轻量级分组密码GIFT的一种白盒实现方案

doi:10.3969/j.issn.1671-1122.2021.02.003

信息网络安全 ›› 2021, Vol. 21 ›› Issue (2): 16-23.doi: 10.3969/j.issn.1671-1122.2021.02.003

轻量级分组密码GIFT的一种白盒实现方案

陈杰¹^,³, 童鹏²(), 姚思¹

1.西安电子科技大学ISN国家重点实验室,西安 710071
2.西安电子科技大学网络与信息安全学院,西安 710071
3.西安电子科技大学密码研究中心,西安 710071

收稿日期:2020-10-21 出版日期:2021-02-10 发布日期:2021-02-23
通讯作者: 童鹏 E-mail:1796497751@qq.com
作者简介:陈杰（1979—）,女,湖南,副教授,博士,主要研究方向为密码算法分析、安全协议设计|童鹏（1996—）,男,安徽,硕士研究生,主要研究方向为白盒密码设计与安全性分析|姚思（1996—）,男,辽宁,硕士研究生,主要研究方向为白盒密码设计、信息网络安全
基金资助:
国家自然科学基金(U1736111);“十三五”国家密码发展基金(MMJJ20180219)

A White-box Implementation Scheme of Lightweight Block Cipher GIFT

CHEN Jie¹^,³, TONG Peng²(), YAO Si¹

1. State Key Laboratory of ISN, Xidian University, Xi’an 710071, China
2. School of Cyber Engineering, Xidian University, Xi’an 710071, China
3. Cryptographic Research Center, Xidian University, Xi’an 710071, China

Received:2020-10-21 Online:2021-02-10 Published:2021-02-23
Contact: TONG Peng E-mail:1796497751@qq.com

摘要/Abstract

摘要：

白盒实现是将已知的密码算法通过白盒密码技术进行设计,使其在白盒攻击环境中具有与原算法相同的功能,同时保证该算法的安全性不会遭到破坏。文章提出一种轻量级分组密码GIFT的白盒实现方案,该方案主要思想是使用查找表表示密码算法每轮的输入输出,并使用不同大小的仿射函数编码查找表的输入输出。该方案需要13.92 MB的内存空间,并能抵抗BGE攻击、MGH攻击、仿射等价算法攻击和差分矩阵攻击等代数分析攻击。其中,仿射等价算法攻击的复杂度大于$O({{2}^{82}})$。

关键词: 白盒攻击模型, GIFT密码, 仿射函数, 代数分析攻击

Abstract:

The white-box implementation is to design the known cryptographic algorithm through the white-box cryptographic technology, so that it has the same function as the original algorithm in the white-box attack environment, and at the same time guarantees that the security of the algorithm will not be destroyed. This paper gives a white-box implementation of a lightweight block cipher GIFT. The main idea is to use look-up tables to represent the input and output of the cryptographic algorithm in each round, and then use different sizes of affine functions to encode the input and output of the look-up tables. This scheme requires 13.92 MB of memory and proves that it can resist the algebraic analysis attack, including BGE attack, MGH attack, affine equivalence algorithm attack and difference matrix analysis attack, among them the complexity of the affine equivalence algorithm attack is greater than $O({{2}^{82}})$.

Key words: white-box attack model, GIFT cipher, affine function, algebraic analysis attack

中图分类号:

TP309

陈杰, 童鹏, 姚思. 轻量级分组密码GIFT的一种白盒实现方案[J]. 信息网络安全, 2021, 21(2): 16-23.

CHEN Jie, TONG Peng, YAO Si. A White-box Implementation Scheme of Lightweight Block Cipher GIFT[J]. Netinfo Security, 2021, 21(2): 16-23.

图/表 10

图1

表1

表2

表3

图2

图3

图4

表4

图5

表5

参考文献 19

[1]	CHOW S, EISEN P, JOHNSON H. White-box Cryptography and an AES Implementation[C]//SAC. 9th Annual International Workshop Selected Areas in Cryptography,August 15-16, 2002, NF, Canada. Heidelberg: Springer, 2003: 250-270.
[2]	CHOW S, EISEN P, JOHNSON H. A White-box DES Implementation for DRM Applications[C]//CCS. ACM CCS-9 Workshop Digital Rights Management, November 18, 2002, Washington, DC, USA. Washington: Springer, 2003: 1-15.
[3]	BILLET O, GILBERT H, ECH-CHATBI C. Cryptanalysis of a White Box AES Implementation[C]//SAC. 11th International Workshop Selected Areas in Cryptography, August 9-10, 2004, Waterloo, Canada. Waterloo: Springer, 2004: 227-240.
[4]	XIAO Yaying, LAI Xuejia. A Secure Implementation of White Box AES[EB/OL]. https://www.researchgate.net/publication/251919634_A_secure_implementation_of_White-Box_AES, 2020-08-06.
[5]	XIAO Yaying, LAI Xuejia. White-box Cryptography and Implementation of AES and SMS4[C]// China Crypt. Proceedings of the 2009 CACR Annual Meeting, November 14, Guangzhou, China. Guangzhou: China Crypt, 2009: 24-34.
[6]	BAI K, WU C. A Secure White-box SM4 Implementation[J]. Security and Communication Networks, 2016,9(10): 996-1006.
[7]	LUO Rui, LAI Xuejia, YOU Rong. A New Attempt of White-box AES Implementation[C]// IEEE. Proceeding 2014 International Conference on Security, Pattern analysis, and Cybernetics (SPAC), October 18-19, 2014, Wuhan, China. NJ: IEEE, 2014: 423-429.
[8]	ZHANG Hui. The Research and Analysis on White-box Cryptography[D]. Xi’an: Xidian University, 2019.
	张慧. 白盒密码的研究与分析[D]. 西安:西安电子科技大学, 2019.
[9]	MICHIELS W, GORISSEN P, HOLLMANN H D L. Cryptanalysis of a Generic Class of White-box Implementations[C]// SAC. 15th International Workshop on Selected Areas in Cryptography, August 14-15, 2008, Sackville, New Brunswick, Canada. Sackville: Springer, 2008: 414-428.
[10]	BIRYUKOV A, DE Cannière C, BRAEKEN A, et al. A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms[C]//EUROCRYPT. Advances in Cryptology-EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, May 4-8, 2003, Warsaw, Poland. Warsaw: Springer Berlin, 2003: 33-50.
[11]	PAN Wenlun, QIN Tihong, JIA Yin, et al. Cryptanalysis of Two White-box SM4 Implementations[J]. Journal of Cryptologic Research, 2018,5(6): 651-670.
	潘文伦, 秦体红, 贾音, 等. 对两个 SM4 白盒方案的分析[J]. 密码学报, 2018,5(6): 651-670.
[12]	MULDER Y D, ROELSE P, PRENEEL B. Cryptanalysis of the Xiao-Lai White-box AES Implementation[C]//SAC. 19th International Conference(SAC 2012), August 15-16, 2012, Windsor, On, Canada. Windsor: Springer Berlin, 2013: 34-49.
[13]	LIN Tingting, LAI Xuejia. Efficient Attack to White-box SMS4 Implementation[J]. Journal of Software, 2013,24(9): 2238-2249.
[14]	BOGDANOV A, KNUDSEN L, LEANDER G. Present: An Ultra-lightweight Block Cipher[C]//CHES. Cryptographic Hardware and Embedded Systems—CHES 2007, September 10-13, 2007, Vienna, Austria. Vienna: Springer, 2007: 450-466.
[15]	SHIRAI T, SHIBUTANI K, AKISHITA T. The 128-Bit Blockcipher CLEFIA[C]//FSE. Fast Software Encryption—FSE 2007, March 26-28, 2007, Luxembourg, Luxembourg. Luxembourg: Springer, 2007: 181-195.
[16]	SU Shuai, DONG Hang, FU Ge. A White-box CLEFIA Implementation for Mobile Devices[C]//IEEE. 2014 Communications Security Conference, May 22-24, 2014, Beijing, China. Beijing: IET, 2014: 1-8.
[17]	GONG Yating. Security Analysis and Improvement of White-box CLEFIA Algorithm[D]. Xi’an: Xidian University, 2019.
	宫雅婷. 白盒CLEFIA算法的安全性分析与改进[D]. 西安:西安电子科技大学, 2019.
[18]	LU Zhou, SU Chunhua, WEN Yamin, et al. Towards Practical White-box Lightweight Block Cipher Implementations for IoTs[J]. Future Generation Computer Systems, 2018,86(9): 507-514.
[19]	BANIK S, PANDEY S K, PEYRIN T, et al. GIFT: A Small Present: Towards Reaching the Limit of Lightweight Encryption[EB/OL]. https://infoscience.epfl.ch/record/232021, 2020-08-28.

轮数	常数
1~16	01, 03, 07, 0f, 1f, 3e, 3d, 3b, 37, 2f, 1e, 3c, 39, 33, 27, 0e
17~32	1d, 3a, 35, 2b, 16, 2c, 18, 30, 21, 02, 05, 0b, 17, 2e, 1c, 38
33~48	31, 23, 06, 0d, 1b, 36, 2d, 1a, 34, 29, 12, 24, 08, 11, 22, 04

方案	查表次数	异或次数	矩阵乘法次数	半字节运算	内存（MB）
文献^[1]方案	3008	0	0	5376	0.73
文献^[4]方案	80	40	11	0	20.02
文献^[7]方案	7776	0	0	20192	27.78
文献^[6]方案	640	640	0	0	32.5
文献^[8]方案	464	464	0	0	199.625
文献^[16]方案	576	0	0	0	0.14
本文方案	423	378	0	432	13.92

方案	BGE攻击	MGH攻击	仿射等价算法攻击	差分矩阵攻击
文献^[1]方案	×	×
文献^[4]方案	√		×
文献^[7]方案	√		√
文献^[6]方案				×
文献^[8]方案				×
文献^[16]方案		×
本文方案	√	√	√	√

轻量级分组密码GIFT的一种白盒实现方案

A White-box Implementation Scheme of Lightweight Block Cipher GIFT

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 19

相关文章 15

编辑推荐

Metrics

本文评价

i	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15
P(i)	0	17	34	51	48	1	18	35	32	49	2	19	16	33	50	3
i	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
P(i)	4	21	38	55	52	5	22	39	36	53	6	23	20	37	54	7
i	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46	47
P(i)	8	25	42	59	56	9	26	43	40	57	10	27	24	41	58	11
i	48	49	50	51	52	53	54	55	56	57	58	59	60	61	62	63
P(i)	12	29	46	63	60	13	30	47	44	61	14	31	28	45	62	15

[1]	黄长慧, 胡光俊, 李海威. 基于URL智能白名单的Web应用未知威胁阻断技术研究[J]. 信息网络安全, 2021, 21(3): 1-6.
[2]	石乐义, 徐兴华, 刘祎豪, 刘佳. 一种改进概率神经网络的工业控制系统安全态势评估方法[J]. 信息网络安全, 2021, 21(3): 15-25.
[3]	周由胜, 王明, 刘媛妮. 支持区间查询的基于位置服务外包数据隐私保护方案[J]. 信息网络安全, 2021, 21(3): 26-36.
[4]	周艺华, 董松寿, 杨宇光. 标准模型下基于格的身份代理部分盲签名方案[J]. 信息网络安全, 2021, 21(3): 37-43.
[5]	刘延华, 刘志煌. 一种基于用户行为模式的匿名数据鉴定方法[J]. 信息网络安全, 2021, 21(3): 44-52.
[6]	李佳玮, 吴克河, 张波. 基于高斯混合聚类的电力工控系统异常检测研究[J]. 信息网络安全, 2021, 21(3): 53-63.
[7]	路宏琳, 王利明. 面向用户的支持用户掉线的联邦学习数据隐私保护方法[J]. 信息网络安全, 2021, 21(3): 64-71.
[8]	芦效峰, 付淞兵. 属性基加密和区块链结合的可信数据访问控制方案[J]. 信息网络安全, 2021, 21(3): 7-8.
[9]	于克辰, 郭莉, 姚萌萌. 基于空间及能量维度的黑盒对抗样本生成方法[J]. 信息网络安全, 2021, 21(3): 72-78.
[10]	尚雯, 王宏霞. 基于指纹的5G通信说话人身份追踪方案[J]. 信息网络安全, 2021, 21(3): 79-86.
[11]	郭烜臻, 潘祖烈, 沈毅, 陈远超. 一种基于被动DNS数据分析的DNS重绑定攻击检测技术[J]. 信息网络安全, 2021, 21(3): 87-95.
[12]	涂国庆, 杨延浩, 刘树波. Geohash编码抗k近邻攻击的脆弱性分析[J]. 信息网络安全, 2021, 21(2): 10-15.
[13]	李朝阳, 谭晶磊, 胡瑞钦, 张红旗. 基于双重地址跳变的移动目标防御方法[J]. 信息网络安全, 2021, 21(2): 24-33.
[14]	张应辉, 朱甜, 郑东. 基于区块链的多关键字细粒度可搜索加密方案[J]. 信息网络安全, 2021, 21(2): 34-44.
[15]	丁建立, 陈盼, 马勇. 基于泛化FPE加密的民航旅客信息动态脱敏方法研究[J]. 信息网络安全, 2021, 21(2): 45-52.