ipcrypt-std
diff --git a/‎www/Gemfile.lock‎
Lines changed: 6 additions & 6 deletions b/‎www/Gemfile.lock‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎www/pages/about.md‎
Lines changed: 11 additions & 3 deletions b/‎www/pages/about.md‎
Lines changed: 11 additions & 3 deletions
@@ -24,7 +24,7 @@ GEM
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
-    ethon (0.16.0)
+    ethon (0.15.0)
       ffi (>= 1.15.0)
     eventmachine (1.2.7)
     execjs (2.10.0)
@@ -211,7 +211,7 @@ GEM
       rb-inotify (~> 0.9, >= 0.9.10)
     logger (1.6.6)
     mercenary (0.3.6)
-    mini_portile2 (2.8.8)
+    mini_portile2 (2.8.9)
     minima (2.5.1)
       jekyll (>= 3.5, < 5.0)
       jekyll-feed (~> 0.9)
@@ -230,7 +230,7 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rexml (3.4.1)
+    rexml (3.4.3)
     rouge (3.30.0)
     ruby2_keywords (0.0.5)
     rubyzip (2.4.1)
@@ -246,8 +246,8 @@ GEM
     simpleidn (0.2.3)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
-    typhoeus (1.4.1)
-      ethon (>= 0.9.0)
+    typhoeus (1.5.0)
+      ethon (>= 0.9.0, < 0.16.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (1.8.0)
@@ -267,4 +267,4 @@ DEPENDENCIES
   webrick (~> 1.8)
 
 BUNDLED WITH
-   2.5.0
+   1.17.2
@@ -50,12 +50,13 @@ IPCrypt resolves these conflicts through purpose-built cryptographic techniques
 
 IPCrypt operates by converting IP addresses to a 16-byte representation and then applying cryptographic operations:
 
-1. **IP Address Conversion**: Both IPv4 and IPv6 addresses are converted to a standard 16-byte format
-2. **Encryption**: The 16-byte representation is encrypted using one of three modes:
+1. **IP Address Conversion**: Both IPv4 and IPv6 addresses are converted to a standard 16-byte format (except for ipcrypt-pfx which maintains native sizes)
+2. **Encryption**: The address is encrypted using one of four modes:
    - **ipcrypt-deterministic**: Using AES-128 as a single-block operation
+   - **ipcrypt-pfx**: Using dual AES-128 for prefix-preserving encryption
    - **ipcrypt-nd**: Using KIASU-BC with an 8-byte tweak
    - **ipcrypt-ndx**: Using AES-XTS with a 16-byte tweak
-3. **Output**: Deterministic produces 16 bytes, nd produces 24 bytes (16 + 8 tweak), ndx produces 32 bytes (16 + 16 tweak)
+3. **Output**: Deterministic produces 16 bytes, pfx maintains native sizes (4 bytes for IPv4, 16 for IPv6), nd produces 24 bytes (16 + 8 tweak), ndx produces 32 bytes (16 + 16 tweak)
 
 ## Encryption Modes Explained
 
@@ -66,6 +67,13 @@ IPCrypt operates by converting IP addresses to a 16-byte representation and then
 - Same IP always produces same ciphertext (allows correlation but enables duplicate detection)
 - Choose when duplicate identification is needed or format preservation is critical
 
+### ipcrypt-pfx
+
+- Uses dual AES-128 for bit-by-bit prefix-preserving encryption
+- Maintains native address sizes (4 bytes for IPv4, 16 bytes for IPv6)
+- Preserves network structure - addresses from same subnet share encrypted prefixes
+- Choose when network-level analytics are needed while protecting actual network identities
+
 ### ipcrypt-nd
 
 - Uses the KIASU-BC tweakable block cipher with an 8-byte tweak