White-box Cryptography And Implementations Of AES SMS4

White-Box Attack Context is the setting that the attacker has total access to the software implementation. The attacker can find the key by executing the cryptographic software or observing the implementation of the software in the White-Box Attack Context. Thus, the secret key needs special protection. In this case, the White-Box Cryptography was proposed. The purpose of White-Box Cryptography is to protect the key in White-Box Attack Context, hide the secret key in the implementation and prevent an attacker from finding the secret keys.White-Box cryptography is designed in the following way: using some obfuscating technique to obfuscate the cryptographic algorithm and hide the key in the obfuscated cryptographic algorithm to prevent the attacker from finding the secret keys. Chow et al. designed the White-Box DES implementation and White-Box AES implementation. Ttheir White-Box DES and White-Box AES were both implemented by look-up tables, each look-up table was inserted some obfuscations and the secret keys were hidden in the look-up tables. From the look-up tables, it is difficult for the attacker to find the key. They really proposed a good idea in designing White-Box cryptography. But their White-Box DES and White-Box AES were both broken because there are some defects in the constructions.In this paper, we first introduce the White-Box Attack Context and the White-Box cryptography, then introduce Chow's White-Box AES implementation and the BGE attack on it, make an analysis of the attack technique. Then, we propose our secure White-Box AES implementation and White-Box SMS4 implementation. The basic idea of our White-Box AES implementation and White-Box SMS4 implementation is dividing the cryptographic algorithm into small ones, inserting random chosen affine mappings to obfuscate them, and representing them by look-up tables and affine mappings. The whole algorithm can be executed by table look-ups and matrix multiplications. We also discuss the security analysis of our White-Box AES and White-Box SMS4. Considering the White-Box diversity and White-Box ambiguity, both of them can resist brute-force attack, the attacker cannot find the key by ambiguity search. Moreover, both of them can resist BGE attack and the side channel attack; they can be used to protect the secret keys in White-Box Attack Context.Our White-Box AES and White-Box SMS4 can resist the brute-force attack, BGE attack and side channel attack. They can be used to protect the cryptographic software executed in White-Box Attack Context; they can hide the key in the software implementation and prevent an attacker from finding the secret keys efficiently. The White-Box AES and SMS4 implementation have enlarged the application field of the AES and SMS4.