In our web service, we use UUIDv7 as the primary key for resources, where the first 48 bits represent a timestamp. Some users are alarmed by the repetitive first segment, as they are accustomed to completely random UUIDv4s. To address this, we decided to use AES with a 128-bit key to transform the UUIDv7s into a more random-appearing form.
Is it secure to use AES for this purpose, assuming we use the same key for all encryptions? Specifically, for every unique UUIDv7, will there be a unique encrypted UUID, and viceversa?
I'm guessing your plan is to encrypt the key, send it to the client, receive it from the client, decrypt it again, and do database lookups on that.
That works.
Anything else loses the advantage of UUIDv7 in the first place.
As pointed out in comments, there's an information-theoretic proof that AES in ECB mode provides a transform that always works here. The cipher can probably be broken if the attacker knows it's UUIDv7 so don't rely on this for true security. Assume your keys are still guessable.
Guessable keys isn't a real problem in most designs. If you got your security right in the first place rather than assuming he who has a key to a thing has access to a thing, you don't get security problems from guessable keys.