摘要
在白盒攻击环境中,攻击者能够访问密码算法的实现过程,观测密码算法的动态执行,掌握算法的内部细节,并任意修改.Chow等人提出白盒密码的概念,以应对白盒攻击环境,并给出白盒AES实现和白盒DES实现.本文提出一种SM4算法的新型白盒实现方案,对密码算法的内部状态进行扩充并在密码算法运行的过程中加入随机数对密钥进行混淆,使每一轮通过查找表加密后有一半信息是有用的,一半信息是混淆的.整个加密过程使用查找表与仿射变换进行表示,该方案需占用内存空间276.625 KB,查找表对应的白盒多样性与白盒含混度的值分别为2^646与2^86.该方案针对林婷婷等人的分析方法的复杂度为O(2^51),针对潘文伦等人的分析方法的密钥空间为61200·2^32,针对仿射等价算法的时间复杂度为O(2^97),可以有效抵抗代码提取攻击以及BGE攻击.
In a white-box attack context,the attacker can access the implementation of the cryptographic algorithm;observe the dynamic execution of the cryptographic algorithm;grasp the internal details of the algorithm and modify it at discretion.In response to a white-box attack context,Chow et al.proposed the concept of white-box ciphers,and gave white-box AES and white-box DES implementations.This paper presents a new white-box implementation of SM4 algorithm,which expands the internal state of the algorithm and obfuscate the key by adding random numbers in the process of running the cryptographic algorithm,so that half the information is useful and half the information is obfuscatated after each round of encryption via the lookup table.The whole encryption process is expressed using lookup tables and affine transformations.This scheme requires 276.625 KB of memory space.The values of white-box diversity and white-box ambiguity corresponding to the lookup table are 2^646 and 2^86,respectively.The complexity of this analysis method for Lin Tingting et al.is O(2^51),the key space for the analysis method for Pan Wenlun et al.is 61200·2^32,and the time complexity for the affine equivalent algorithm is O(2^97).This scheme can effectively resist code extraction attacks and BGE attack.
作者
姚思
陈杰
YAO Si;CHEN Jie(State Key Laboratory of ISN,Xidian University,Xi'an 710071,China;Cryptography Research Center,Xidian University,Xi'an 710071,China)
出处
《密码学报》
CSCD
2020年第3期358-374,共17页
Journal of Cryptologic Research
基金
“十三五”国家密码发展基金(MMJJ20180219)。
关键词
SM4算法
白盒攻击环境
白盒实现
查找表
混淆密钥
SM4 algorithm
white-box attack context
white-box implementation
lookup table
obfuscation key