自等价编码与白盒实现方案的改进

doi:10.19665/j.issn1001-2400.2022.02.017

西安电子科技大学学报 ›› 2022, Vol. 49 ›› Issue (2): 146-154.doi: 10.19665/j.issn1001-2400.2022.02.017

• 计算机科学与技术 & 网络空间安全 • 上一篇下一篇

自等价编码与白盒实现方案的改进

罗一诺¹(),童鹏²(),陈杰^1,³(),董晓丽³()

1.西安电子科技大学综合业务网理论与关键技术国家重点实验室,陕西西安 710071
2.西安电子科技大学网络与信息安全学院,陕西西安 710071
3.桂林电子科技大学广西密码学与信息安全重点实验室,广西壮族自治区桂林 541004

收稿日期:2021-05-19 出版日期:2022-04-20 发布日期:2022-05-31
作者简介:罗一诺(1998—),女,西安电子科技大学硕士研究生,E-mail: luoyinuo1998@163.com;|童鹏(1996—),男,西安电子科技大学硕士研究生,E-mail: 1796497751@qq.com;|陈杰(1979—),女,副教授,博士,E-mail: jchen@mail.xidian.edu.cn;|董晓丽(1982—),女,讲师,博士,E-mail: dxl_xaut@163.com
基金资助:
十三五密码发展基金(MMJJ20180219);陕西省自然科学基础研究计划(2021JM-126);广西密码学与信息安全重点实验室研究课题(GCIS202125);广西密码学与信息安全重点实验室研究课题(GCIS201923)

Self-equivalence encodings and improvements of white-box implementations

LUO Yinuo¹(),TONG Peng²(),CHEN Jie^1,³(),DONG Xiaoli³()

1. State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China
2. School of Cyber Engineering,Xidian University,Xi’an 710071,China
3. Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China

Received:2021-05-19 Online:2022-04-20 Published:2022-05-31

摘要/Abstract

摘要：

在白盒攻击环境下,攻击者不仅能访问密码算法的输入输出,还能获取算法的内部细节并控制终端。在此环境下,CHOW等人利用网络化编码构造查找表,将密钥嵌入查找表内,设计了AES和DES算法的白盒实现方案。基于自等价编码设计的密码算法白盒实现是一种新型的实现方式,RANEA等人利用S盒的自等价编码设计了一种针对代换-置换密码的白盒实现方案,其编码空间的大小完全依赖于密码的S盒自等价,并且安全性分析也表明该方案的适用范围有限。针对此情况,考虑了S盒的自等价对白盒实现安全性的影响,提出了两种改进方案,即通过对线性层添加自等价编码或对仿射层添加线性编码的方式来扩大白盒实现方案的编码空间。安全性分析表明,两种改进方案均能有效地抵抗RANEA等人方案的攻击,扩大了方案的使用范围。最后基于以上两种设计方案,构造了两种AES算法的白盒实现,并与RANEA等人的白盒AES方案进行了安全性对比。对比结果证明这两种改进方案均可以抵抗基于中心化子问题和非对称问题的归约攻击。

关键词: 白盒实现, 编码, 分组密码, 代换-置换网络密码

Abstract:

In the white box attack environment,the attacker can not only access the input and output of the cryptographic algorithms,but also obtain the internal details of the algorithms and control the terminal.In this environment,CHOW et al.constructed the look-up tables by using network encodings,embedded the key in the look-up tables,and designed the white-box implementation scheme for the AES algorithm and DES algorithm.The white-box implementation of the cryptographic algorithm based on self-equivalent encodings design is a new implementation method.RANEA et al.designed a white-box implementation scheme for substitution replacement cipher by using the self-equivalent encodings of the S-box.The size of encoding space completely depends on the S-box self-equivalence of the cipher,and the security analysis also shows that the application scope of this scheme is limited.In view of this situation,this paper considers the impact of self-equivalence of the S-box on the security of white-box implementation,and proposes two improved schemes for expanding the encoding space of the white-box implementation scheme by adding self-equivalence encodings to the linear layer or linear encodings to the affine layer.Security analysis shows that the two improved schemes can effectively resist the attacks from RANEAet al,and expand the application scope of the scheme.Finally,based on the above two design schemes,this paper constructs two white-box implementations of the AES algorithm,and compares the security with the white-box AES scheme of RANEA et al.The comparison results show that the two improved schemes can resist protocol attacks based on the centralization problem and asymmetric problem.

Key words: white-box implementation, encoding, block cipher, SPN cipher

中图分类号:

TN918.1

罗一诺,童鹏,陈杰,董晓丽. 自等价编码与白盒实现方案的改进[J]. 西安电子科技大学学报, 2022, 49(2): 146-154.

LUO Yinuo,TONG Peng,CHEN Jie,DONG Xiaoli. Self-equivalence encodings and improvements of white-box implementations[J]. Journal of Xidian University, 2022, 49(2): 146-154.

图/表 5

参考文献 25

[1]	CHOW S, EISEN P, JOHNSON H, et al. White-Box Cryptography and an AES Implementation[C]// International Workshop on Selected Areas in Cryptography.Heidelberg:Springer, 2003:250-270.
[2]	XIAO YY, LAI X J. A Secure Implementation of White-Box AES[C]// Proceeding of the 2009 2nd International Conference on Computer Science and Its Applications.Piscataway:IEEE, 2009:5404239.
[3]	LUO R, LAI X, YOU R. A New Attempt of White-Box AES Implementation[C]// Proceeding 2014 IEEE International Conference on Security,Pattern Analysis,and Cybernetics (SPAC).Piscataway:IEEE, 2014:423-429.
[4]	KARROUMI M. Protecting White-Box AES with Dual Ciphers[C]// International Conference on Information Security and Cryptology.Heidelberg:Springer, 2010:278-291.
[5]	BRINGER J, CHABANNE H, DOTTAX E. White Box Cryptography:Another Attempt (2006)[J/OL].[2006-12-11]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.661&rep=rep1&type=pdf.
[6]	XIAO Y, LAI X J. White-Box Cryptography and Implementation of AES and SMS4[C]// Proceedings of the 2009 China Crypt CACR Annual Meeting. Beijing: China Crypt, 2009:24-34.
[7]	姚思, 陈杰. SM4算法的一种新型白盒实现[J]. 密码学报, 2020, 7(3):358-374.
	YAO Si, CHEN Jie. A New Method for White-box Implementation of SM4 Algorithm[J]. Journal of Cryptologic Research, 2020, 7(3):358-374.
[8]	BAI K P, WU C K. A Secure White-Box SM4 Implementation[J]. Security and Communication Networks, 2016, 9(10):996-1006. doi: 10.1002/sec.1394
[9]	SU S, DONG H, FU G, et al. A White-Box CLEFIA Implementation for Mobile Devices[C]// 2014 Communications Security Conference.Piscataway:IEEE, 2014:0752.
[10]	姚思, 陈杰, 宫雅婷, 等. CLEFIA算法的一种新型白盒实现[J]. 西安电子科技大学学报, 2020, 47(5):150-158.
	YAO Si, CHEN Jie, GONG Yating, et al. A New Method for White-Box Implementation of CLEFIA Algorithm[J]. Journal of Xidian University, 2020, 47(5):150-158.
[11]	宫雅婷. 白盒CLEFIA算法的安全性分析与改进[D]. 西安: 西安电子科技大学, 2019.
[12]	MCMILLION B, SULLIVAN N. Attacking White-Box AES Constructions[C]// Proceedings of the 2016 ACM Workshop on Software Protection. New York: ACM, 2016:85-90.
[13]	RANEA A, PRENEEL B. On Self-Equivalence Encodings in White-Box Implementations (2020)[J/OL].[2020-12-30]. https://eprint.iacr.org/2020/1325.pdf.
[14]	王滨, 陈思, 陈加栋, 等. DWB-AES:基于AES的动态白盒实现方法[J]. 通信学报, 2021, 42(2):177-186.
	WANG Bin, CHEN Si, CHEN Jiadong, et al. DWB-AES:An Implementation of Dynamic White Box Based on AES[J]. Journal of Communications, 2021, 42(2):177-186.
[15]	BILLET O, GILBERT H, ECH-CHATBI C. Cryptanalysis of a WhiteBox AES Implementation[C]// International Workshop on Selected Areas in Cryptography.Heidelberg:Springer, 2004:227-240.
[16]	MICHIELS W, GORISSEN P, HOLLMANN H D. Cryptanalysis of a Generic Class of White-Box Implementations[C]// International Workshop on Selected Areas in Cryptography.Heidelberg:Springer, 2008:414-428.
[17]	MULDER Y D, ROELSE P, PRENEEL B. Cryptanalysis of the Xiao-Lai White-Box AES Implementation[C]// International Conference on Selected Areas in Cryptography.Heidelberg:Springer, 2013:34-49.
[18]	潘文伦, 秦体红, 贾音, 等. 对两个SM4白盒方案的分析[J]. 密码学报, 2018, 5(6):651-670.
	PAN Wenlun, QIN Tihong, JIA Yin, et al. Cryptanalysis of Two White-Box SM4 Implementations[J]. Journal of Cryptologic Research, 2018, 5(6):651-670.
[19]	BIRYUKOV A, UDOVENKO A. Dummy Shuffling Against Algebraic Attacks in White-Box Implementations[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 2021:219-248.
[20]	AMAORI A, MICHIELS W, ROELSE P. A DFA Attack on White-Box Implementations of AES with External Encodings[C]// International Conference on Selected Areas in Cryptography.Heidelberg:Springer, 2019:591-617.
[21]	BIRYUKOV A, BOUILLAGUET C, KHOVRATOVICH D. Cryptographic SchemesBased on the ASASA Structure:Black-Box,White-Box,and Public-Key[C]// International Conference on the Theory and Application of Cryptology and Information Security.Heidelberg:Springer, 2014:63-84.
[22]	BOGDANOV A, ISOBE T. White-Box Cryptography Revisited:Space-Hard Ciphers[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015:1058-1069.
[23]	SHI Y, WEI W, ZHANG F, et al. SDSRS:A Novel White-Box Cryptography Scheme for Securing Embedded Devices in IIoT[J]. IEEE Transactions on Industrial Informatics, 2020, 16(3):1602-1616. doi: 10.1109/TII.2019.2929431
[24]	SANDRA R. Design of White-Box Encryption Schemes for Mobile Applications Security[D]. Nancy & Metz:Université de Lorraine, 2020.
[25]	BIRYUKOV A, DE CANNIERE C, BRAEKEN A, et al. A Toolbox for Cryptanalysis:Linear and Affine Equivalence Algorithms[C]// International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 2003:33-50.

参数	原白盒AES^[13]	白盒AES的改进1	白盒AES的改进2
原分块编码空间	2 040	2^{1 033}	2⁷³
经中心化子问题归约	255	2^{1 033}	2⁷³
经非对称问题归约	\|(LSE(S)∩{M_α:0≠α∈GF(2⁸)})\|	2^{1 033}	2⁷³

自等价编码与白盒实现方案的改进

Self-equivalence encodings and improvements of white-box implementations

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 25

相关文章 15

Metrics

本文评价

推荐阅读 0

[1]	孔繁锵, 余圣杰, 王坤, 方煦, 吕志杰. 卷积循环神经网络的高光谱图像解混方法[J]. 西安电子科技大学学报, 2025, 52(1): 142-151.
[2]	栗琳轲, 陈杰, 刘君. 神经网络差分区分器的改进方案与应用[J]. 西安电子科技大学学报, 2025, 52(1): 196-214.
[3]	孙志, 王冠. 自监督对比学习的CNN-GRU语音情感识别算法[J]. 西安电子科技大学学报, 2024, 51(6): 182-193.
[4]	丁勇, 文能翔, 王海燕, 罗富财. 支持快速范围搜索的公钥可搜索加密方案[J]. 西安电子科技大学学报, 2024, 51(6): 204-214.
[5]	张铭津, 周楠, 李云松. 平滑交互式压缩网络的红外小目标检测算法[J]. 西安电子科技大学学报, 2024, 51(4): 1-14.
[6]	李雪莲, 陈卓皓. LowMC在BGV全同态加密环境下的噪声评估[J]. 西安电子科技大学学报, 2024, 51(3): 182-193.
[7]	衡红军, 喻龙威. 基于多尺度特征信息融合的时间序列异常检测[J]. 西安电子科技大学学报, 2024, 51(3): 203-214.
[8]	杨小雪, 陈杰. 几类密码算法的神经网络差分区分器的改进[J]. 西安电子科技大学学报, 2024, 51(1): 210-222.
[9]	樊婷,冯伟,韦永壮. 一种大状态轻量级密码S盒的设计与分析[J]. 西安电子科技大学学报, 2023, 50(4): 170-179.
[10]	郭网媚,刘丹丹,陈琦,高晶亮. 二元稀疏卷积纠删码[J]. 西安电子科技大学学报, 2023, 50(3): 112-121.
[11]	林霄,罗松,刘楠. 并行传输编码缓存问题研究[J]. 西安电子科技大学学报, 2023, 50(2): 11-22.
[12]	晏燕,董卓越,徐飞,冯涛. 一种Hilbert编码的本地化位置隐私保护方法[J]. 西安电子科技大学学报, 2023, 50(2): 147-160.
[13]	刘成玉, 张碧桂, 李钊. 一种采用松弛正交预编码的多址接入方法[J]. 西安电子科技大学学报, 2023, 50(1): 29-35.
[14]	张航宇, 张锐, 廖方圆, 李勇朝. 基于交叉熵的1位DAC大规模MIMO预编码方案[J]. 西安电子科技大学学报, 2022, 49(6): 1-8.
[15]	邬开俊, 梅源. VAE-Fuse:一种无监督的多聚焦融合模型[J]. 西安电子科技大学学报, 2022, 49(6): 129-138.