对一种白盒SM4方案的差分计算分析

doi:10.13328/j.cnki.jos.006543

微信服务号

微信订阅号

2025年6月1日 16:28 星期日

首页 > 过刊浏览>2023年第34卷第8期 >3891-3904. DOI:10.13328/j.cnki.jos.006543

PDF HTML阅读 XML下载导出引用引用提醒

对一种白盒SM4方案的差分计算分析
DOI:
                        10.13328/j.cnki.jos.006543
                    
CSTR:
                        
                    
作者:
                        原梓清原梓清
综合业务网理论及关键技术国家重点实验室(西安电子科技大学), 陕西 西安 710071
在期刊界中查找
在百度中查找
在本站中查找
陈杰陈杰
综合业务网理论及关键技术国家重点实验室(西安电子科技大学), 陕西 西安 710071;广西密码学与信息安全重点实验室(桂林电子科技大学), 广西 桂林 541004
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:原梓清(1996-),男,硕士生,主要研究领域为白盒密码的设计与安全性分析.;陈杰(1979-),女,博士,副教授,主要研究领域为密码算法的设计与安全性分析.
通讯作者:陈杰,E-mail:jchen@mail.xidian.edu.cn
中图分类号:TP309
基金项目:“十三五”国家密码发展基金(MMJJ20180219);陕西省自然科学基础研究计划(2021JM-126);广西密码学与信息安全重点实验室研究课题(GCIS202125)

Differential Computation Analysis of White-box SM4 Scheme

Author:

YUAN Zi-Qing
YUAN Zi-Qing
State Key Laboratory of Integrated Services Networks (Xidian University), Xian 710071, China
在期刊界中查找
在百度中查找
在本站中查找
CHEN Jie
CHEN Jie
State Key Laboratory of Integrated Services Networks (Xidian University), Xian 710071, China;Guangxi Key Laboratory of Cryptography and Information Security (Guilin University of Electronic Technology), Guilin 541004, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [26]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

传统密码算法的安全性建立在黑盒攻击模型下. 在这种攻击模型下, 攻击者只能获取密码算法的输入输出, 而无法得知密码算法运行时的内部细节. 近年来白盒攻击模型的概念被提出. 在白盒攻击模型下, 攻击者既可以获取密码算法的输入输出, 也可以直接观测或更改密码算法运行时的内部数据. 为保证已有密码算法在白盒攻击环境下的安全性, 在不改变其功能的基础上通过白盒密码技术对其进行重新设计被称为已有密码算法的白盒实现. 研究白盒实现方案的设计与分析对于解决数字版权管理问题具有重要意义. 近年来, 出现了一类针对白盒实现方案的旁信道分析方法. 这类分析手段只需要知道很少白盒实现方案的内部细节, 却可以提取到密钥, 因此是一类对现有白盒实现方案具有实际威胁的分析手段. 对现有白盒实现方案进行此类分析对于确保方案安全性具有重要现实意义. 此类分析方法中的典型代表是基于差分功耗分析原理的差分计算分析. 基于差分计算分析, 对白-武白盒SM4方案进行了安全性分析. 基于对GF(2)上n阶均匀随机可逆矩阵统计特征的研究结果, 提出了一种改进型差分计算分析(IDCA), 可以在分析成功率几乎不变的前提下显著提升分析效率. 结果表明, 白-武白盒SM4方案在面对差分计算分析时不能保证安全性, 必须对其进行进一步改进使之满足实际应用场景下的安全性需求.

关键词:白盒密码;白盒实现;SM4算法;旁信道分析;差分计算分析

Abstract:

The security of traditional cryptographic algorithms is based on the black-box attack model. In this attack model, the attacker can only obtain the input and output of the cryptographic algorithm, but not the internal details of the cryptographic algorithm. In recent years, the concept of white-box attack model has been proposed. In the white-box attack model, attackers can not only obtain the input and output of cryptographic algorithm, but also directly observe or change the internal data of cryptographic algorithm. In order to ensure the security of existing cryptographic algorithms under white-box attack environment, redesigning the existing cryptographic algorithms through white-box cryptography technology without changing their functions is called white-box implementation of existing cryptographic algorithms. It is of great significance to study the design and analysis of the white-box implementation scheme for solving the issue of digital rights management. In recent years, a kind of side channel analysis method for white-box implementation schemes has emerged. This kind of analysis method only needs to know a few internal details of white-box implementation schemes, then it can extract the key. Therefore, it is the analysis method with practical threat to the existing white-box implementation schemes. It is of great practical significance to analyze the existing white-box implementation schemes to ensure the security of the schemes. The typical representative of this kind of analysis method is the differential computation analysis (DCA) based on the principle of differential power analysis. This study analyzes the Bai-Wu white-box SM4 scheme based on DCA. Based on the research results of the statistical characteristics of n-order uniform random invertible matrix on GF(2), an improved DCA (IDCA) is proposed, which can significantly improve the analysis efficiency on the premise of almost constant success rate. The results also show that the Bai-Wu white-box SM4 scheme can not guarantee the security in the face of DCA, therefore, it must be further improved to meet the security requirements of practical scenarios.

Key words:white-box cryptography;white-box implementation;SM4 algorithm;side channel analysis;differential computation analysis (DCA)

参考文献

[1] Chow S, Eisen P, Johnson H, van Orschot PC. White-box cryptography and an AES implementation. In: Nyberg K, Heys H, eds. Proc. of the Int’l Workshop on Selected Areas in Cryptography. Berlin, Heidelberg: Springer, 2003. 250–270.

[2] Chow S, Eisen P, Johnson H, van Oorschot PC. A white-box DES implementation for DRM applications. In: Feigenbaum J, ed. Proc. of the ACM Workshop on Digital Rights Management. Berlin, Heidelberg: Springer, 2003. 1–15.

[3] 肖雅莹. 白盒密码及AES与SMS4算法的实现 [硕士学位论文]. 上海: 上海交通大学, 2010.

Xiao YY. White-box cryptography and implementations of AES and SMS4 [MS. Thesis]. Shanghai: Shanghai Jiao Tong University, 2010 (in Chinese with English abstract).

[4] Luo R, Lai XJ, You R. A new attempt of white-box AES implementation. In: Proc. of the 2014 IEEE Int’l Conf. on Security, Pattern Analysis, and Cybernetics (SPAC). Wuhan: IEEE, 2014. 423–429.

[5] Shi Y, Wei WJ, He ZJ. A lightweight white-box symmetric encryption algorithm against node capture for WSNs. Sensors, 2015, 15(5): 11928–11952. [doi: 10.3390/s150511928]

[6] Bai KP, Wu CK. A secure white-box SM4 implementation. Security and Communication Networks, 2016, 9(10): 996–1006. [doi: 10.1002/sec.1394]

[7] Bai KP, Wu CK, Zhang ZF. Protect white-box AES to resist table composition attacks. IET Information Security, 2018, 12(4): 305–313. [doi: 10.1049/iet-ifs.2017.0046]

[8] Billet O, Gilbert H, Ech-Chatbi C. Cryptanalysis of a white box AES implementation. In: Handschuh H, Hasan MA, eds. Proc. of the Int’l Workshop on Selected Areas in Cryptography. Berlin, Heidelberg: Springer, 2005. 227–240.

[9] Michiels W, Gorissen P, Hollmann HDL. Cryptanalysis of a generic class of white-box implementations. In: Avanzi RM, Keliher L, Sica F, eds. Proc. of the 2009 Int’l Workshop on Selected Areas in Cryptography. Berlin, Heidelberg: Springer, 2009. 414–428.

[10] De Mulder Y, Roelse P, Preneel B. Cryptanalysis of the Xiao-lai white-box AES implementation. In: Knudsen LR, Wu HP, eds. Proc. of the 2013 Int’l Workshop on Selected Areas in Cryptography. Berlin, Heidelberg: Springer, 2013. 34–49.

[11] 林婷婷, 来学嘉. 白盒密码研究. 密码学报, 2015, 2(3): 258–267. [doi: 10.13868/j.cnki.jcr.000077]

Lin TT, Lai XJ. Research on White-box cryptography. Journal of Cryptologic Research, 2015, 2(3): 258–267 (in Chinese with English abstract). [doi: 10.13868/j.cnki.jcr.000077]

[12] Bos JW, Hubain C, Michiels W, Teuwen P. Differential computation analysis: Hiding your white-box designs is not enough. In: Gierlichs B, Poschmann AY, eds. Proc. of the Int’l Conf. on Cryptographic Hardware and Embedded Systems. Berlin, Heidelberg: Springer, 2016. 215–236.

[13] Bock EA, Bos JW, Brzuska C, Hubain C, Michiels W, Mune C, Gonzalez ES, Teuwen P, Treff A. White-box cryptography: Don't forget about grey-box attacks. Journal of Cryptology, 2019, 32(4): 1095–1143. [doi: 10.1007/s00145-019-09315-1]

[14] Bock EA, Brzuska C, Michiels W, Treff A. On the ineffectiveness of internal encodings—Revisiting the DCA attack on white-box cryptography. In: Preneel B, Vercauteren F, eds. Proc. of the Int’l Conf. on Applied Cryptography and Network Security. Cham: Springer, 2018. 103–120.

[15] Breunesse CB, Kizhvatov I, Muijrers R, Spruyt A. Towards fully automated analysis of whiteboxes: Perfect dimensionality reduction for perfect leakage. Cryptology ePrint Archive, Report 2018/095, 2018.

[16] Banik S, Bogdanov A, Isobe T, Jepsen M. Analysis of software countermeasures for whitebox encryption. IACR Transactions on Symmetric Cryptology, 2017, 3(8): 307–328. [doi: 10.13154/tosc.v2017.i1.307-328]

[17] Biryukov A, Udovenko A. Attacks and countermeasures for white-box designs. In: Peyri T, Galbraith S, eds. Proc. of the Int’l Conf. on the Theory and Application of Cryptology and Information Security. Cham: Springer, 2018. 373–402.

[18] Bogdanov A, Rivain M, Vejre PS, Wang JW. Higher-order DCA against standard side-channel countermeasures. In: Polian I, Stöttinger M, eds. Proc. of the Int’l Workshop on Constructive Side-channel Analysis and Secure Design. Cham: Springer, 2019. 118–141.

[19] Lee S, Kim M. Improvement on a masked White-Box cryptographic implementation. IEEE Access, 2020, 8: 90992–91004. [doi: 10.1109/access.2020.2993651]

[20] Biryukov A, Udovenko A. Dummy shuffling against algebraic attacks in white-box implementations. In: Canteaut A, Standaert FX, eds. Proc. of the Annual Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Cham: Springer, 2021. 219–248.

[21] 中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32907-2016 信息安全技术SM4分组密码算法. 北京: 中国标准出版社, 2017.

General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China, Standardization Admini-stration. GB/T 32907-2016 Information security technology—SM4 block cipher algorithm. Beijing: China Standards Press, 2017 (in Chinese with English abstract).

[22] 潘文伦, 秦体红, 贾音, 张立廷. 对两个SM4白盒方案的分析. 密码学报, 2018, 5(6): 651–671. [doi: 10.13868/j.cnki.jcr.000274]

Pan WL, Qin TH, Jia Y, Zhang LT. Cryptanalysis of two white-box SM4 implementations. Journal of Cryptologic Research, 2018, 5(6): 651–671 (in Chinese with English abstract). [doi: 10.13868/j.cnki.jcr.000274]

引用本文

原梓清,陈杰.对一种白盒SM4方案的差分计算分析.软件学报,2023,34(8):3891-3904

复制

文章指标

点击次数:1011
下载次数: 2812
HTML阅读次数: 1941
引用次数: 0

历史

收稿日期:2021-07-05
最后修改日期:2021-08-26
录用日期:
在线发布日期: 2022-09-23
出版日期: 2023-08-06

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码