CN111901097A - White box implementation method and device, electronic equipment and computer storage medium - Google Patents

White box implementation method and device, electronic equipment and computer storage medium Download PDF

Info

Publication number
CN111901097A
CN111901097A CN202010783973.2A CN202010783973A CN111901097A CN 111901097 A CN111901097 A CN 111901097A CN 202010783973 A CN202010783973 A CN 202010783973A CN 111901097 A CN111901097 A CN 111901097A
Authority
CN
China
Prior art keywords
round
preset number
structure type
feistel structure
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010783973.2A
Other languages
Chinese (zh)
Other versions
CN111901097B (en
Inventor
潘文伦
张立廷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronics Technology Network Security Technology Co ltd
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN202010783973.2A priority Critical patent/CN111901097B/en
Publication of CN111901097A publication Critical patent/CN111901097A/en
Application granted granted Critical
Publication of CN111901097B publication Critical patent/CN111901097B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a white box implementation method, a white box implementation device, electronic equipment and a computer storage medium, and to-be-processed data is acquired; determining first preset number of round operations and second preset number of round operations of the Feistel structure type cipher algorithm as target round operations; when target round operation is carried out according to the Feistel structure type cipher algorithm, round operation is carried out on corresponding data based on a lookup table of the target round operation to obtain a corresponding round operation result, and a processing result of the data to be processed after the Feistel structure type cipher algorithm operation is carried out is obtained based on the round operation result, so that the safety is high; the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the total round number of target round operation is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.

Description

White box implementation method and device, electronic equipment and computer storage medium
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a white box implementation method and apparatus, an electronic device, and a computer storage medium.
Background
With the popularization of networks and intelligent terminals, such as mobile phones, tablets, computers and the like, in order to protect the security of various private data in the intelligent terminals, the intelligent terminals need to encrypt and decrypt data stored by the intelligent terminals by using a cryptographic algorithm, for example, the data is encrypted and decrypted by using a Feistel structure cryptographic algorithm. The Feistel structure cryptographic algorithm is a common cryptographic algorithm structure, and numerous cryptographic algorithms such as DES, SM4 and RC5 are all Feistel structures.
However, because the environment of the intelligent terminal is often uncontrollable, an attacker or a malicious user may obtain an intermediate calculation result in the encryption and decryption operation process of the Feistel structure type cryptographic algorithm through reverse engineering and other technologies, and then easily extract or reply a key used by the Feistel structure type cryptographic algorithm, so that the security of data is threatened, and the security of the Feistel structure type cryptographic algorithm is reduced.
To solve this problem, it is proposed to implement a white-box implementation of the cryptographic algorithm to protect the security of the key. However, the existing white box implementation scheme of the cryptographic algorithm constructed by people is difficult to achieve good balance in the aspects of security, storage, efficiency and the like, and the actual use effect is not good.
In summary, how to improve the key security of the Feistel structure type cipher algorithm when the untrusted terminal runs is a problem to be solved urgently by those skilled in the art at present.
Disclosure of Invention
The purpose of the disclosure is to provide a white box implementation method, which can solve the technical problem of how to improve the key security of the Feistel structure type cryptographic algorithm when the untrusted terminal runs to a certain extent. The disclosure also provides a white box implementation device, an electronic device and a computer readable storage medium.
According to a first aspect of the embodiments of the present disclosure, there is provided a white box implementation method, including:
acquiring data to be processed;
determining first preset number of round operations and second preset number of round operations of the Feistel structure type cipher algorithm as target round operations;
when target round operation is carried out according to the Feistel structure type cipher algorithm, round operation is carried out on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result, and a processing result of the data to be processed after the Feistel structure type cipher algorithm operation is carried out is obtained based on the round operation result;
the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.
Preferably, the method further comprises the following steps:
when non-target round operation is performed according to the Feistel structure type cipher algorithm, round operation is performed on data corresponding to the data to be processed based on the round key after mask protection to obtain a corresponding round operation result, and the processing result is obtained based on the round operation result.
Preferably, the number of branches of the Feistel structure type cipher algorithm includes 2, and before the round operation is performed on the data corresponding to the data to be processed based on the lookup table of the target round operation, the method further includes:
acquiring a key and a round function of the Feistel structure type cryptographic algorithm;
generating a corresponding round key through a key expansion algorithm based on the key;
generating a random permutation function and a random vector;
constructing a lookup table by a lookup table generation formula based on the round key, the round function, the random permutation function and the random vector;
the look-up table generation formula comprises:
Figure BDA0002621243730000021
Figure BDA0002621243730000022
Figure BDA0002621243730000023
Figure BDA0002621243730000024
Figure BDA0002621243730000025
Figure BDA0002621243730000026
Figure BDA0002621243730000027
Figure BDA0002621243730000028
Figure BDA0002621243730000031
Figure BDA0002621243730000032
Figure BDA0002621243730000033
Figure BDA0002621243730000034
wherein f represents the random permutation function; g represents the random permutation function; kiA round key representing an ith round of target round operation; f represents a round function of the Feistel structure type cipher algorithm; t is t1Representing the first preset number; t is t2Representing the second preset number; n represents the total round number of the Feistel structure type cipher algorithm; Δ' represents the random vector; deltai=Δ'i-1
Figure BDA0002621243730000035
Representing an exclusive or operation.
Preferably, before the round operation is performed on the data corresponding to the data to be processed by the lookup table based on the target round operation, the method further includes:
generating the mask protected round key through a mask round key generation formula based on the random vector;
the mask round key generation formula comprises:
Figure BDA0002621243730000036
wherein, K'iRepresenting the mask protected round keys.
Preferably, the round operation is performed on the data corresponding to the data to be processed based on the mask-protected round key to obtain a corresponding round operation result, including:
performing round operation on data corresponding to the data to be processed based on the mask protected round key through a non-target round operation formula to obtain a corresponding round operation result;
the non-target round of operation formula comprises:
L'i=R′i-1
Figure BDA0002621243730000037
wherein, L'iThe first data to be processed, R ', representing the i +1 th wheel calculation'iAnd representing the second data to be processed of the (i + 1) th round operation.
Preferably, the determining, as the target round operation, a first preset number of round operations before and a second preset number of round operations after the Feistel structure type cipher algorithm includes:
determining a first preset number of round operations before and a second preset number of round operations after the Feistel structure type cipher algorithm as the target round operations according to preset conditions;
the preset conditions comprise storage safety conditions, storage space conditions and operation efficiency conditions.
Preferably, before constructing the lookup table by using a lookup table generation formula based on the round key, the round function, the random permutation function, and the random vector, the method further includes:
determining the scale of the lookup table according to a preset condition;
the preset conditions comprise storage safety conditions, storage space conditions and operation efficiency conditions.
According to a second aspect of the embodiments of the present disclosure, there is provided a white box implementing apparatus, including:
the first acquisition module is used for acquiring data to be processed;
the first determining module is used for determining a first preset number of round operations before and a second preset number of round operations after the first preset number of round operations of the Feistel structure type cipher algorithm as target round operations;
the first operation module is used for performing round operation on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result when the target round operation is performed according to the Feistel structure type cryptographic algorithm, so as to obtain a processing result of the data to be processed after the Feistel structure type cryptographic algorithm is performed based on the round operation result;
the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.
According to a third aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of any of the methods described above.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium, on which a computer program is stored, which program, when executed by a processor, performs the steps of any of the methods described above.
The white box implementation method provided by the present disclosure obtains data to be processed; determining first preset number of round operations and second preset number of round operations of the Feistel structure type cipher algorithm as target round operations; when target round operation is carried out according to a Feistel structure type cipher algorithm, round operation is carried out on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result, and a processing result of the data to be processed after the Feistel structure type cipher algorithm operation is carried out is obtained based on the round operation result; the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation. According to the white box implementation method, the round key and the round function of the target round operation are hidden by means of the lookup table, so that an attacker cannot acquire the accurate round key and the round function even in an untrusted terminal, the Feistel structure type cryptographic algorithm cannot be attacked, and the safety is good. In addition, the white box implementation method provided by the disclosure can protect the Feistel structure type cipher algorithm only by hiding the round key and the round function in the round operation of the first preset number and the second preset number in the front and the second preset number, and the efficiency is high. The white box implementation device, the electronic equipment and the computer readable storage medium provided by the disclosure also solve the corresponding technical problems.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a first flowchart illustrating a white-box implementation in accordance with an exemplary embodiment;
FIG. 2 is a schematic diagram of an encryption operation of a conventional 2-branch Feistel structure-like cryptographic algorithm;
FIG. 3 is a schematic diagram illustrating a decryption operation of a conventional 2-branch Feistel-structured cipher algorithm;
FIG. 4 is a schematic diagram illustrating the operation of a 2-branch Feistel structure-like cryptographic algorithm according to the present disclosure;
FIG. 5 shows the first t of the present embodiment1Round looking up a table process diagram;
FIG. 6 shows the middle n-t of this embodiment1-t2Round looking up a table process diagram;
FIG. 7 shows the result t of the present embodiment2Round looking up a table process diagram;
FIG. 8 is a schematic diagram illustrating a white-box implementation in accordance with an exemplary embodiment;
fig. 9 is a block diagram illustrating an electronic device 900 in accordance with an example embodiment.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Referring to fig. 1, fig. 1 is a first flowchart illustrating a white-box implementation method according to an exemplary embodiment.
The white box implementation method related to the present disclosure may include the following steps:
step S101: and acquiring data to be processed.
It is to be understood that the data to be processed may be determined according to an application scenario, for example, the data to be processed may be video data in a video transmission process. The type of the data to be processed may also be determined according to an application scenario, for example, the data to be processed may be data to be encrypted or the like, and may also be data to be decrypted or the like; when the data to be processed is the data to be encrypted, the encryption operation of the data to be processed is realized by means of a Feistel structure type cipher algorithm, and when the data to be processed is the data to be decrypted, the decryption operation of the data to be processed is realized by means of the Feistel structure type cipher algorithm. It should be noted that, when the corresponding operation of the data to be processed is implemented by using the Feistel structure type cipher algorithm, the data to be processed needs to be split according to the number of branches of the Feistel structure type cipher algorithm, for example, when the number of branches of the Feistel structure type cipher algorithm is 3, the data to be processed is split into 3 segments of data, and the like.
Step S102: determining first preset number of round operations and second preset number of round operations of the Feistel structure type cipher algorithm as target round operations; the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm.
It can be understood that after the data to be processed is obtained, the first preset number of round operations and the second preset number of round operations of the Feistel structure-based cryptographic algorithm are determined as target round operations, and both the first preset number and the second preset number are greater than or equal to the number of branches of the Feistel structure-based cryptographic algorithm, so as to ensure that when the Feistel structure-based cryptographic algorithm white box is implemented, the round keys of the first preset number of round operations and the second preset number of round operations are safe, because when the first preset number is equal to the number of branches of the Feistel structure-based cryptographic algorithm, the coding of the internal state of the algorithm can be realized when the first preset number of round operations is completed in a table look-up manner, thereby realizing the protection of the round keys in the first preset number of round operations, similarly, when the second preset number is equal to the number of branches of the Feistel structure type cipher algorithm, the second preset number of round operations after the algorithm can be realized, and decoding is realized, so that the final output result is standard plaintext or ciphertext information, and the round keys after the second preset number of round operations are protected. With the increase of the first preset number and the second preset number, the security of the Feistel structure type cipher algorithm white box implementation is increased, but the operation efficiency is reduced. It should be noted that the first predetermined number of round operations refers to a first predetermined number of round operations from the first number of Feistel structure-like cryptographic algorithm round operations; the second preset number of round operations refers to the second preset number of round operations counted from the back of the Feistel structure type cryptographic algorithm round operations.
Step S103: when target round operation is carried out according to a Feistel structure type cipher algorithm, round operation is carried out on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result, and a processing result of the data to be processed after the Feistel structure type cipher algorithm operation is carried out is obtained based on the round operation result; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.
It can be understood that after the target round operation is determined, the data to be processed needs to be operated according to a Feistel structure type cipher algorithm, and in the process, when the target round operation is performed, the round operation needs to be performed on the data corresponding to the data to be processed based on the lookup table of the target round operation to obtain a corresponding round operation result; when the non-target round operation is carried out, the operation can be carried out according to the round operation definition of the Feistel structure type cipher algorithm. That is, when round operation is performed according to the Feistel structure type cipher algorithm, operation needs to be performed by means of a lookup table generated by a round key and a round function in target round operation, and operation can be performed by means of the round key and the round function directly in non-target round operation.
The look-up table to which the present disclosure relates is defined as follows: for the function y ═ f (x), the input value x is traversed, and the corresponding output values y are stored into a table according to the traversal sequence, so that when the input value is given, the table can be inquired according to the input value to obtain the corresponding output value; by means of look-up tables both the function can be implemented and the structure of the function can be hidden, e.g. assuming
Figure BDA0002621243730000071
When both functions g and h are double-mapped, if only the lookup table is known, no information of the functions g and h can be obtained, because for any bijective g, one bijective h can be found, so that the composite mapping function f of the two functions generates the same lookup table. Therefore, the round function and the round key in the target round operation can be hidden by the lookup table, and the protection of the round key of the Feistel structure type cipher algorithm is realized.
The white box implementation method provided by the present disclosure obtains data to be processed; determining first preset number of round operations and second preset number of round operations of the Feistel structure type cipher algorithm as target round operations; when target round operation is carried out according to a Feistel structure type cipher algorithm, round operation is carried out on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result, and a processing result of the data to be processed after the Feistel structure type cipher algorithm operation is carried out is obtained based on the round operation result; the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation. According to the white box implementation method, the round key and the round function of the target round operation are hidden by means of the lookup table, so that an attacker cannot acquire the accurate round key and the round function even in an untrusted terminal, the Feistel structure type cryptographic algorithm cannot be attacked, and the safety is good. In addition, the white box implementation method provided by the disclosure can protect the Feistel structure type cipher algorithm only by hiding the round key and the round function in the round operations of the first preset number and the second preset number by means of the lookup table, and the efficiency is high; and need not carry out outer coding, the data exchange of being convenient for.
In the white box implementation method related in the present disclosure, the number of branches of the Feistel structure type cipher algorithm may include 2; at this time, when performing round operation on the data corresponding to the data to be processed based on the lookup table of the target round operation, a second one of the target round operations may be searched in the lookup table t.j.1 of the target round operationA first search result corresponding to the data to be processed; searching a first to-be-processed data in the target round operation and a second search result corresponding to the first search result in the round in a search table T.j.2 of the target round operation; j represents the number of rounds of the target round operation in the Feistel structure type cipher algorithm. Referring to fig. 2, fig. 3 and fig. 4, fig. 2 is a schematic diagram illustrating an encryption operation of a conventional 2-branch Feistel-structure-type cipher algorithm; FIG. 3 is a schematic diagram illustrating a decryption operation of a conventional 2-branch Feistel-structured cipher algorithm; FIG. 4 is a schematic diagram illustrating the operation of a 2-branch Feistel structure-like cryptographic algorithm according to the present disclosure; wherein L is0Representing the left branch, R, of a Feistel-like structure cryptographic algorithm0Representing the right branch of the Feistel structure-like cryptographic algorithm. As can be seen from fig. 2, fig. 3, and fig. 4, the white-box implementation method provided by the present disclosure can protect the round key and the round function in the target round operation from being obtained by an attacker, and has good security.
For convenience of understanding, the construction mode of the lookup table in the target round operation and the encryption and decryption correctness and security of the white-box implementation method provided by the disclosure are analyzed by combining the encryption process of the Feistel structure type cipher algorithm. The process of encryption operation of the existing Feistel structure type cipher algorithm is as follows: (L)0,R0)=P;Li=Ri-1
Figure BDA0002621243730000081
C=(Rn,Ln) (ii) a Wherein P represents plaintext information, C represents ciphertext information, i represents the number of rounds of round calculation, F represents a round function, K represents the number of rounds of round calculationiA round key representing the ith round of operation. According to the encryption operation process of the Feistel structure type cipher algorithm, when a lookup table is constructed, random permutation f can be generated firstly1,f2,…,fn,g1,g2,…,gn-1Regenerating a look-up table
Figure BDA0002621243730000082
And g is-1,g0,gn-1,gnAre all identical transformations.
In a look-up table based on the generation as shown in FIG. 4When the structure is performing encryption operation, R0After being queried by a lookup table T.1.1, y is obtained0The construction of the look-up table indicates y0=f1(F(R0,K1));(L0,y0) Obtaining R 'after being inquired by a lookup table T.1.2'1R 'is known'1=g1(R1) (ii) a In round 2, R'1After being inquired by a lookup table T.2.1, y is obtained1Easy to know
Figure BDA0002621243730000083
Then (L)1,y1) Obtaining R 'after being inquired by a query table T.2.2'2R 'is easily known'2=g2(R2) At this time, L'2=R′1=g1(L2). Correspondingly, L 'can be obtained by sequentially querying the lookup table'i=gi-1(Li),R′i=gi(Ri) I is 3,4, …, n-2. At n-1 th wheel, R 'first'n-2Obtaining y after being inquired by a look-up table T, (n-1) 1n-2Easy to know yn-2=fn-1(F(Rn-2,Kn-1) ); then (L'n-2,yn-2) Obtaining R 'after being inquired by a query table T. (n-1). 2'n-1Easy to know
Figure BDA0002621243730000091
At this time, L'n-1=R'n-2=gn-2(Ln-1). At the last round, R'n-1Namely Rn-1Y is obtained after being inquired by a lookup table T.n.1n-1Easy to know yn-1=fn(F(Rn-1,Kn) ); then (L'n-1,yn-1) Obtaining R 'after being inquired by a lookup table T.n.2'nEasy to know
Figure BDA0002621243730000092
L 'at this time'n=R'n-1=Rn-1=LnTherefore, the encrypted ciphertext of the white-box implementation method provided by the disclosure is the same as the ciphertext obtained by directly encrypting the plaintext by using the Feistel structure type cipher algorithm.
In analyzing encrypted positiveAfter the confirmation, the security is analyzed again: when the permutation functions f, g are random permutation functions, the mappings f, g cannot be separated from the lookup tables provided by the present disclosure, such as the given lookup table t.j.1, for any given random permutation
Figure BDA0002621243730000093
Or KjThere is always a mapping f such that the constructed look-up table is identical to t.j.1, so that no information about the round key K can be obtained from the look-up tablejAny of (3). It is easy to know that combining multiple lookup tables cannot obtain the round key K for the same reasonjThe information of (1). Therefore, the white box implementation method provided by the disclosure has the advantages that the first preset number of round operations and the second preset number of round operations have safety, and the round keys of the corresponding rounds can be effectively protected. In practical application, due to limitations such as storage, random permutation may not be randomly selected from the whole permutation space, and at this time, the security of round keys of the first preset number of round operations and the second preset number of round operations may be reduced to a certain extent, and random permutation may be selected within a reasonable range according to actual security and storage requirements.
In the white box implementation method provided by the present disclosure, in order to improve the security of the white box implementation method, when performing non-target round operation according to a Feistel structure type cipher algorithm, round operation may be performed on data corresponding to data to be processed based on a round key protected by a mask to obtain a corresponding round operation result, so as to obtain a processing result based on the round operation result.
In the white box implementation method provided by the disclosure, in order to improve the operation efficiency of the white box implementation method, the scale of the white box implementation method can be reduced by combining the cyclic difference characteristic of the Feistel structure type cryptographic algorithm, and before performing round operation on data corresponding to the data to be processed based on the lookup table of the target round operation, a key and a round function of the Feistel structure type cryptographic algorithm can be obtained; generating a corresponding round key through a key expansion algorithm based on the key; generating a random permutation function and a random vector; constructing a lookup table by a lookup table generation formula based on the round key, the round function, the random permutation function and the random vector;
the look-up table generation formula comprises:
Figure BDA0002621243730000101
Figure BDA0002621243730000102
Figure BDA0002621243730000103
Figure BDA0002621243730000104
Figure BDA0002621243730000105
Figure BDA0002621243730000106
Figure BDA0002621243730000107
Figure BDA0002621243730000108
Figure BDA0002621243730000109
Figure BDA00026212437300001010
Figure BDA00026212437300001011
Figure BDA00026212437300001012
wherein f represents a random permutation function; g represents a random permutation function; kiA round key representing an ith round of target round operation; f represents a round function of a Feistel structure type cipher algorithm; t is t1Representing a first preset number; t is t2Representing a second preset number; n represents the total round number of the Feistel structure type cipher algorithm; Δ' represents a random vector; deltai=Δ'i-1
Figure BDA00026212437300001013
Representing an exclusive or operation;
Figure BDA00026212437300001014
representing a multiplication operation.
Correspondingly, the mask-protected round key can be generated through a mask round key generation formula based on the random vector; the mask round key generation formula may include:
Figure BDA00026212437300001015
Figure BDA00026212437300001016
wherein, K'iIndicating the mask protected round keys. Then, when the round operation is performed on the data corresponding to the data to be processed based on the round key after mask protection to obtain a corresponding round operation result, the round operation can be performed on the data corresponding to the data to be processed based on the round key after mask protection through a non-target round operation formula to obtain a corresponding round operation result; the non-target round robin formulation may include:
L'i=R′i-1
Figure BDA00026212437300001017
wherein, L'iThe first data to be processed, R ', representing the i +1 th wheel calculation'iAnd representing the second data to be processed of the (i + 1) th round operation.
Wherein, according to the FeisteL ' when the structure type encryption algorithm carries out non-target wheel calculation, the formula L ' is passed 'i=R′i-1
Figure BDA00026212437300001018
Performing round operation; l'iRepresenting the first data to be processed for the (i + 1) th round of operation, Ri' denotes the second data to be processed of the (i + 1) th round of operation.
Because the round function of the Feistel structure type cipher algorithm meets the following characteristics:
Figure BDA00026212437300001019
wherein the function g is determined by a round function F; that is, when the input information (X, K) of the function F is simultaneously given with the specific difference Δ, g (Δ), respectively, the output information of the round function F remains unchanged, and accordingly, the lookup table can be constructed according to the lookup table generation formula in the embodiment, so that the white-box implementation method provided by the present disclosure has a lower storage space and higher operation efficiency.
Now, the correctness and security of encryption and decryption of the white-box implementation method provided in this embodiment are analyzed with reference to fig. 5, fig. 6, and fig. 7. FIG. 5 shows the first t of the present embodiment1Round looking up a table process diagram; FIG. 6 shows the middle n-t of this embodiment1-t2Round looking up a table process diagram; FIG. 7 shows the result t of the present embodiment2And (5) checking the process chart in turn.
From top t1As can be seen from the structure of the round lookup table and FIG. 5, the time t is before1After round table look-up operation, the intermediate operation result is obtained
Figure BDA0002621243730000111
The following relationship is satisfied:
Figure BDA0002621243730000112
Figure BDA0002621243730000113
then, sequentially calculate
Figure BDA0002621243730000114
And
Figure BDA0002621243730000115
the calculation process is similar, so that the method can be known
Figure BDA0002621243730000116
Finally, FIG. 7 shows the result2The construction process of the round lookup table can be known, and the finally obtained operation result Rn||LnThe encryption result obtained by the method is the same as the encryption result obtained by the Feistel structure type cryptographic algorithm standard, that is, the white box implementation method provided by this embodiment has the encryption and decryption correctness.
After the correctness of the encryption and decryption of the embodiment is verified, the security of the embodiment is analyzed: first, in a white-box attack environment, an attacker can obtain all intermediate operation processes of the Feistel structure type cryptographic algorithm, that is, the attacker can obtain the intermediate operation processes in this embodiment
Figure BDA0002621243730000117
Figure BDA0002621243730000118
Then, the difficulty of an attacker for acquiring the round key from the information is analyzed, and the information acquired by the attacker has the following relationship:
Figure BDA0002621243730000119
Figure BDA00026212437300001110
Figure BDA00026212437300001111
Figure BDA00026212437300001112
Figure BDA00026212437300001113
because of the fact that
Figure BDA00026212437300001114
To any of delta'i-1All are true, thus, only R is knowni'-1,KiIn the case of' K cannot be obtained from this calculationiAny information of (2), in turn due to
Figure BDA00026212437300001115
Thereby the round key
Figure BDA00026212437300001116
Is completely dependent on the random number
Figure BDA00026212437300001117
When the random numbers are not acquired, the information of the round keys cannot be acquired; observing the above relationship, the attacker can obtain about
Figure BDA0002621243730000121
Useful information of (a) is:
Figure BDA0002621243730000122
due to the fact that
Figure BDA0002621243730000123
The attacker can thus obtain the following relationships:
Figure BDA0002621243730000124
n-t above1-t2The total number of n-t in the linear equation1-t2+2 variables
Figure BDA0002621243730000125
Whereby the number of possible values of these variables is two of themTaking value of space according to delta'2And delta'4The value of (2) is easily known as the space sizeNWhere N is the packet length of the algorithm, i.e., the binary length of the plaintext message. As explained above, in a white-box attack environment, only the middle n-t is considered1-t2The complexity of recovering the round keys of the rounds is 2N. Thus, the attacker can see n-t from the middle1-t2Useful information about the key of the wheel cannot be obtained in the wheel, and the safety of the scheme is mainly determined by the top t1Wheel and rear t2Safety determination of the wheel, i.e. if it is preceding t1In or behind the wheel t2In the round, the round key information and the random number information contained in the lookup table are effectively protected, so that the whole scheme is safe.
In the white box implementation method provided by the disclosure, because the number of rounds of target round operation can affect the security, the storage space occupancy rate, the operating efficiency and the like of the white box implementation method, when the first preset number of rounds of operation and the second preset number of rounds of operation of the Feistel structure type cryptographic algorithm are determined as the target round operation, in order to enable the white box implementation method provided by the disclosure to meet the requirement set by the outside, the first preset number of rounds of operation and the second preset number of rounds of operation of the Feistel structure type cryptographic algorithm can be determined as the target round operation according to the preset condition; the preset conditions may include storage security conditions, storage space conditions, and operation efficiency conditions.
In the white box implementation method provided by the present disclosure, due to the resolvability of the lookup table, in order to reduce the scale of the scheme or improve the efficiency of the scheme, the scale of the lookup table may be determined according to a preset condition, for example, the number of lookup tables implementing a certain operation is determined, and then, before the lookup table is constructed by generating a formula through the lookup table based on a round key, a round function, a random permutation function, and a random vector, a set security condition may also be obtained, and the scale of the lookup table is determined based on the security condition; of course, the set storage condition may also be obtained, and the size of the lookup table may be determined based on the storage condition; it is also possible to acquire a set efficiency condition and determine the size of the lookup table based on the efficiency condition.
It can be understood that, in order to further ensure the security of the white box implementation method provided by the present disclosure, a code obfuscation method may also be used to obfuscate and hide the lookup table in the embodiment of the present disclosure, so as to enhance the difficulty of an attacker in cracking the lookup table, and ensure the security of the entire method.
Referring to fig. 8, fig. 8 is a schematic structural diagram illustrating a white box implementing device according to an exemplary embodiment.
The white box implementing apparatus 800 according to the present disclosure may include:
a first obtaining module 810, configured to obtain data to be processed;
a first determining module 820, configured to determine a first preset number of round operations before and a second preset number of round operations after the Feistel structure-based cipher algorithm as a target round operation;
the first operation module 830 is configured to, when performing target round operation according to a Feistel structure type cipher algorithm, perform round operation on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result, and obtain a processing result of the data to be processed after the Feistel structure type cipher algorithm is performed based on the round operation result;
the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.
The white box realization device that this disclosure relates to can also include:
and the second operation module is used for performing round operation on the data corresponding to the data to be processed based on the round key after mask protection to obtain a corresponding round operation result when performing non-target round operation according to a Feistel structure type cryptographic algorithm, so as to obtain a processing result based on the round operation result.
According to the white box implementation device, the branch number of the Feistel structure type cipher algorithm can include 2;
correspondingly, the method can further comprise the following steps:
the second acquisition module is used for acquiring a key and a round function of the Feistel structure type cryptographic algorithm before the first operation module performs round operation on the data corresponding to the data to be processed based on the lookup table of the target round operation;
the first generation module is used for generating a corresponding round key through a key expansion algorithm based on the key;
the second generation module is used for generating a random permutation function and a random vector;
the first construction module is used for generating a formula construction lookup table through the lookup table based on the round key, the round function, the random permutation function and the random vector;
the look-up table generation formula comprises:
Figure BDA0002621243730000141
Figure BDA0002621243730000142
Figure BDA0002621243730000143
Figure BDA0002621243730000144
Figure BDA0002621243730000145
Figure BDA0002621243730000146
Figure BDA0002621243730000147
Figure BDA0002621243730000148
Figure BDA0002621243730000149
Figure BDA00026212437300001410
Figure BDA00026212437300001411
Figure BDA00026212437300001412
wherein f represents a random permutation function; g represents a random permutation function; kiA round key representing an ith round of target round operation; f represents a round function of a Feistel structure type cipher algorithm; t is t1Representing a first preset number; t is t2Representing a second preset number; n represents the total round number of the Feistel structure type cipher algorithm; Δ' represents a random vector; deltai=Δ'i-1
Figure BDA00026212437300001413
Representing an exclusive or operation.
The white box realization device that this disclosure relates to can also include:
the third generation module is used for generating a mask-protected round key through a mask round key generation formula based on a random vector before the first operation module performs round operation on data corresponding to the data to be processed based on the lookup table of the target round operation;
the mask round key generation formula comprises:
Figure BDA00026212437300001414
wherein, K'iIndicating the mask protected round keys.
The white box implementation device related to the present disclosure, the second operation module may include:
the first operation unit is used for performing round operation on data corresponding to the data to be processed based on the round key after mask protection through a non-target round operation formula to obtain a corresponding round operation result;
the non-target round operation formula comprises:
L'i=R′i-1
Figure BDA0002621243730000151
wherein, L'iThe first data to be processed, R ', representing the i +1 th wheel calculation'iAnd representing the second data to be processed of the (i + 1) th round operation.
The first determining module may include:
the first determining unit is used for determining first preset number of round operations and second preset number of round operations in front of the Feistel structure type cipher algorithm as target round operations according to preset conditions;
the preset conditions comprise storage safety conditions, storage space conditions and operation efficiency conditions.
The white box realization device that this disclosure relates to can also include:
the second determining module is used for determining the scale of the lookup table according to preset conditions before the first operation module generates a formula to construct the lookup table through the lookup table based on the round key, the round function, the random permutation function and the random vector; the preset conditions comprise storage safety conditions, storage space conditions and operation efficiency conditions.
Fig. 9 is a block diagram illustrating an electronic device 900 in accordance with an example embodiment. As shown in fig. 8, the electronic device 900 may include: a processor 901 and a memory 902. The electronic device 900 may also include one or more of a multimedia component 903, an input/output (I/O) interface 904, and a communications component 905.
The processor 901 is configured to control the overall operation of the electronic device 900, so as to complete all or part of the steps in the white-box implementation method. The memory 902 is used to store various types of data to support operation of the electronic device 900, such as instructions for any application or method operating on the electronic device 900 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and the like. The Memory 902 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia component 903 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 902 or transmitted through the communication component 905. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 904 provides an interface between the processor 901 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 905 is used for wired or wireless communication between the electronic device 900 and other devices. Wireless communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding communication component 905 may include: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the electronic Device 900 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the white-box implementation method described above.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the white-box implementation method described above is also provided. For example, the computer readable storage medium may be the memory 902 described above comprising program instructions executable by the processor 901 of the electronic device 900 to perform the white-box implementation described above.
For a description of a relevant part in a white box implementation apparatus, an electronic device, and a computer-readable storage medium provided in the embodiments of the present disclosure, reference is made to detailed descriptions of corresponding parts in a white box implementation method provided in the embodiments of the present disclosure, and details are not repeated here. In addition, parts of the above technical solutions provided in the embodiments of the present disclosure that are consistent with the implementation principle of the corresponding technical solutions in the prior art are not described in detail, so as to avoid redundant description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A white-box implementation method is characterized by comprising the following steps:
acquiring data to be processed;
determining first preset number of round operations and second preset number of round operations of the Feistel structure type cipher algorithm as target round operations;
when target round operation is carried out according to the Feistel structure type cipher algorithm, round operation is carried out on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result, and a processing result of the data to be processed after the Feistel structure type cipher algorithm operation is carried out is obtained based on the round operation result;
the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.
2. The method of claim 1, further comprising:
when non-target round operation is performed according to the Feistel structure type cipher algorithm, round operation is performed on data corresponding to the data to be processed based on the round key after mask protection to obtain a corresponding round operation result, and the processing result is obtained based on the round operation result.
3. The method according to claim 2, wherein the number of branches of the Feistel structure-like cipher algorithm includes 2, and before performing round operation on the data corresponding to the data to be processed based on the look-up table of the target round operation, the method further includes:
acquiring a key and a round function of the Feistel structure type cryptographic algorithm;
generating a corresponding round key through a key expansion algorithm based on the key;
generating a random permutation function and a random vector;
constructing a lookup table by a lookup table generation formula based on the round key, the round function, the random permutation function and the random vector; the look-up table generation formula comprises:
Figure FDA0002621243720000011
Figure FDA0002621243720000012
Figure FDA0002621243720000013
Figure FDA0002621243720000014
Figure FDA0002621243720000015
Figure FDA0002621243720000021
Figure FDA0002621243720000022
Figure FDA0002621243720000023
Figure FDA0002621243720000024
Figure FDA0002621243720000025
Figure FDA0002621243720000026
Figure FDA0002621243720000027
wherein f represents the random permutation function; g represents the random permutation function; kiA round key representing an ith round of target round operation; f represents a round function of the Feistel structure type cipher algorithm; t is t1Representing the first preset number; t is t2Representing the second preset number; n represents the total round number of the Feistel structure type cipher algorithm; Δ' represents the random vector; deltai=Δ'i-1
Figure FDA0002621243720000028
Representing an exclusive or operation.
4. The method according to claim 3, wherein before performing the round operation on the data corresponding to the data to be processed based on the look-up table of the target round operation, the method further comprises:
generating the mask protected round key through a mask round key generation formula based on the random vector;
the mask round key generation formula comprises:
Figure FDA0002621243720000029
wherein, K'iRepresenting the mask protected round keys.
5. The method according to claim 4, wherein performing round operation on data corresponding to the data to be processed based on the mask-protected round key to obtain a corresponding round operation result comprises:
performing round operation on data corresponding to the data to be processed based on the mask protected round key through a non-target round operation formula to obtain a corresponding round operation result;
the non-target round of operation formula comprises:
Figure FDA00026212437200000210
wherein, L'iThe first data to be processed, R ', representing the i +1 th wheel calculation'iAnd representing the second data to be processed of the (i + 1) th round operation.
6. The method according to any one of claims 1 to 5, wherein the determining a first preset number of round operations before and a second preset number of round operations after the Feistel structure-like cipher algorithm as the target round operations comprises:
determining a first preset number of round operations before and a second preset number of round operations after the Feistel structure type cipher algorithm as the target round operations according to preset conditions;
the preset conditions comprise storage safety conditions, storage space conditions and operation efficiency conditions.
7. The method according to any one of claims 1 to 5, wherein before constructing the lookup table by a lookup table generation formula based on the round key, the round function, the random permutation function, and the random vector, further comprising:
determining the scale of the lookup table according to a preset condition;
the preset conditions comprise storage safety conditions, storage space conditions and operation efficiency conditions.
8. A white-box implementation apparatus, comprising:
the first acquisition module is used for acquiring data to be processed;
the first determining module is used for determining a first preset number of round operations before and a second preset number of round operations after the first preset number of round operations of the Feistel structure type cipher algorithm as target round operations;
the first operation module is used for performing round operation on data corresponding to the data to be processed based on a lookup table of the target round operation to obtain a corresponding round operation result when the target round operation is performed according to the Feistel structure type cryptographic algorithm, so as to obtain a processing result of the data to be processed after the Feistel structure type cryptographic algorithm is performed based on the round operation result;
the first preset number and the second preset number are both greater than or equal to the number of branches of the Feistel structure type cipher algorithm, and the sum of the first preset number and the second preset number is less than or equal to the total round number of the Feistel structure type cipher algorithm; the lookup table includes a lookup table generated based on the round key and the round function of the target round operation.
9. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202010783973.2A 2020-08-06 2020-08-06 White box implementation method and device, electronic equipment and computer storage medium Active CN111901097B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010783973.2A CN111901097B (en) 2020-08-06 2020-08-06 White box implementation method and device, electronic equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010783973.2A CN111901097B (en) 2020-08-06 2020-08-06 White box implementation method and device, electronic equipment and computer storage medium

Publications (2)

Publication Number Publication Date
CN111901097A true CN111901097A (en) 2020-11-06
CN111901097B CN111901097B (en) 2023-04-07

Family

ID=73246899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010783973.2A Active CN111901097B (en) 2020-08-06 2020-08-06 White box implementation method and device, electronic equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN111901097B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113162756A (en) * 2021-03-31 2021-07-23 郑州信大捷安信息技术股份有限公司 SM4 algorithm implementation method and device based on table lookup
CN114095148A (en) * 2021-10-28 2022-02-25 重庆邮电大学 White-box password encryption method based on local differential privacy protection

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160048689A1 (en) * 2013-03-27 2016-02-18 Irdeto B.V. Tamper resistant cryptographic algorithm implementation
US20170033922A1 (en) * 2015-07-30 2017-02-02 Nxp B.V Balanced Encoding of Intermediate Values Within a White-Box Implementation
US20170149559A1 (en) * 2015-11-25 2017-05-25 Nxp, B.V. Protecting white-box feistel network implementation against fault attack
CN108123794A (en) * 2017-12-20 2018-06-05 上海众人网络安全技术有限公司 The generation method and encryption method of whitepack key, apparatus and system
CN109981256A (en) * 2019-04-03 2019-07-05 华南师范大学 Whitepack block cipher building method and system based on FeisitelBox structure
CN110278072A (en) * 2019-07-11 2019-09-24 北京电子科技学院 One kind 16 takes turns SM4-128/128 whitepack password implementation method
CN110784306A (en) * 2019-11-01 2020-02-11 成都卫士通信息产业股份有限公司 SM4 algorithm white box implementation method and device, electronic equipment and computer medium
US20200136800A1 (en) * 2018-10-26 2020-04-30 Samsung Sds Co., Ltd. Apparatus and method for generating cryptographic algorithm, apparatus and method for encryption
US20200136801A1 (en) * 2018-10-26 2020-04-30 Samsung Sds Co., Ltd. Apparatus and method for generating cryptographic algorithm, apparatus and method for encryption

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160048689A1 (en) * 2013-03-27 2016-02-18 Irdeto B.V. Tamper resistant cryptographic algorithm implementation
US20170033922A1 (en) * 2015-07-30 2017-02-02 Nxp B.V Balanced Encoding of Intermediate Values Within a White-Box Implementation
US20170149559A1 (en) * 2015-11-25 2017-05-25 Nxp, B.V. Protecting white-box feistel network implementation against fault attack
CN106888080A (en) * 2015-11-25 2017-06-23 恩智浦有限公司 Protection whitepack feistel network implementations are in case fault analysis
CN108123794A (en) * 2017-12-20 2018-06-05 上海众人网络安全技术有限公司 The generation method and encryption method of whitepack key, apparatus and system
US20200136800A1 (en) * 2018-10-26 2020-04-30 Samsung Sds Co., Ltd. Apparatus and method for generating cryptographic algorithm, apparatus and method for encryption
US20200136801A1 (en) * 2018-10-26 2020-04-30 Samsung Sds Co., Ltd. Apparatus and method for generating cryptographic algorithm, apparatus and method for encryption
CN109981256A (en) * 2019-04-03 2019-07-05 华南师范大学 Whitepack block cipher building method and system based on FeisitelBox structure
CN110278072A (en) * 2019-07-11 2019-09-24 北京电子科技学院 One kind 16 takes turns SM4-128/128 whitepack password implementation method
CN110784306A (en) * 2019-11-01 2020-02-11 成都卫士通信息产业股份有限公司 SM4 algorithm white box implementation method and device, electronic equipment and computer medium

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
TING-TING LIN ECT.: "A New Feistel-Type White-Box Encryption Scheme", 《JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY》 *
YANG SHI ECT.: "A Light-Weight White-Box Encryption Scheme for Securing Distributed Embedded Devices", 《IEEE TRANSACTIONS ON COMPUTERS》 *
倪博煜等: "改进的Type-1型广义Feistel结构的量子攻击及其在分组密码CAST-256上的应用", 《电子与信息学报》 *
姚思等: "白盒密码研究", 《广播电视信息》 *
潘文伦, 张立廷: "倍点运算的白盒化实现及应用", 《密码学报》 *
邓元豪, 金晨辉, 赵杰卿: "Type-3 型广义Feistel结构的中间相遇攻击", 《密码学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113162756A (en) * 2021-03-31 2021-07-23 郑州信大捷安信息技术股份有限公司 SM4 algorithm implementation method and device based on table lookup
CN114095148A (en) * 2021-10-28 2022-02-25 重庆邮电大学 White-box password encryption method based on local differential privacy protection
CN114095148B (en) * 2021-10-28 2023-09-26 重庆邮电大学 White box password encryption method based on local differential privacy protection

Also Published As

Publication number Publication date
CN111901097B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN110784306B (en) SM4 algorithm white box implementation method and device, electronic equipment and computer medium
US9838198B2 (en) Splitting S-boxes in a white-box implementation to resist attacks
CN112003696B (en) SM9 key generation method, system, electronic equipment, device and storage medium
CN110719159A (en) Multi-party privacy set intersection method for resisting malicious enemies
CN110235409A (en) Use the protected RSA signature of homomorphic cryptography or the method for decryption
CN112287377A (en) Model training method based on federal learning, computer equipment and storage medium
CN110795762B (en) Reserved format encryption method based on stream cipher
CN108270550B (en) Safe and efficient white box implementation method and device based on SM4 algorithm
KR20070057968A (en) Sharing a secret by using random function
US9576116B2 (en) Secure software components anti-reverse-engineering by table interleaving
Bai et al. A secure white‐box SM4 implementation
US9641328B1 (en) Generation of public-private key pairs
CN111901097B (en) White box implementation method and device, electronic equipment and computer storage medium
CN105359450A (en) Tamper resistant cryptographic algorithm implementation
CN114175572A (en) System and method for performing equality and subordination operations on encrypted data using quasigroup operations
CN112865957A (en) Data encryption transmission method and device, computer target equipment and storage medium
CN108667598B (en) Device and method for realizing secure key exchange and secure key exchange method
CN113098675B (en) Binary data encryption system and method based on polynomial complete homomorphism
CN105721134A (en) Using single white-box implementation with multiple external encodings
Ajmal et al. Cloud computing platform: Performance analysis of prominent cryptographic algorithms
Ullah et al. Deep self-learning based dynamic secret key generation for novel secure and efficient hashing algorithm
CN111600867B (en) Data encryption method and related equipment
CN107592963B (en) Method and computing device for performing secure computations
CN112019327B (en) White box realization method and device, electronic equipment and computer storage medium
JP7383985B2 (en) Information processing device, information processing method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041

Patentee after: China Electronics Technology Network Security Technology Co.,Ltd.

Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041

Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc.