A DCA-resistant Implementation of SM4 for the White-box Context
Pages 21 - 33
Abstract
SM4 [ISO.IEC.18033-3.AMD2] is a cryptographic standard issued by the Organization of State Commercial Administration of China as an authorized block cipher for the use within China. Based on threshold implementations and operations in composite fields, we propose and implement a fixed-key white-box SM4, where all intermediate values (inputs and outputs of the lookup tables) are masked. We express the SM4 S-box in term of operations in composite fields, thus reducing the total size of the lookup tables. The threshold implementation makes the distribution of the masked values uniform and independent of the original values being represented. The white-box SM4 implementation provides resistance against traditional white-box attacks, such as the affine equivalence attack, the BGE-like attack. For DCA-like attacks, our test shows that for aggregating 2048 single-bit correlations, an identified DCA leakage requires billions of microseconds of processor time to extract the secret key, which increases 1st order DCA resistance by at least thousands of times compared with resistance against a single-bit correlation used in a classical DCA attack.
References
[1]
2012. Office of State Commercial Cryptography Administration: Specification of SMS4, block cipher for WLAN products-SMS4. In http://www.oscca.gov.cn/UpFile/200621016423197990.pdf. Springer.
[2]
Kunpeng Bai and Chuankun Wu. 2016. An AES-like cipher and its white-box implementation. Comput. J. 59, 7 (2016), 1054--1065.
[3]
Kunpeng Bai and Chuankun Wu. 2016. A secure white-box SM4 implementation. Security and Communication Networks 9, 10 (2016), 996--1006.
[4]
Lejla Batina, Benedikt Gierlichs, and Kerstin Lemke-Rust. 2008. Comparative evaluation of rank correlation based DPA on an AES prototype chip. In International Conference on Information Security. Springer, 341--354.
[5]
Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen, and Georg Stütz. 2012. Threshold implementations of all 3× 3 and 4× 4 S-boxes. In International workshop on cryptographic hardware and embedded systems. Springer, 76--91.
[6]
Olivier Billet, Henri Gilbert, and Charaf Ech-Chatbi. 2004. Cryptanalysis of a white box AES implementation. In International workshop on selected areas in cryptography. Springer, 227--240.
[7]
Alex Biryukov, Charles Bouillaguet, and Dmitry Khovratovich. 2014. Cryptographic schemes based on the ASASA structure: Black-box, whitebox, and public-key. In International conference on the theory and application of cryptology and information security. Springer, 63--84.
[8]
Alex Biryukov, Christophe De Canniere, An Braeken, and Bart Preneel. 2003. A toolbox for cryptanalysis: Linear and affine equivalence algorithms. In International conference on the theory and applications of cryptographic techniques. Springer, 33--50.
[9]
Alex Biryukov and Aleksei Udovenko. 2018. Attacks and countermeasures for white-box designs. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 373--402.
[10]
Andrey Bogdanov and Takanori Isobe. 2015. White-box cryptography revisited: Space-hard ciphers. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1058--1069.
[11]
Joppe W Bos, Charles Hubain, Wil Michiels, and Philippe Teuwen. 2016. Differential computation analysis: Hiding your white-box designs is not enough. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 215--236.
[12]
Julien Bringer, Hervé Chabanne, Emmanuelle Dottax, et al. 2006. White Box Cryptography: Another Attempt. IACR Cryptol. ePrint Arch. 2006 (2006), 468.
[13]
David Canright. 2005. A very compact S-box for AES. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 441--455.
[14]
Stanley Chow, Philip Eisen, Harold Johnson, and Paul C Van Oorschot. 2002. White-box cryptography and an AES implementation. In International Workshop on Selected Areas in Cryptography. Springer, 250--270.
[15]
Whitfield Diffie, George Ledin, et al. 2008. SMS4 Encryption Algorithm for Wireless Networks. IACR Cryptol. ePrint Arch. 2008 (2008), 329.
[16]
Jeremy Erickson, Jintai Ding, and Chris Christensen. 2009. Algebraic cryptanalysis of SMS4: Gröbner basis attack and SAT attack compared. In International Conference on Information Security and Cryptology. Springer, 73--86.
[17]
Mohamed Karroumi. 2010. Protecting white-box AES with dual ciphers. In International conference on information security and cryptology. Springer, 278--291.
[18]
Seungkwang Lee, Taesung Kim, and Yousung Kang. 2018. A masked white-box cryptographic implementation for protecting against differential computation analysis. IEEE Transactions on Information Forensics and Security 13, 10 (2018), 2602--2615.
[19]
Tingting Lin and Xuejia Lai. 2013. Efficient attack to white-box SMS4 implementation. Journal of Software 24, 9 (2013), 2238--2249.
[20]
Tingting Lin, Hailun Yan, Xuejia Lai, Yixin Zhong, and Yin Jia. 2018. Security evaluation and improvement of a white-box SMS4 implementation based on affine equivalence algorithm. Comput. J. 61, 12 (2018), 1783--1790.
[21]
Ming-Jie Liu and Jia-Zhe Chen. 2014. Improved linear attacks on the Chinese block cipher standard. Journal of Computer Science and Technology 29, 6 (2014), 1123--1133.
[22]
Yu Liu, Huicong Liang, Wei Wang, and Meiqin Wang. 2017. New Linear Cryptanalysis of Chinese Commercial Block Cipher Standard SM4. Security and Communication Networks 2017 (2017).
[23]
Jiqiang Lu, Zhigang Zhao, and Huaqun Guo. 2019. White-Box Implementation of the KMAC Message Authentication Code. International Conference on Information Security Practice and Experience (2019), 248-- 270.
[24]
Wil Michiels, Paul Gorissen, and Henk DL Hollmann. 2008. Cryptanalysis of a generic class of white-box implementations. In International workshop on selected areas in cryptography. Springer, 414--428.
[25]
Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold implementations against side-channel attacks and glitches. In International conference on information and communications security. Springer, 529--545.
[26]
Svetla Nikova, Vincent Rijmen, and Martin Schläffer. 2011. Secure hardware implementation of nonlinear functions in the presence of glitches. Journal of Cryptology 24, 2 (2011), 292--321.
[27]
Christof Paar. 1994. Efficient VLSI architectures for bit-parallel computation in Galois fields. PhD Thesis, Inst. for Experimental Math., Univ. of Essen (1994).
[28]
Axel Poschmann, Amir Moradi, Khoongming Khoo, Chu-Wee Lim, Huaxiong Wang, and San Ling. 2011. Side-channel resistant crypto for less than 2,300 GE. Journal of Cryptology 24, 2 (2011), 322--345.
[29]
Atri Rudra, Pradeep K Dubey, Charanjit S Jutla, Vijay Kumar, Josyula R Rao, and Pankaj Rohatgi. 2001. Efficient Rijndael encryption implementation with composite field arithmetic. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 171--184.
[30]
Pascal Sasdrich, Amir Moradi, and Tim Güneysu. 2016. White-box cryptography in the gray box. In International Conference on Fast Software Encryption. Springer, 185--203.
[31]
Yang Shi, Wujing Wei, and Zongjian He. 2015. A lightweight white-box symmetric encryption algorithm against node capture for WSNs. Sensors 15, 5 (2015), 11928--11952.
[32]
Yang Shi, Wujing Wei, Fangguo Zhang, Xiapu Luo, Zongjian He, and Hongfei Fan. 2019. SDSRS: A novel white-box cryptography scheme for securing embedded devices in IIoT. IEEE Transactions on Industrial Informatics 16, 3 (2019), 1602--1616.
[33]
MM Wong, ML Dennis Wong, I Hijazin, and Asoke K Nandi. 2011. Composite field GF (((2 2) 2) 2) AES S-Box with direct computation in GF (2 4) inversion. In 2011 7th International Conference on Information Technology in Asia. IEEE, 1--6.
[34]
Yanni Xiao and Xuejia Lai. 2009. White-box cryptography and a whitebox implementation of the SMS4 algorithm. Proc. Chaincrypto (2009), 24--34.
[35]
Jian Zhang, Wenling Wu, and Yafei Zheng. 2016. Security of SM4 against (related-key) differential cryptanalysis. In International Conference on Information Security Practice and Experience. Springer, 65--78.
[36]
Yudi Zhang, Debiao He, Xinyi Huang, Ding Wang, Kim-Kwang Raymond Choo, and Jing Wang. 2020. White-box implementation of the identity-based signature scheme in the IEEE P1363 standard for public key cryptography. IEICE TRANSACTIONS on Information and Systems 103, 2 (2020), 188--195.
Index Terms
- A DCA-resistant Implementation of SM4 for the White-box Context
Recommendations
Attacking White-Box AES Constructions
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtectionA white-box implementation of the Advanced Encryption Standard (AES) is a software implementation which aims to prevent recovery of the block cipher's master secret key. This paper refines the design criteria for white-box AES constructions by describing ...
A secure white-box SM4 implementation
White-box cryptography aims at implementing a cipher to protect its key from being extracted in a white-box attack context, where an attacker has full control over dynamic execution of the cryptographic software. So far, most white-box implementations ...
Cryptanalysis of a white‐box SM4 implementation based on collision attack
AbstractWhite‐box cryptography is to primarily protect the key of a cipher from being extracted in a white‐box scenario, where an adversary has full access to the execution environment of software implementation. Since the introduction of white‐box ...
Comments
Information & Contributors
Information
Published In
November 2021
76 pages
ISBN:9781450385527
DOI:10.1145/3465413
- General Chair:
- Christophe Hauser,
- Program Chairs:
- Yonghwi Kwon,
- Sebastian Banescu
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 15 November 2021
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '21
Sponsor:
CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security
November 19, 2021
Virtual Event, Republic of Korea
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 108Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in