The Research And Analysis On White-box Cryptography

The white-box attack environment,also known as the white-box attack model,is a theoretical model proposed to solve the threat that the application runs on untrusted terminals.The white-box attack model defines a more extreme attack environment that assumes that the encryption software runs on an insecure terminal,and that the attacker has full access to the encryption algorithm and associated execution environment,gaining observation and changing all or part of the internal details of these implementations and the ability to perform dynamics,the attacker can even change the intermediate value,or encryption logic.A encryption algorithm that is resistant to white-box attacks is called a white-box cryptography.The initial goal of white-box cryptography is to prevent key extraction attacks and protect keys.The main research contents of this paper include:1)White-box cryptography of theoretical basis,theoretical basis,design method,security evaluation,application scenarios and other related white-box knowledge.There are three ways to design white-box cryptography.This paper mainly studies the white-box implementation of lookup tables.The white box implementation of the lookup table method implements encryption and decryption by looking up the table.White-box diversity and white-box ambiguity are used to measure the security of lookup tables construction,while differential analysis and algebra analysis are two common ways to evaluate the security of white box schemes when looking up table combinations.Therefore,the design of white box scheme should not only consider whether the constructed lookup table will disclose the key information,but also consider whether the overall scheme can guarantee that the key is not recovered.2)Design a new WBAES.Through the understanding of many white-box schemes and white-box attacks,a new white-box AES implementation scheme is proposed,which discards all nonlinear codes and introduces a 128-bit affine transform as a round-output encoding.There are 3 types of lookup tables in each round.The encoding of the internal median value of the round uses a complex encoding method similar to the white box SM4 of Bai Yupeng et al.,in which half of the lookup table uses one output encoding(ignoring the difference of affine constants)and the other half uses another output encoding,so that the large affine coding is not offset in the combination of the lookup table.3)Through the analysis of the newly proposed WBAES,we proposed the second WBAES.The two types used as encryption in the new scheme are combined into one,and a kind of table F is constructed to finish the round function of AES.The output encoding of lookup table De is adopted in a more complex form,making the output encoding of 16 De tables in a round different.After various performance analysis,we found that scheme 2 has a larger advantage than the existing scheme,but the size is larger.Through the analysis of diversity and ambiguity,we find that the configuration of the lookup table of scheme 2 is safe.Through the security analysis of lookup table combination,we find that scheme 2 has better security when faced with algebraic analysis,such as BGE and MGH.Compared with the Bai-Wu scheme,Scheme 2 can provide better security.At the same time,using the analysis similar to Wenlun Pan et al.,based on the differential analysis method,we propose an effective analysis method for Bai-Wu and Scheme 2.,it can quickly extract the key of the white-box implementation.Through the analysis of the white box implementation of this complex coding method,we find that this coding method has better security in the face of algebraic analysis,and its security is not ideal when faced with differential analysis.