CN105591734A - White-box cryptograph non-linear encoding protection method based on table lookup - Google Patents
White-box cryptograph non-linear encoding protection method based on table lookup Download PDFInfo
- Publication number
- CN105591734A CN105591734A CN201510202424.0A CN201510202424A CN105591734A CN 105591734 A CN105591734 A CN 105591734A CN 201510202424 A CN201510202424 A CN 201510202424A CN 105591734 A CN105591734 A CN 105591734A
- Authority
- CN
- China
- Prior art keywords
- box
- white
- bits
- method based
- white box
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
The invention discloses a white-box cryptograph non-linear encoding protection method based on table lookup. The white-box cryptograph non-linear encoding protection method comprises the steps of: dividing m variables of a cryptographic algorithm into n groups, wherein each group comprises 16 bits, and subjecting the groups to Q0<1>, Q1<1>, ... , Qn-1<1> nonlinear transformation in sequence; regarding output results as input of an internal obfuscation part of the cryptographic algorithm of an SP structure, taking an AES algorithm for an example, and carrying out T transformation and MixColumns transformation; subjecting obtained results to one-time m bit input and m bit output nonlinear W<1>transformation; and acquiring final results of this turn of iteration, and sending the final results to the subsequent turn of iteration step. According to the white-box cryptograph non-linear encoding protection method, internal and external codes are subjected to non-linear bijective conversion simultaneously, and required operation is small since the algebraic degree of a single S box is no more than 8 and cannot be increased by MixColumn components and external radiation obfuscation codes; in addition, a master cryptography key is not directly restored when facing external algebra interpolation attacks, but an equivalent decrypting Boolean system is constructed, thus the security of the white-box cryptograph non-linear encoding protection method is higher.
Description
Technical field
The present invention relates to information security field, be specifically related to a kind of white box password non-uniform encoding guard method based on tabling look-up.
Background technology
In the Design and implementation of traditional cryptographic algorithm and security protocol, be generally that the running environment terminal of supposition cryptographic algorithm is safe, believable, the security of whole system is the confidentiality of key. But along with the development of digital information technology, research finds that cipher software is normally operated in a unsafe environment, such as malice virus and dishonest user's existence. Under this environment, assailant can, by observing or carry out cipher software, be easy to catch key information. A new security challenge is: under the open environment of software code, how key information is directly hidden in the realization of algorithm, and makes assailant cannot extract key. For this problem, first the people such as Chow have proposed white box attack context (White-BoxAttackContext): assailant is to the complete visible environment of the software execute process of cryptographic algorithm. Under this environment, assailant, by observing or carry out password program, is easy to extract key. And the main purpose of white box password is for Protective Key in white box attack context, takes precautions against assailant and utilize cipher software implementation to catch key information. The fundamental design idea of white box password is: for given cryptographic algorithm and key information, the mapping that expressly transforms to ciphertext has also just been determined; Expressly carrying out scrambling and coding (obfuscationencoding) to the mapping of ciphertext, the implementation of cryptographic algorithm completes by the method for look-up table, and key is hidden in form, but assailant cannot extract key by look-up table. But, at present about all there is a common issue in the scheme of white box password, utilize the input and output feature of look-up table, in eliminating, take turns after the non-linear partial of scrambling and coding, and the only remaining linear scramble computing of external coding, therefore under white box condition, be broken required amount of calculation less, the security of password still needs further raising.
Summary of the invention
For the deficiency of above-mentioned technology, a kind of white box password non-uniform encoding guard method based on tabling look-up of the present invention provides built-in coding and external coding to adopt non-linear dijection conversion to realize simultaneously, attacks thereby can resist algebraically difference, has safe feature.
The technical scheme that realizes the object of the invention is:
A kind of white box password non-uniform encoding guard method, comprises the steps:
1) m in original code algorithm responsive argument is divided into n and organizes every group of 16 bits, pass through successivelyNon-linear scramble;
2) using step 1) in the output of Q conversion as the input of the inside scramble of original code algorithm SP structure, wherein convert through T conversion and MixColumns successively;
3) by step 2) in all outputs, through a W1Conversion;
4) using step 3) output as the final Output rusults of epicycle iterative process, and send in cryptographic algorithm next round iterative step, to the last one take turns end, thereby obtain the ciphertext of white box password.
Step 1) in, Q is transformed to 16 bits with good Cryptographic Properties of constructing by Properties of Boolean Functions and inputs the external non-linear scramble that 16 bits are exported, and its algebraic degree is at least 8 times.
Step 2) in, each border of taking turns in the encryption and decryption flow process of change original code algorithm, taking aes algorithm as example: change behind the wheel border of AES, AddRoundKey and SubBytes are combined, these two steps combine and can represent with T-Box. The computing formula of T-Box is as follows:
Wherein, Ki,j rBe the sub-key of r wheel at unit (i, j), sr (i, j) represents that unit (i, j) is in the position after ShiftRows operation, and S represents the S box of AES.
Step 2) in, MixColumn operation acts on each time one and lists, and can represent by the column vector that the matrix M C of 32 × 32 (bit) is multiplied by 32 bits. If whole MixColumn represents with a form, the size of this form is 232' 32=16GB. In order to prevent, with big look-up table like this, MC being divided into 2 parts by row, MixColumn operation can represent with following formula:
Wherein, the form that MC is MixColumn represents mode, MC0、MC1For left and right two parts of MC.
Therefore, the calculating of MixColumns can split into the conversion composition of 2 16 bits to 32 bits, then 2 transformation results is carried out to XOR and obtains last MixColumn result.
Step 3) in, W1Be transformed to the nonlinear transformation of the input of m bit, the output of m bit.
Beneficial effect of the present invention:
Compared with prior art, the present invention proposes built-in coding and external coding adopts non-linear dijection conversion simultaneously, because the algebraic degree of single S box is no more than 8 times, and row obscure parts and external radiation scrambling and coding can't improve algebraic degree, therefore computing required for the present invention is less; In addition, the present invention, in the time attacking in the face of outside Algebraic interpolation, can directly not recover master key, but construct a deciphering Boolean system of equal value, and therefore confidentiality of the present invention and security are stronger.
Brief description of the drawings
Fig. 1 is a kind of white box design drawing of single-wheel of the white box password non-uniform encoding guard method based on tabling look-up.
Detailed description of the invention
Below in conjunction with accompanying drawing, the present invention is further elaborated, but is not limitation of the invention.
Embodiment:
A kind of white box password non-uniform encoding guard method based on tabling look-up:
1) m in original code algorithm responsive argument is divided into n and organizes every group of 16 bits, pass through successivelyNon-linear scramble;
2) using step 1) in the output of Q conversion as the input of the inside scramble of original code algorithm SP structure, wherein convert through T conversion and MixColumns successively;
3) by step 2) in all outputs, through a W1Conversion;
4) using step 3) output as the final Output rusults of epicycle iterative process, and send in cryptographic algorithm next round iterative step, to the last one take turns end, thereby obtain the ciphertext of white box password.
Step 1) in, Q is transformed to 16 bits with good Cryptographic Properties of constructing by Properties of Boolean Functions and inputs the external non-linear scramble that 16 bits are exported, and its algebraic degree is at least 8 times.
Step 2) in, each border of taking turns in the encryption and decryption flow process of change original code algorithm, taking aes algorithm as example: change behind the wheel border of AES, AddRoundKey and SubBytes are combined, these two steps combine and can represent with T-Box. The computing formula of T-Box is as follows:
Wherein, Ki,j rBe the sub-key of r wheel at unit (i, j), sr (i, j) represents that unit (i, j) is in the position after ShiftRows operation, and S represents the S box of AES.
Step 2) in, MixColumn operation acts on each time one and lists, and can represent by the column vector that the matrix M C of 32 × 32 (bit) is multiplied by 32 bits. If whole MixColumn represents with a form, the size of this form is 232' 32=16GB. In order to prevent, with big look-up table like this, MC being divided into 2 parts by row, MixColumn operation can represent with following formula:
Wherein, the form that MC is MixColumn represents mode, MC0、MC1For left and right two parts of MC.
Therefore, the calculating of MixColumns can split into the conversion composition of 2 16 bits to 32 bits, then 2 transformation results is carried out to XOR and obtains last MixColumn result.
Step 3) in, W1Be transformed to the nonlinear transformation of the input of m bit, the output of m bit.
Particularly, the white box password non-uniform encoding guard method based on tabling look-up, its built-in coding and external coding adopt non-linear dijection conversion to realize simultaneously, as shown in Figure 1, comprise the steps:
1, establish the original x of being input asi, i=0...n-1, wherein xiRepresent 16 bits, calculate Qi 1(xi),i=0...n-1;
2, the result of step 1 is divided into 2n group, every group of 8 bits, are designated as qi, i=0...2n, then taking four 8 bits as one group, odd number group is calculated Even number set calculating (
3, be one group by four 8 bits of the result of step 2, be designated as Ti, i=0...3, calculates MixColumns (Ti);
4, using all Output rusults of step 3 (m bit) as last W1Input, be designated as mc, calculate W1(mc) input that, result is next round.
False code is as follows:
Input(xi)
Qi 1(xi)
Ti=T(q)
mc=MixColumns(Ti)
W1(mc)
Output(W1)。
Claims (5)
1. the white box password of the white box non-uniform encoding guard method based on tabling look-up, is characterized in that, comprises the steps:
1) m in original code algorithm responsive argument is divided into n group (every group of 16 bits), passes through successivelyNon-Linear scramble;
2) using step 1) in the output of Q conversion as the input of the inside scramble of original code algorithm SP structure, wherein warp successivelyCross T conversion and MixColumns conversion;
3) by step 2) in all outputs, through a W1Conversion;
4) using step 3) output as the final Output rusults of epicycle iterative process, and send into cryptographic algorithm next round iteration stepIn rapid, to the last one take turns end, thereby obtain the ciphertext of white box password.
2. the white box password non-uniform encoding guard method based on tabling look-up according to claim 1, is characterized in that, stepRapid 1) in, Q is transformed to 16 bits with good Cryptographic Properties of constructing by Properties of Boolean Functions and inputs 16 bit outputsExternal non-linear scramble, and its algebraic degree is at least 8 times.
3. the white box password non-uniform encoding guard method based on tabling look-up according to claim 1, is characterized in that, stepRapid 2), in, each border of taking turns in the encryption and decryption flow process of change original code algorithm, taking aes algorithm as example: the wheel that changes AESBehind border, AddRoundKey and SubBytes are combined, these two steps combine and can come with T-BoxRepresent. The computing formula of T-Box is as follows:
Wherein, Ki,j rBe the sub-key of r wheel at unit (i, j), sr (i, j) represents that unit (i, j) is at process ShiftRowsPosition after operation, S represents the S box of AES.
4. the white box password non-uniform encoding guard method based on tabling look-up according to claim 1, is characterized in that, stepRapid 2), in, MixColumn operation acts on each time one and lists, and can be multiplied by one with the matrix M C of 32 × 32 bitsThe column vector of individual 32 bits represents. If whole MixColumn represents with a form, the size of this form is232× 32=16GB. In order to prevent with big look-up table like this, MC being divided into 2 parts by row, MixColumn operationCan represent with following formula:
Wherein, the form that MC is MixColumn represents mode, MC0、MC1For left and right two parts of MC.
Therefore, the calculating of MixColumns can split into the conversion composition of 2 16 bits to 32 bits, then by 2Individual transformation results is carried out XOR and is obtained last MixColumn result.
5. the white box password non-uniform encoding guard method based on tabling look-up according to claim 1, is characterized in that, stepRapid 3) in, W1Be transformed to the nonlinear transformation of the input of m bit, the output of m bit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510202424.0A CN105591734A (en) | 2015-04-24 | 2015-04-24 | White-box cryptograph non-linear encoding protection method based on table lookup |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510202424.0A CN105591734A (en) | 2015-04-24 | 2015-04-24 | White-box cryptograph non-linear encoding protection method based on table lookup |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105591734A true CN105591734A (en) | 2016-05-18 |
Family
ID=55931010
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510202424.0A Pending CN105591734A (en) | 2015-04-24 | 2015-04-24 | White-box cryptograph non-linear encoding protection method based on table lookup |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105591734A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107623568A (en) * | 2016-07-15 | 2018-01-23 | 青岛博文广成信息安全技术有限公司 | SM4 whitepack algorithms based on the S boxes for relying on key |
CN107623566A (en) * | 2016-07-15 | 2018-01-23 | 青岛博文广成信息安全技术有限公司 | SM4 whitepack algorithms based on nonlinear transformation |
CN108809626A (en) * | 2018-05-30 | 2018-11-13 | 北京安如山文化科技有限公司 | A kind of whitepack SM4 cryptographic algorithms scheme and system |
CN109412791A (en) * | 2018-11-29 | 2019-03-01 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
CN109450632A (en) * | 2019-01-11 | 2019-03-08 | 西安电子科技大学 | Key recovery method based on whitepack block cipher CLEFIA analysis |
CN109478995A (en) * | 2016-07-12 | 2019-03-15 | 捷德移动安全有限责任公司 | Whitepack Encryption Algorithm is realized |
CN109726565A (en) * | 2017-10-27 | 2019-05-07 | 恩智浦有限公司 | Whitepack is used in anti-leakage primitive |
CN111756521A (en) * | 2020-06-25 | 2020-10-09 | 桂林电子科技大学 | Cipher S box design method based on Feistel-SP structure |
CN111988330A (en) * | 2020-08-28 | 2020-11-24 | 苏州中科安源信息技术有限公司 | Information security protection system and method based on white-box encryption in distributed system |
CN113206734A (en) * | 2021-04-30 | 2021-08-03 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101536398A (en) * | 2006-11-17 | 2009-09-16 | 皇家飞利浦电子股份有限公司 | Cryptographic method for a white-box implementation |
CN101578813A (en) * | 2007-01-11 | 2009-11-11 | 皇家飞利浦电子股份有限公司 | Tracing copies of an implementation |
EP2293487A1 (en) * | 2009-09-08 | 2011-03-09 | Thomson Licensing | A method of diversification of a round function of an encryption algorithm |
CN102484581A (en) * | 2009-06-19 | 2012-05-30 | 耶德托公司 | White-box Cryptographic System With Configurable Key Using Intermediate Data Modification |
US20120179920A1 (en) * | 2011-01-10 | 2012-07-12 | Apple Inc. | Securing cryptographic process keys using internal structures |
-
2015
- 2015-04-24 CN CN201510202424.0A patent/CN105591734A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101536398A (en) * | 2006-11-17 | 2009-09-16 | 皇家飞利浦电子股份有限公司 | Cryptographic method for a white-box implementation |
CN101578813A (en) * | 2007-01-11 | 2009-11-11 | 皇家飞利浦电子股份有限公司 | Tracing copies of an implementation |
CN102484581A (en) * | 2009-06-19 | 2012-05-30 | 耶德托公司 | White-box Cryptographic System With Configurable Key Using Intermediate Data Modification |
EP2293487A1 (en) * | 2009-09-08 | 2011-03-09 | Thomson Licensing | A method of diversification of a round function of an encryption algorithm |
US20120179920A1 (en) * | 2011-01-10 | 2012-07-12 | Apple Inc. | Securing cryptographic process keys using internal structures |
Non-Patent Citations (2)
Title |
---|
S.CHOW,ET AL.: "White-Box Cryptography and an AES Implementation", 《SELECTED AREAS IN CRYPTOGRAPHY》 * |
肖雅莹: "白盒密码及AES与SMS4算法的实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109478995A (en) * | 2016-07-12 | 2019-03-15 | 捷德移动安全有限责任公司 | Whitepack Encryption Algorithm is realized |
CN107623566A (en) * | 2016-07-15 | 2018-01-23 | 青岛博文广成信息安全技术有限公司 | SM4 whitepack algorithms based on nonlinear transformation |
CN107623568A (en) * | 2016-07-15 | 2018-01-23 | 青岛博文广成信息安全技术有限公司 | SM4 whitepack algorithms based on the S boxes for relying on key |
CN109726565A (en) * | 2017-10-27 | 2019-05-07 | 恩智浦有限公司 | Whitepack is used in anti-leakage primitive |
CN109726565B (en) * | 2017-10-27 | 2024-04-16 | 恩智浦有限公司 | Using white boxes in anti-leakage primitives |
CN108809626A (en) * | 2018-05-30 | 2018-11-13 | 北京安如山文化科技有限公司 | A kind of whitepack SM4 cryptographic algorithms scheme and system |
CN109412791A (en) * | 2018-11-29 | 2019-03-01 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
CN109412791B (en) * | 2018-11-29 | 2019-11-22 | 北京三快在线科技有限公司 | Key information processing method, device, electronic equipment and computer-readable medium |
CN109450632A (en) * | 2019-01-11 | 2019-03-08 | 西安电子科技大学 | Key recovery method based on whitepack block cipher CLEFIA analysis |
CN111756521A (en) * | 2020-06-25 | 2020-10-09 | 桂林电子科技大学 | Cipher S box design method based on Feistel-SP structure |
CN111756521B (en) * | 2020-06-25 | 2022-05-27 | 桂林电子科技大学 | Cipher S box design method based on Feistel-SP structure |
CN111988330A (en) * | 2020-08-28 | 2020-11-24 | 苏州中科安源信息技术有限公司 | Information security protection system and method based on white-box encryption in distributed system |
CN113206734A (en) * | 2021-04-30 | 2021-08-03 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
CN113206734B (en) * | 2021-04-30 | 2022-04-29 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105591734A (en) | White-box cryptograph non-linear encoding protection method based on table lookup | |
CN106788974B (en) | Mask S box, grouping key calculation unit, device and corresponding construction method | |
CN106411518B (en) | A kind of unfixed symmetrical whitepack encryption method of key and device | |
CN113940028B (en) | Method and device for realizing white box password | |
CN110278072A (en) | One kind 16 takes turns SM4-128/128 whitepack password implementation method | |
CN104065474B (en) | Novel low-resource efficient lightweight Surge block cipher implementation method | |
CN104333446B (en) | A kind of novel ultra-light magnitude QTL block cipher implementation method | |
CN104618094B (en) | A kind of password Mask method strengthening anti-attack ability | |
JP7065888B6 (en) | Cryptographic devices and methods | |
CN111555862B (en) | White-box AES implementation method of random redundant round function based on mask protection | |
CN108809626A (en) | A kind of whitepack SM4 cryptographic algorithms scheme and system | |
CN105656622A (en) | White-box password nonlinear coding protection method based on combination of table look-up and disturbance scrambling | |
CN104410490B (en) | The method of non-linear extruding protection password S boxes | |
CN105191206A (en) | Electronic block cipher device suitable for obfuscation | |
CN104301095A (en) | DES round operation method and circuit | |
Lavanya et al. | Enhancing the security of AES through small scale confusion operations for data communication | |
CN109951273B (en) | SM4 algorithm white box implementation method and device | |
Joshi et al. | Implementation of S-Box for advanced encryption standard | |
Patel et al. | Hybrid security algorithms for data transmission using AES-DES | |
CN108650072A (en) | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method | |
Tang et al. | A one-time pad encryption algorithm based on one-way hash and conventional block cipher | |
Huang et al. | Image observation on the modified ECB operations in Advanced Encryption Standard | |
Venkatesha et al. | AES based algorithm for image encryption and decryption | |
Kumar et al. | Implementation of AES algorithm using VHDL | |
KR101807259B1 (en) | Apparatus and methdo for encoding |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160518 |