A White-box Implementation Scheme of Lightweight Block Cipher GIFT

doi:10.3969/j.issn.1671-1122.2021.02.003

Abstract

Abstract:

The white-box implementation is to design the known cryptographic algorithm through the white-box cryptographic technology, so that it has the same function as the original algorithm in the white-box attack environment, and at the same time guarantees that the security of the algorithm will not be destroyed. This paper gives a white-box implementation of a lightweight block cipher GIFT. The main idea is to use look-up tables to represent the input and output of the cryptographic algorithm in each round, and then use different sizes of affine functions to encode the input and output of the look-up tables. This scheme requires 13.92 MB of memory and proves that it can resist the algebraic analysis attack, including BGE attack, MGH attack, affine equivalence algorithm attack and difference matrix analysis attack, among them the complexity of the affine equivalence algorithm attack is greater than $O({{2}^{82}})$.

Key words: white-box attack model, GIFT cipher, affine function, algebraic analysis attack

CLC Number:

TP309

CHEN Jie, TONG Peng, YAO Si. A White-box Implementation Scheme of Lightweight Block Cipher GIFT[J]. Netinfo Security, 2021, 21(2): 16-23.

Figures/Tables 10

References 19

[1]	CHOW S, EISEN P, JOHNSON H. White-box Cryptography and an AES Implementation[C]//SAC. 9th Annual International Workshop Selected Areas in Cryptography,August 15-16, 2002, NF, Canada. Heidelberg: Springer, 2003: 250-270.
[2]	CHOW S, EISEN P, JOHNSON H. A White-box DES Implementation for DRM Applications[C]//CCS. ACM CCS-9 Workshop Digital Rights Management, November 18, 2002, Washington, DC, USA. Washington: Springer, 2003: 1-15.
[3]	BILLET O, GILBERT H, ECH-CHATBI C. Cryptanalysis of a White Box AES Implementation[C]//SAC. 11th International Workshop Selected Areas in Cryptography, August 9-10, 2004, Waterloo, Canada. Waterloo: Springer, 2004: 227-240.
[4]	XIAO Yaying, LAI Xuejia. A Secure Implementation of White Box AES[EB/OL]. https://www.researchgate.net/publication/251919634_A_secure_implementation_of_White-Box_AES, 2020-08-06.
[5]	XIAO Yaying, LAI Xuejia. White-box Cryptography and Implementation of AES and SMS4[C]// China Crypt. Proceedings of the 2009 CACR Annual Meeting, November 14, Guangzhou, China. Guangzhou: China Crypt, 2009: 24-34.
[6]	BAI K, WU C. A Secure White-box SM4 Implementation[J]. Security and Communication Networks, 2016,9(10): 996-1006.
[7]	LUO Rui, LAI Xuejia, YOU Rong. A New Attempt of White-box AES Implementation[C]// IEEE. Proceeding 2014 International Conference on Security, Pattern analysis, and Cybernetics (SPAC), October 18-19, 2014, Wuhan, China. NJ: IEEE, 2014: 423-429.
[8]	ZHANG Hui. The Research and Analysis on White-box Cryptography[D]. Xi’an: Xidian University, 2019.
	张慧. 白盒密码的研究与分析[D]. 西安:西安电子科技大学, 2019.
[9]	MICHIELS W, GORISSEN P, HOLLMANN H D L. Cryptanalysis of a Generic Class of White-box Implementations[C]// SAC. 15th International Workshop on Selected Areas in Cryptography, August 14-15, 2008, Sackville, New Brunswick, Canada. Sackville: Springer, 2008: 414-428.
[10]	BIRYUKOV A, DE Cannière C, BRAEKEN A, et al. A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms[C]//EUROCRYPT. Advances in Cryptology-EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, May 4-8, 2003, Warsaw, Poland. Warsaw: Springer Berlin, 2003: 33-50.
[11]	PAN Wenlun, QIN Tihong, JIA Yin, et al. Cryptanalysis of Two White-box SM4 Implementations[J]. Journal of Cryptologic Research, 2018,5(6): 651-670.
	潘文伦, 秦体红, 贾音, 等. 对两个 SM4 白盒方案的分析[J]. 密码学报, 2018,5(6): 651-670.
[12]	MULDER Y D, ROELSE P, PRENEEL B. Cryptanalysis of the Xiao-Lai White-box AES Implementation[C]//SAC. 19th International Conference(SAC 2012), August 15-16, 2012, Windsor, On, Canada. Windsor: Springer Berlin, 2013: 34-49.
[13]	LIN Tingting, LAI Xuejia. Efficient Attack to White-box SMS4 Implementation[J]. Journal of Software, 2013,24(9): 2238-2249.
[14]	BOGDANOV A, KNUDSEN L, LEANDER G. Present: An Ultra-lightweight Block Cipher[C]//CHES. Cryptographic Hardware and Embedded Systems—CHES 2007, September 10-13, 2007, Vienna, Austria. Vienna: Springer, 2007: 450-466.
[15]	SHIRAI T, SHIBUTANI K, AKISHITA T. The 128-Bit Blockcipher CLEFIA[C]//FSE. Fast Software Encryption—FSE 2007, March 26-28, 2007, Luxembourg, Luxembourg. Luxembourg: Springer, 2007: 181-195.
[16]	SU Shuai, DONG Hang, FU Ge. A White-box CLEFIA Implementation for Mobile Devices[C]//IEEE. 2014 Communications Security Conference, May 22-24, 2014, Beijing, China. Beijing: IET, 2014: 1-8.
[17]	GONG Yating. Security Analysis and Improvement of White-box CLEFIA Algorithm[D]. Xi’an: Xidian University, 2019.
	宫雅婷. 白盒CLEFIA算法的安全性分析与改进[D]. 西安:西安电子科技大学, 2019.
[18]	LU Zhou, SU Chunhua, WEN Yamin, et al. Towards Practical White-box Lightweight Block Cipher Implementations for IoTs[J]. Future Generation Computer Systems, 2018,86(9): 507-514.
[19]	BANIK S, PANDEY S K, PEYRIN T, et al. GIFT: A Small Present: Towards Reaching the Limit of Lightweight Encryption[EB/OL]. https://infoscience.epfl.ch/record/232021, 2020-08-28.

轮数	常数
1~16	01, 03, 07, 0f, 1f, 3e, 3d, 3b, 37, 2f, 1e, 3c, 39, 33, 27, 0e
17~32	1d, 3a, 35, 2b, 16, 2c, 18, 30, 21, 02, 05, 0b, 17, 2e, 1c, 38
33~48	31, 23, 06, 0d, 1b, 36, 2d, 1a, 34, 29, 12, 24, 08, 11, 22, 04

方案	查表次数	异或次数	矩阵乘法次数	半字节运算	内存（MB）
文献^[1]方案	3008	0	0	5376	0.73
文献^[4]方案	80	40	11	0	20.02
文献^[7]方案	7776	0	0	20192	27.78
文献^[6]方案	640	640	0	0	32.5
文献^[8]方案	464	464	0	0	199.625
文献^[16]方案	576	0	0	0	0.14
本文方案	423	378	0	432	13.92

方案	BGE攻击	MGH攻击	仿射等价算法攻击	差分矩阵攻击
文献^[1]方案	×	×
文献^[4]方案	√		×
文献^[7]方案	√		√
文献^[6]方案				×
文献^[8]方案				×
文献^[16]方案		×
本文方案	√	√	√	√