The Design And Analysis Of White-box Implementation

Traditional cryptosystem always assume that the attacker can only access the input and output of the cryptographic algorithm,that is,the cryptographic algorithm is under a blackbox model.However,with the rapid development of computer and Internet technology,the ability of attackers has been significantly improved,and the traditional black-box model has been unable to meet the needs of cryptographic algorithm security analysis.In 2002,Chow et al.proposed the concept of White-Box Attack Context(WBAC)based on the application scenario of Digital Rights Management(DRM),and modeled it as an extreme attack model,the white-box model.In the white-box model,it is assumed that the attacker has full access to the implementation of the cryptographic algorithm,can observe the dynamic execution process of the cryptographic algorithm,can see the internal details of the algorithm,and modify it arbitrarily.In order to ensure the security of the cryptographic algorithm in the white-box model,Chow et al.proposed white-box cryptography.White-box cryptography will focus on the reliable implementation of cryptographic algorithms in untrusted terminals in order to construct cryptographic algorithms that can be safely executed in the white-box model.The white-box cryptography technology focuses on the protection of the key,that is,by hiding the key to prevent the attacker from extracting the key information in the cryptographic algorithm while possessing the above-mentioned series of attack capabilities.The main research contents of this thesis include:1)A new white-box implementation of CLEFIA algorithm(referred to as new white-box CLEFIA algorithm)is proposed based on the look-up table technology.In the design process of the new white-box CLEFIA algorithm,we introduced two types of look-up tables with16-bit input and 32-bit output.Among them,the look-up table I is used to complete the F function in the standard CLEFIA algorithm,and the look-up table II is used to decode and re-encode two 32-bit vector values that are directly shifted into the next round of odd branches in the CLEFIA algorithm,and the input and output encodings of the two types of look-up tables are randomly selected reversible affine transforms.Each round of the algorithm contains 8 look-up tables(4 look-up table I tables,4 look-up table II tables),a total of 144 look-up tables.Since the input encoding size of each look-up table is 16 bits,the memory consumption of the new white-box CLEFIA algorithm is 36 MB,but the sacrifice of memory space ensures that the new white-box CLEFIA algorithm has relatively higher security.Based on the new white-box CLEFIA algorithm proposed in this thesis,we provide a software tamper resistance strategy Alarm,for DRM system,which uses white-box implementation to make the software achieve the purpose of tamper resistance.We interpret the binary code files of the software in the DRM system as look-up tables,and merge these look-up tables into the white-box implementation of the CLEFIA algorithm,so that the tamper resistance security of the software code is combined with the encryption and decryption correctness of the white-box implementation.In addition,we will prove that the security of Alarm depends on the security of the output encoding of the look-up table of the white-box implementation.2)A white-box implementation scheme of SM4 algorithm with internal state expansion(referred to as WSISE algorithm)is proposed by using the method of combining obfuscation key and look-up table technology.The WSISE algorithm will expand the internal state of the standard SM4 algorithm and add random numbers to obfuscate the key during the operation of the cryptographic algorithm,so that half of the information is useful after each round of encrypted output,and half of the information is obfuscated,except exhaustive search attack,the attacker cannot distinguish between useful information and confusing information,thereby improving the security of the WSISE algorithm.The entire encryption process of the WSISE algorithm will be represented by look-up tables and affine transformation.The WSISE algorithm designs four 8-bit input 64-bit output look-up tables in each round.The whole algorithm has a total of 128 look-up tables.Therefore,the WSISE algorithm requires276.625 KB of memory space.3)We use the linear / affine equivalence algorithm to extract the round key and the input and output encodings of the look-up table for the purpose of analyzing the security of the whitebox implementation schemes of KLEIN,Present and LBlock proposed by Zhou et al.,and use C language to implement and verify the analysis process of each white-box implementation scheme.