A White-Box Improvement Scheme of SM4 for Collision Attack

doi:10.3969/j.issn.1671-1122.2024.12.006

Abstract

Abstract:

In a white-box attack model, the attacker can access the implementation process of the cryptographic algorithm, observe or modify the internal details of the cryptographic algorithm. Based on the concept of white-box cryptography, Yao-Chen’s white-box SM4 scheme presents a design idea for expanding the internal state of white-box SM4, but the scheme fails to resist the analysis of collision attack, and the time complexity of recovering the key is only O(2^23.02). In order to ensure the normal operation of white-box SM4 in the collision attack context, this paper proposed a white-box improvement scheme of SM4 for collision attack. This improvement scheme introduced more random affine transformations and random vectors to complicate the internal encoding to resist the collision attack. By using the counter proof method, it was proven that the round encryption function of the improved scheme couldn’t be converted into a collision function, and the analysis of collision attack couldn’t be carried out. In addition, this paper demonstrated that the scheme can also resist BGE attack, code extraction attacks and a combination of differential analysis and methods for solving systems of equations. For the attack method of differential analysis with adjusted affine constant, the key space size of the improved scheme was 61200×2¹²⁸, and the time complexity for affine equivalent attack was O(2⁹⁷).

Key words: white-box attack context, white-box cryptography, collision attack, complex coding

CLC Number:

TP309

LI Kehui, CHEN Jie, LIU Jun. A White-Box Improvement Scheme of SM4 for Collision Attack[J]. Netinfo Security, 2024, 24(12): 1871-1881.

Figures/Tables 7

References 25

[1]	CHOW S, EISEN P, JOHNSON H, et al. White-Box Cryptography and an AES Implementation[M]. Heidelberg: Springer, 2003.
[2]	VANDERSMISSEN J, RANEA A, PRENEEL B. A White-Box Speck Implementation Using Self-Equivalence Encodings[M]. Heidelberg: Springer, 2022.
[3]	BILLET O, GILBERT H, ECH-CHATBI C. Cryptanalysis of a White Box AES Implementation[M]. Heidelberg: Springer, 2004.
[4]	LEPOINT T, RIVAIN M, DE M Y, et al. Two Attacks on a White-Box AES Implementation[M]. Heidelberg: Springer, 2014.
[5]	MICHIELS W, GORISSEN P, HOLLMANN H D L. Cryptanalysis of a Generic Class of White-Box Implementations[M]. Heidelberg: Springer, 2009.
[6]	DE M Y, ROELSE P, PRENEEL B. Cryptanalysis of the Xiao-Lai White-Box AES Implementation[M]. Heidelberg: Springer, 2013.
[7]	BOS J W, HUBAIN C, MICHIELS W, et al. Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough[M]. Heidelberg: Springer, 2016.
[8]	BANIK S, BOGDANOV A, ISOBE T, et al. Analysis of Software Countermeasures for Whitebox Encryption[J]. IACR Transactions on Symmetric Cryptology, 2017(1): 307-328.
[9]	ALPIREZ B E, BRZUSKA C, MICHIELS W, et al. On the Ineffectiveness of Internal Encodings-Revisiting the DCA Attack on White-Box Cryptography[C]// ACM. 16th Applied Cryptography and Network Security (ACNS 2018). Heidelberg: Springer, 2018: 103-120.
[10]	BOGDANOV A, RIVAIN M, VEJRE P S, et al. Higher-Order DCA against Standard Side-Channel Countermeasures[M]. Heidelberg: Springer, 2019.
[11]	GOUBIN L, PAILLIER P, RIVAIN M, et al. How to Reveal the Secrets of an Obscure White-Box Implementation[J]. Journal of Cryptographic Engineering, 2020, 10(1): 49-66.
[12]	LEE S, KIM M. Improvement on a Masked White-Box Cryptographic Implementation[J]. IEEE Access, 2020, 8: 90992-91004.
[13]	BIRYUKOV A, UDOVENKO A. Dummy Shuffling against Algebraic Attacks in White-Box Implementations[M]. Heidelberg: Springer, 2021.
[14]	TANG Yufeng, GONG Zheng, SUN Tao, et al. Adaptive Side-Channel Analysis Model and its Applications to White-Box Block Cipher Implementations[C]// Springer. International Conference on Information Security and Cryptology. Heidelberg: Springer, 2021: 399-417.
[15]	BATTISTELLO A, CASTELNOVI L, CHABRIER T. Enhanced Encodings for White-Box Designs[C]// Springer. 2021 Smart Card Research and Advanced Applications (CARDIS). Heidelberg: Springer, 2021: 254-274.
[16]	Standardization Administration. Information Security Technology-SM4 Block Cipher Algorithm[EB/OL]. (2016-08-29)[2024-01-10]. http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=7803DE42D3BC5E80B0C3E5D8E873D56A.
	国家标准化管理委员会. 信息安全技术SM4分组密码算法[EB/OL]. (2016-08-29)[2024-01-10]. http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=7803DE42D3BC5E80B0C3E5D8E873D56A.
[17]	XIAO Yaying, LAI Xuejia. White-Box Cryptography and Implementation of SMS4[C]// Chinese Association for Cryptologic Research. The 2009 CACR Annual Meeting. Beijing: Science Press, 2009: 24-34.
	肖雅莹, 来学嘉. 白盒密码及SMS4算法的白盒实现[C]// 中国密码学会.中国密码学会2009年会. 北京: 科学出版社, 2009: 24-34.
[18]	LIN Tingting, LAI Xuejia. Efficient Attack to White-Box SMS4 Implementation[J]. Journal of Software, 2013, 24(9): 2238-2249.
	林婷婷, 来学嘉. 对白盒SMS4实现的一种有效攻击[J]. 软件学报, 2013, 24(9): 2238-2249.
[19]	SHI Yang, WEI Wujing, HE Zongjian. A Lightweight White-Box Symmetric Encryption Algorithm against Node Capture for WSNS[J]. Sensors, 2015, 15(5): 11928-11952. doi: 10.3390/s150511928 pmid: 26007737
[20]	BAI Kunpeng, WU Chuankun. A Secure White-Box SM4 Implementation[J]. Security and Communication Networks, 2016, 9(10): 996-1006.
[21]	BAI Kunpeng, WU Chuankun, ZHANG Zhenfeng. Protect White-Box AES to Resist Table Composition Attacks[J]. IET Information Security, 2018, 12(4): 305-313.
[22]	LIN Tingting. Research on White Box Cryptography[D]. Shanghai: Shanghai Jiao Tong University, 2016.
	林婷婷. 白盒密码研究[D]. 上海: 上海交通大学, 2016.
[23]	YAO Si, CHEN Jie. A New Method for White-Box Implementation of SM4 Algorithm[J]. Journal of Cryptologic Research, 2020, 7(3): 358-374.
	姚思, 陈杰. SM4算法的一种新型白盒实现[J]. 密码学报, 2020, 7(3): 358-374. doi: 10.13868/j.cnki.jcr.000373
[24]	LU Jiqiang, LI Jingyu. Cryptanalysis of Two White-Box Implementations of the SM4 Block Cipher[J]. Journal of Computer Science, 2021(13118): 54-69.
[25]	WANG Rusi, GUO Hua, LU Jiqiang, et al. Cryptanalysis of a White-Box SM4 Implementation Based on Collision Attack[J]. IET Information Security, 2022, 16(1): 18-27.

白盒实现方案	内存/MB	异或次数/次	矩阵乘法次数/次
姚-陈白盒SM4改进方案	0.3	352+96	160
姚-陈白盒SM4方案	65.9	96+96	64

攻击方法	姚-陈白盒SM4改进方案的抵御情况
代码提取攻击	√
碰撞攻击	√
BGE攻击	√
仿射等价攻击	2⁹⁷
文献[18]攻击方法	√
文献[21]攻击方法	61200×2¹²⁸