摘要
在白盒攻击环境下,攻击者不仅能访问密码算法的输入输出,还能获取算法的内部细节并控制终端。在此环境下,CHOW等人利用网络化编码构造查找表,将密钥嵌入查找表内,设计了AES和DES算法的白盒实现方案。基于自等价编码设计的密码算法白盒实现是一种新型的实现方式,RANEA等人利用S盒的自等价编码设计了一种针对代换-置换密码的白盒实现方案,其编码空间的大小完全依赖于密码的S盒自等价,并且安全性分析也表明该方案的适用范围有限。针对此情况,考虑了S盒的自等价对白盒实现安全性的影响,提出了两种改进方案,即通过对线性层添加自等价编码或对仿射层添加线性编码的方式来扩大白盒实现方案的编码空间。安全性分析表明,两种改进方案均能有效地抵抗RANEA等人方案的攻击,扩大了方案的使用范围。最后基于以上两种设计方案,构造了两种AES算法的白盒实现,并与RANEA等人的白盒AES方案进行了安全性对比。对比结果证明这两种改进方案均可以抵抗基于中心化子问题和非对称问题的归约攻击。
In the white box attack environment,the attacker can not only access the input and output of the cryptographic algorithms,but also obtain the internal details of the algorithms and control the terminal.In this environment,CHOW et al.constructed the look-up tables by using network encodings,embedded the key in the look-up tables,and designed the white-box implementation scheme for the AES algorithm and DES algorithm.The white-box implementation of the cryptographic algorithm based on self-equivalent encodings design is a new implementation method.RANEA et al.designed a white-box implementation scheme for substitution replacement cipher by using the self-equivalent encodings of the S-box.The size of encoding space completely depends on the S-box self-equivalence of the cipher,and the security analysis also shows that the application scope of this scheme is limited.In view of this situation,this paper considers the impact of self-equivalence of the S-box on the security of white-box implementation,and proposes two improved schemes for expanding the encoding space of the white-box implementation scheme by adding self-equivalence encodings to the linear layer or linear encodings to the affine layer.Security analysis shows that the two improved schemes can effectively resist the attacks from RANEAet al,and expand the application scope of the scheme.Finally,based on the above two design schemes,this paper constructs two white-box implementations of the AES algorithm,and compares the security with the white-box AES scheme of RANEA et al.The comparison results show that the two improved schemes can resist protocol attacks based on the centralization problem and asymmetric problem.
作者
罗一诺
童鹏
陈杰
董晓丽
LUO Yinuo;TONG Peng;CHEN Jie;DONG Xiaoli(State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China;School of Cyber Engineering,Xidian University,Xi’an 710071,China;Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China)
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2022年第2期146-154,共9页
Journal of Xidian University
基金
十三五密码发展基金(MMJJ20180219)
陕西省自然科学基础研究计划(2021JM-126)
广西密码学与信息安全重点实验室研究课题(GCIS202125,GCIS201923)。
