request
    return jsonify({"data": "API response"})
Benefits:
  • Rate limiting works without storing actual IP addresses
  • Privacy is preserved while maintaining security controls
  • Deterministic encryption ensures consistent identification
  • Implementation is simple and requires minimal changes to existing code

Third-Party Data Sharing

Secure Analytics Integration

Original Data (Privacy Risk)

{
  "events": [
    {
      "timestamp": "2025-04-24T10:15:32Z",
      "ip": "192.0.2.1",
      "user_agent": "Mozilla/5.0...",
      "page": "/products",
      "action": "view"
    },
    {
      "timestamp": "2025-04-24T10:16:45Z",
      "ip": "192.0.2.1",
      "user_agent": "Mozilla/5.0...",
      "page": "/products/123",
      "action": "add_to_cart"
    }
  ]
}

IPCrypt-Protected Data

{
  "events": [
    {
      "timestamp": "2025-04-24T10:15:32Z",
      "encrypted_ip": "08e0c289bff23b7cb349aadfe3bcef56221c384c7c217b16",
      "user_agent": "Mozilla/5.0...",
      "page": "/products",
      "action": "view"
    },
    {
      "timestamp": "2025-04-24T10:16:45Z",
      "encrypted_ip": "21bd1834bc088cd2e5e1fe55f95876e639faae2594a0caad",
      "user_agent": "Mozilla/5.0...",
      "page": "/products/123",
      "action": "add_to_cart"
    }
  ]
}
Benefits:
  • Non-deterministic encryption prevents correlation across different data sets
  • Third-party analytics provider cannot recover original IP addresses
  • Analytics on user journeys still possible by including session identifiers
  • Reduces privacy and compliance risks when sharing data

Try It Yourself

Ready to implement IPCrypt in your own project? Check out our developer resources for guides, examples, and best practices.

For a hands-on experience, visit the interactive playground to experiment with different encryption modes and parameters.