高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

白盒SM4的分析与改进

张跃宇 徐东 陈杰

张跃宇, 徐东, 陈杰. 白盒SM4的分析与改进[J]. 电子与信息学报, 2022, 44(8): 2903-2913. doi: 10.11999/JEIT210556
引用本文: 张跃宇, 徐东, 陈杰. 白盒SM4的分析与改进[J]. 电子与信息学报, 2022, 44(8): 2903-2913. doi: 10.11999/JEIT210556
ZHANG Yueyu, XU Dong, CHEN Jie. Analysis and Improvement of White-box SM4 Implementation[J]. Journal of Electronics & Information Technology, 2022, 44(8): 2903-2913. doi: 10.11999/JEIT210556
Citation: ZHANG Yueyu, XU Dong, CHEN Jie. Analysis and Improvement of White-box SM4 Implementation[J]. Journal of Electronics & Information Technology, 2022, 44(8): 2903-2913. doi: 10.11999/JEIT210556

白盒SM4的分析与改进

doi: 10.11999/JEIT210556
基金项目: 十三五密码发展基金(MMJJ20180219),陕西省自然科学基础研究计划(2021JM-126),广西密码学与信息安全重点实验室研究课题(GCIS202125)
详细信息
    作者简介:

    张跃宇:男,1978年生,副教授,研究方向为信息安全与网络安全

    徐东:男,1997年生,硕士生,研究方向为白盒密码的安全性分析

    陈杰:女,1979年生,副教授,研究方向为密码算法的设计与分析

    通讯作者:

    陈杰 jchen@mail.xidian.edu.cn

  • 中图分类号: TN918.1

Analysis and Improvement of White-box SM4 Implementation

Funds: The National Cryptography Development Fund of China (MMJJ20180219), The Natural Science Basic Research Program of Shaanxi Province (2021JM-126), Guangxi Key Laboratory of Cryptography and Information Security (GCIS202125)
  • 摘要: 差分计算分析(DCA)是一种应用于白盒实现安全性分析的侧信道分析手段,其高效性在白盒高级数据加密标准(AES)的分析工作中已得到验证。该文针对白盒SM4方案提出一种类差分计算分析的自动化分析方法,该分析以白盒SM4方案中的查找表结果为分析对象,采用统计分析的方法提取密钥,称为中间值平均差分分析(IVMDA)。相比于已有的白盒SM4的分析方法,中间值平均差分分析所需要的条件更少,分析效率更高。在对白盒SM4方案进行成功分析后,该文提出一种软件对策以提高白盒SM4方案的安全性,该对策利用非线性部件对白盒方案中的中间状态进行混淆,消除中间状态与密钥之间的相关性。实验证明该对策可以有效抵抗中间值平均差分分析。
  • 图  1  肖-来白盒SM4的一轮计算过程

    图  2  肖-来白盒SM4的中间值平均差分分析结果

    图  3  包含混淆操作的查找表

    图  4  异或表与编码过程

    图  5  查找表与部分仿射编码的组合

    图  6  WBSM4-NC方案的中间值平均差分分析结果

    图  7  4bit版本的WBSM4-NC方案的中间值平均差分分析结果

    表  1  白盒实现方案的安全性对比

    方案BGE分析[3]林婷婷等人的分析[17]潘文伦等人的分析[20]IVMDA
    肖-来白盒SM4[16]24761200×232×
    8 bit-WBSM4-NC
    白-武白盒SM4[19]61200×2128
    WSISE算法[21]25161200×232
    下载: 导出CSV

    表  2  白盒实现方案的内存效率对比

    方案空间大小(kB)非线性部件长度(bit)查找表个数异或次数线性/仿射变换个数
    肖-来白盒SM4[16]148.62512819232 bit160
    Luo-Lai-You白盒AES[26]2844447776
    8bit-WBSM4-NC24848.5864019232 bit128
    白-武白盒SM4[19]3328064064032 bit
    4bit-WBSM4-NC208.54115232032 bit128
    WSISE算法[21]276.6251289632 bit+9664 bit160
    下载: 导出CSV
  • [1] CHOW S, EISEN P, JOHNSON H, et al. White-box cryptography and an AES implementation[C]. The 9th International Workshop on Selected Areas in Cryptography, Newfoundland, Canada, 2002: 250–270. doi: 10.1007/3-540-36492-7_17.
    [2] CHOW S, EISEN P, JOHNSON H, et al. A white-box DES implementation for DRM applications[C]. ACM Workshop on Digital Rights Management, Washington, USA, 2002: 1–15. doi: 10.1007/978-3-540-44993-5_1.
    [3] BILLET O, GILBERT H, and ECH-CHATBI C. Cryptanalysis of a white box AES implementation[C]. International Workshop on Selected Areas in Cryptography, Waterloo, Canada, 2004: 227–240. doi: 10.1007/978-3-540-30564-4_16.
    [4] MICHIELS W, GORISSEN P, and HOLLMANN H D L. Cryptanalysis of a generic class of white-box implementations[C]. 15th International Workshop on Selected Areas in Cryptography, Sackville, Canada, 2008: 414–428. doi: 10.1007/978-3-642-04159-4_27.
    [5] BOS J W, HUBAIN C, MICHIELS W, et al. Differential computation analysis: Hiding your white-box designs is not enough[C]. The 18th International Conference on Cryptographic Hardware and Embedded Systems, Santa Barbara, Canada, 2016: 215–236. doi: 10.1007/978-3-662-53140-2_11.
    [6] KOCHER P, JAFFE J, JUN B, et al. Introduction to differential power analysis[J]. Journal of Cryptographic Engineering, 2011, 1(1): 5–27. doi: 10.1007/s13389-011-0006-y
    [7] BIRYUKOV A and UDOVENKO A. Attacks and countermeasures for white-box designs[C]. The 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, Australia, 2018: 373–402. doi: 10.1007/978-3-030-03329-3_13.
    [8] BOCK E A, BRZUSKA C, MICHIELS W, et al. On the ineffectiveness of internal encodings - revisiting the DCA attack on white-box cryptography[C]. The 16th International Conference on Applied Cryptography and Network Security, Leuven, Belgium, 2018: 103–120. doi: 10.1007/978-3-319-93387-0_6.
    [9] BREUNESSE C B, KIZHVATOV I, MUIJRERS R, et al. Towards fully automated analysis of whiteboxes: Perfect dimensionality reduction for perfect leakage[EB/OL]. https://eprint.iacr.org/2018/095, 2018.
    [10] RIVAIN M and WANG Junwei. Analysis and improvement of differential computation attacks against internally-encoded white-box implementations[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019, 2019(2): 225–255. doi: 10.13154/tches.v2019.i2.225-255
    [11] BOGDANOV A, RIVAIN M, VEJRE P S, et al. Higher-order DCA against standard side-channel countermeasures[C]. The 10th International Workshop on Constructive Side-Channel Analysis and Secure Design, Darmstadt, Germany, 2019: 118–141. doi: 10.1007/978-3-030-16350-1_8.
    [12] LEE S, KIM T, and KANG Y. A masked white-box cryptographic implementation for protecting against differential computation analysis[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(10): 2602–2615. doi: 10.1109/TIFS.2018.2825939
    [13] BANIK S, BOGDANOV A, ISOBE T, et al. Analysis of software countermeasures for whitebox encryption[J]. IACR Transactions on Symmetric Cryptology, 2017, 2017(1): 307–328. doi: 10.13154/tosc.v2017.i1.307-328
    [14] LEE S and KIM M. Improvement on a masked white-box cryptographic implementation[J]. IEEE Access, 2020, 8: 90992–91004. doi: 10.1109/ACCESS.2020.2993651
    [15] 中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32907-2016 信息安全技术 SM4分组密码算法[S]. 北京: 中国标准出版社, 2006.

    General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China. GB/T 32907-2016 Information security technology—SM4 block cipher algorithm[S]. Beijing: Standards Press of China, 2016.
    [16] 肖雅莹, 来学嘉. 白盒密码及SMS4算法的白盒实现[C]. 中国密码学会2009年会论文集, 广州, 2009: 24−34.

    XIAO Yaying and LAI Xuejia. White-Box cryptography and implementations of SMS4[C]. Proc. of the 2009 CACR Annual Meeting, Guangzhou, China, 2009: 24−34.
    [17] 林婷婷, 来学嘉. 对白盒SMS4实现的一种有效攻击[J]. 软件学报, 2013, 24(9): 2238–2249. doi: 10.3724/SP.J.1001.2013.04356

    LIN Tingting and LAI Xuejia. Efficient attack to white-box SMS4 implementation[J]. Journal of Software, 2013, 24(9): 2238–2249. doi: 10.3724/SP.J.1001.2013.04356
    [18] SHI Yang, WEI Wujing, and HE Zongjian. A lightweight white-box symmetric encryption algorithm against node capture for WSNs[J]. Sensors, 2015, 15(5): 11928–11952. doi: 10.3390/s150511928
    [19] BAI Kunpeng and WU Chuankun. A secure white-box SM4 implementation[J]. Security and Communication Networks, 2016, 9(10): 996–1006. doi: 10.1002/sec.1394
    [20] 潘文伦, 秦体红, 贾音, 等. 对两个SM4白盒方案的分析[J]. 密码学报, 2018, 5(6): 651–670. doi: 10.13868/j.cnki.jcr.000274

    PAN Wenlun, QIN Tihong, JIA Yin, et al. Cryptanalysis of two white-box SM4 implementations[J]. Journal of Cryptologic Research, 2018, 5(6): 651–670. doi: 10.13868/j.cnki.jcr.000274
    [21] 姚思, 陈杰. SM4算法的一种新型白盒实现[J]. 密码学报, 2020, 7(3): 358–374. doi: 10.13868/j.cnki.jcr.000373

    YAO Si and CHEN Jie. A new method for white-box implementation of SM4 algorithm[J]. Journal of Cryptologic Research, 2020, 7(3): 358–374. doi: 10.13868/j.cnki.jcr.000373
    [22] AHN H and HAN D G. Multilateral white-box cryptanalysis: Case study on WB-AES of CHES challenge 2016[EB/OL]. https://eprint.iacr.org/2016/807, 2016.
    [23] BOCK E A, BOS J W, BRZUSKA C, et al. White-box cryptography: Don’t forget about grey-box attacks[J]. Journal of Cryptology, 2019, 32(4): 1095–1143. doi: 10.1007/s00145-019-09315-1
    [24] LUK C K, COHN R, MUTH R, et al. Pin: Building customized program analysis tools with dynamic instrumentation[J]. ACM SIGPLAN Notices, 2005, 40(6): 190–200. doi: 10.1145/1064978.1065034
    [25] NETHERCOTE N and SEWARD J. Valgrind: A framework for heavyweight dynamic binary instrumentation[C]. The 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, San Diego, USA, 2007: 89–100. doi: 10.1145/1250734.1250746.
    [26] LUO Rui, LAI Xuejia, and YOU Rong. A new attempt of white-box AES implementation[C]. 2014 IEEE International Conference on Security, Pattern Analysis, and Cybernetics (SPAC), Wuhan, China, 2014: 423–429. doi: 10.1109/SPAC.2014.6982727.
  • 加载中
图(7) / 表(2)
计量
  • 文章访问数:  1592
  • HTML全文浏览量:  1274
  • PDF下载量:  226
  • 被引次数: 0
出版历程
  • 收稿日期:  2021-06-10
  • 修回日期:  2021-09-20
  • 网络出版日期:  2021-09-29
  • 刊出日期:  2022-08-17

目录

    /

    返回文章
    返回