Add uuidv7_encrypt() and uuidv7_decrypt() functions

These functions can be used to prevent leaking the timestamp from UUID-v7
values. The UUID-v7 parts holding the timestamp are encrypted and
a UUID-v4 or v8 is produced from the result.
The encrypted values are not meant to be stored and looked up; they
are simply different representations of the inputs.
They're meant to be passed to uuidv7_decrypt() to find back the original
values.

Author: dverite

LICENSE.md

@@ -1,6 +1,6 @@
 # Copyright and License
 
-Copyright (c) 2024, Daniel Vérité
+Copyright (c) 2024-2025, Daniel Vérité
 
 Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies.
 

Makefile

@@ -1,5 +1,5 @@
 EXTENSION = uuidv7-sql
-EXTVERSION = 1.0
+EXTVERSION = 1.1
 PG_CONFIG = pg_config
 
 DATA = $(wildcard sql/*.sql)

README.md

@@ -3,7 +3,7 @@ Pure SQL functions to use UUIDs v7 in PostgreSQL.
 
 The functions are packaged as an extension ("uuidv7-sql")
 for convenience, but they may also be created individually
-by sourcing all or parts of the [creation script](sql/uuidv7-sql--1.0.sql).
+by sourcing all or parts of the [creation scripts](sql/).
 
 ## Extension installation
 The Makefile uses the [PGXS infrastructure](https://www.postgresql.org/docs/current/static/extend-pgxs.html)
@@ -43,3 +43,9 @@ Extract the timestamp with millisecond precision from the given UUID v7 value.
 
 ### `uuidv7_boundary(timestamptz) -> uuid`
 Generate a non-random uuidv7 with the given timestamp (first 48 bits) and all random bits to 0. As the smallest possible uuidv7 for that timestamp, it may be used as a boundary for tables partitioned by ranges of UUID.
+
+### `uuidv7_encrypt(input uuid, bytea crypt_key, [uuid_ver int]) -> uuid`
+Transform a UUID-v7 value into an equivalent UUID-v4 or UUID-v8 (passing 4 or 8 in `uuid_ver`) that does not leak the timestamp. The bit fields `unix_ts_ms` + `rand_a` + 4 more bits (total: 64 bits) from the UUID-v7 value are encrypted  with an [XTEA cipher](https://en.wikipedia.org/wiki/XTEA). The 16-byte `crypt_key` parameter is the encryption key.
+
+### `uuidv7_decrypt(input uuid, bytea crypt_key) -> uuid`
+Decrypt a UUID (either v4 or v8) produced by `uuidv7_encrypt()` with the same `crypt_key`.

sql/uuidv7-sql--1.0--1.1.sql

@@ -0,0 +1,144 @@
+-- \echo Use "ALTER EXTENSION "uuidv7-sql" UPDATE TO '1.1'" to load this file. \quit
+
+/*
+ Transform a UUID-v7 value into an equivalent UUID-v4 or UUID-v8 (passing
+ 4 or 8 in "uuid_ver"), that does not reveal the timestamp.
+ The fields unix_ts_ms + rand_a + 4 more bits (to reach 64 bits) are encrypted
+ with an XTEA cipher. The 16-byte "crypt_key" parameter is the encryption key.
+*/
+CREATE FUNCTION uuidv7_encrypt(input uuid, crypt_key bytea, uuid_ver int default 4)
+RETURNS uuid
+SET bytea_output to 'hex'
+AS $$
+DECLARE
+ key128 int8[4];
+ uuid_parts int8;
+ v0 int8;
+ v1 int8;
+ f_sum int8:=0;
+ uuid_bits bit(128);
+ r1 int8;
+ r2 int8;
+ rounds constant int:=32;
+BEGIN
+  IF octet_length(crypt_key)<>16 THEN
+    raise exception 'Encryption key must be 16 bytes long';
+  END IF;
+  /* transfer encryption key into 4x32 bits */
+  FOR i IN 1..4 LOOP
+    key128[i] = right(substring(crypt_key from 1+(i-1)*4 for 4)::text,-1)::bit(32)::int8;
+  END LOOP;
+
+  uuid_bits = right(uuid_send(input)::text, -1)::bit(128); -- convert \x... to x...
+
+  /* Extract and concatenate the UUID-v7 bit fields to encrypt:
+     unix_t + 4 arbitrary bits from rand_b + rand_a */
+  uuid_parts := (substring(uuid_bits from 1 for 48) ||
+                 substring(uuid_bits from 93 for 4) ||
+                 substring(uuid_bits from 53 for 12)
+	         )::bit(64)::int8;
+
+  /* encrypt this 64-bit number with an XTEA Feistel network */
+  v0 := (uuid_parts>>32)&4294967295;
+  v1 := uuid_parts&4294967295;
+
+  FOR i in 1..rounds LOOP
+    v0 := (v0 + ((
+	   ((v1<<4)&4294967295 # (v1>>5))
+	     + v1)&4294967295
+		 #
+		 (f_sum + key128[1+(f_sum&3)])&4294967295
+		 ))&4294967295;
+    f_sum := (f_sum + 2654435769) & 4294967295;
+    v1 := (v1 + ((
+	   ((v0<<4)&4294967295 # (v0>>5))
+	     + v0)&4294967295
+		#
+		(f_sum + key128[1+((f_sum>>11)&3)])&4294967295
+		))&4294967295;
+  END LOOP;  /* encrypted value at the end = v0<<32 + v1 */
+
+  /* Place the bit fields into their final positions */
+  r1 := (v0::bit(32) || (v1>>16)::bit(16) || uuid_ver::bit(4) || (v1&4095)::bit(12))::bit(64)::int8;
+  r2 := (substring(uuid_bits from 65 for 28) || substring(v1::bit(32) from 17 for 4)
+    || substring(uuid_bits from 97 for 32))::bit(64)::int8;
+
+  RETURN encode(int8send(r1) || int8send(r2), 'hex')::uuid;
+END
+$$ LANGUAGE plpgsql strict immutable;
+
+COMMENT ON FUNCTION uuidv7_encrypt(uuid, bytea, int)
+IS 'Encrypt a UUID-v7 into an equivalent UUID-v4 or UUID-v8 with an XTEA block cipher';
+
+
+
+/*
+ Transform a UUID encrypted by encrypt_uuidv7() back to the original
+ UUID-v7 value.
+ "crypt_key" must be the same 16-byte key that was used to encrypt.
+*/
+CREATE FUNCTION uuidv7_decrypt(input uuid, crypt_key bytea)
+RETURNS uuid
+SET bytea_output to 'hex'
+AS $$
+DECLARE
+ key128 int8[4];
+ uuid_parts int8;
+ v0 int8;
+ v1 int8;
+ uuid_bits bit(128);
+ r1 int8;
+ r2 int8;
+ rounds constant int:=32;
+ f_sum int8 := (2654435769 * rounds)&4294967295;
+BEGIN
+  IF octet_length(crypt_key)<>16 THEN
+    raise exception 'Encryption key must be 16 bytes long';
+  END IF;
+  /* transfer encryption key into 4x32 bits */
+  FOR i IN 1..4 LOOP
+    key128[i] = right(substring(crypt_key from 1+(i-1)*4 for 4)::text,-1)::bit(32)::int8;
+  END LOOP;
+
+  uuid_bits = right(uuid_send(input)::text, -1)::bit(128);
+
+  /* Extract and concatenate the UUID-v4 bit fields to decrypt:
+     random_a + 4 bits from random_c + random_b  */
+  uuid_parts := (substring(uuid_bits from 1 for 48) ||
+		 substring(uuid_bits from 93 for 4) ||
+		 substring(uuid_bits from 53 for 12)
+	         )::bit(64)::int8;
+
+  /* decrypt this 64-bit number with an XTEA Feistel network */
+  v0 := (uuid_parts>>32)&4294967295;
+  v1 := uuid_parts&4294967295;
+  FOR i in 1..32 LOOP
+    v1 := (v1 - ((
+	      ((v0<<4)&4294967295 # (v0>>5))
+		  + v0)&4294967295
+		  #
+		  (f_sum + key128[1+((f_sum>>11)&3)])&4294967295
+		  ))&4294967295;
+
+    f_sum := (f_sum - 2654435769)& 4294967295;
+
+    v0 := (v0 - ((
+	     ((v1<<4)&4294967295 # (v1>>5))
+	       + v1)&4294967295
+		   #
+		   (f_sum + key128[1+(f_sum&3)])&4294967295
+		   ))&4294967295;
+   END LOOP;
+
+  /* Place the bit fields into their final positions, and set version to 7 */
+  r1 := (v0::bit(32) || (v1>>16)::bit(16) || '0111'::bit(4) || (v1&4095)::bit(12))::bit(64)::int8;
+  r2 := (substring(uuid_bits from 65 for 28) || substring(v1::bit(32) from 17 for 4)
+    || substring(uuid_bits from 97 for 32))::bit(64)::int8;
+
+  RETURN encode(int8send(r1) || int8send(r2), 'hex')::uuid;
+END
+$$ LANGUAGE plpgsql strict immutable;
+
+COMMENT ON FUNCTION uuidv7_decrypt(uuid, bytea)
+IS 'Decrypt a UUID produced by uuidv7_encrypt()'
+

uuidv7-sql.control

@@ -1,5 +1,5 @@
 # uuidv7-sql extension
 comment = 'Pure SQL functions to handle UUIDs version 7 (see RFC 9562)'
-default_version = '1.0'
+default_version = '1.1'
 relocatable = true
 superuser = false