Design,Analysis,and Application Of White-Box Block Cipher

Cryptography aims for secure communication between communicating parties in insecure channels.Traditionally,the design and analysis of cryptographic schemes consider blackbox attack context,under which the cryptographic algorithms are assumed to be executed in trusted end-points,and the adversary can only obtain the external inputs and outputs of the algorithms.Whereas,in the wake of the popularization of cryptography in the real world,this model reveals its limitation gradually.The emergences of grey-box and even white-box attacks promoted the cryptography community to study a stronger attack context,namely the white-box attack context,also termed as the white-box model.This model assumes that an adversary has total visibility of and full control over a cipher’s implementation.Naturally,white-box cryptography refers to the field that targets secure cryptographic primitives and implementations under the white-box model.In the light of its decent depiction of real-world attacks,white-box cryptography has attracted extensive attention since its introduction.The functionality of white-box cryptography can be interpreted as obfuscation of particular functions,thus making it vastly demanded in scenarios including digital rights management,mobile payment,and wireless sensor networks,to name a few.At present,the research of white-box cryptography mainly includes two directions: whitebox implementations of existing cryptographic algorithms and new white-box cryptographic algorithms.Among them,new white-box algorithms mainly aim at block ciphers.Compared with white-box implementations of existing cryptographic algorithms,new white-box block ciphers possess higher flexibility and platform interoperability,and hence have been widely studied in recent years,resulting in fruitful achievements.However,there are still many limitations or problems in the current research.For example,there exists a gap between provably secure and highly efficient white-box block ciphers,since proposals with high security cannot meet the efficiency requirements of realistic scenarios.Besides,the security analysis of several white-box block ciphers is rough,and hence refined and in-depth research is required.Moreover,the existing white-box block ciphers are unable to satisfy advanced security requirements of some scenarios,thus hindering their application.In view of these circumstances,this thesis conducts research on white-box block cipher and obtains the following contributions.(1)In terms of design,efficient white-box block cipher WARX is proposed.This design is based on ‘addition-rotation-xor’ primitives as well as random maximal distance separable matrices.WARX achieves the security against key recovery under the black-box model and fulfills the resistance against key extraction as well as code lifting under the white-box model.Concretely,the code lifting resistance is quantitatively evaluated by space hardness metrics under the nonlinear layer compression attack,linear layer compression attack,cipher compression attack,and hybrid compression attack.The implementation efficiency of WARX under both black-and white-box models is superior to the representative white-box block ciphers SPNbox-16 and WEM-16.In addition,the storage cost of WARX is low.This work displays the excellent performance of ‘addition-rotation-xor’ primitives and reveals that a random linear layer can effectively break the bottleneck limiting the efficiency improvement of white-box ciphers.(2)In the respect of analysis,improved black-box key recovery attacks on reduced-round white-box block cipher WEM-8 are proposed.These attacks employ the weak properties of WEM-8,including the all-zero master key in the permutation layers and particular features of the Mix Column matrix,such that the intermediate states retain a special integral property,namely the constant property.Building upon this property,a system of homogeneous linear equations is established,from which the equivalent key is obtained by calculation.Compared to the previous key recovery attacks on reduced-round WEM-8,the improved attacks possess lower data,time,and memory complexities.The experiments indicate the validity of the attacks.This work reveals the influence of the weak properties of WEM-8 on the constant integral property and its effectiveness in improving key recovery attacks.(3)In the respect of analysis,black-box integral cryptanalysis on reduced-round SPNbox,a family of white-box block ciphers,is proposed.The attacks take advantage of a particular characteristic of the matrix in the linear layer to construct a novel low-round integral distinguisher.The constant property is then utilized to establish a system of homogeneous linear equations,from which the equivalent key is obtained by calculation.Furthermore,by adopting the method of algebraic degree,high-round integral distinguishers of SPNbox-8are proposed for the first time.The balance integral property is then made use of to establish a system of homogenous linear equations,from which the equivalent key is obtained by calculation.Compared to the existing integral cryptanalysis on low-round SPNbox,the improved attack is of lower data,time,and memory complexities.The proposed high-round attacks narrow the security margin of SPNbox-8 by two rounds.The feasibility of the attacks is claimed by experiments.This work reveals that the security of SPNbox against integral attacks is inferior to the current statements.(4)Regarding application,a general digital rights management solution based on whitebox block cipher is proposed.This solution employs the idea of perturbation to construct a perturbation-enabled white-box compiler for secure white-box block ciphers,such that functionality-perturbed white-box decryption programs providing traceability could be generated.In the white-box model,the solution fulfills the security against key extraction and code lifting as well as traceability,thus contributing to resolving the three threats digital rights management systems are confronted with,which are key extraction,code lifting,and illegal distribution.The experiments indicate that the solution performs well in efficiency.This work extends the functionality of white-box block cipher in the digital rights management setting,thus broadening its application range.