A New Feistel-Type White-Box Encryption Scheme
The white-box attack is a new attack context in which it is assumed that cryptographic software is implemented on an un-trusted platform and all the implementation details are controlled by the attackers. So far, almost all white-box solutions have been broken. In this study, we propose a white-box encryption scheme that is not a variant of obfuscating existing ciphers but a completely new solution. The new scheme is based on the unbalanced Feistel network as well as the ASASASA (where “A” means affine, and “S” means substitution) structure. It has an optional input block size and is suitable for saving space compared with other solutions because the space requirement grows slowly (linearly) with the growth of block size. Moreover, our scheme not only has huge white-box diversity and white-box ambiguity but also has a particular construction to bypass public white-box cryptanalysis techniques, including attacks aimed at white-box variants of existing ciphers and attacks specific to the ASASASA structure. More precisely, we present a definition of white-box security with regard to equivalent key, and prove that our scheme satisfies such security requirement.
Keywordswhite-box equivalent key Feistel network cryptography ASASASA
Unable to display preview. Download preview PDF.
- Kocher P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proc. the 16th Annual International Cryptology Conference on Advances in Cryptology, August 1996, pp.104-113.Google Scholar
- Kocher P, Jaffe J, Jun B. Differential power analysis. In Proc. the 19th Annual International Cryptology Conference, August 1999, pp.388-397.Google Scholar
- Quisquater J J, Samyde D. Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Proc. the International Conference on Research in Smart Cards: Smart Card Programming and Security, September 2001, pp.200-210.Google Scholar
- Wang X M, He Z B, Zhao X Q, Lin C, Pan Y, Cai Z P. Reaction-diffusion modeling of malware propagation in mobile wireless sensor networks. Science China Information Sciences, 2013, 56(9): 1-18.Google Scholar
- Chow S, Eisen P, Johnson H, van Oorschot P C. A whitebox DES implementation for DRM applications. In Lecture Notes in Computer Science 2696, Feigenbaum J (ed.), Springer, 2003, pp.1-15.Google Scholar
- Chow S, Eisen P, Johnson H, van Oorschot P C. Whitebox cryptography and an AES implementation. In Lecture Notes in Computer Science 2595, Nyberg K, Heys H (eds.), Springer, 2003, pp.250-270.Google Scholar
- Jacob M, Boneh D, Felten E. Attacking an obfuscated cipher by injecting faults. In Lecture Notes in Computer Science 2696, Feigenbaum J (ed.), Springer, 2003, pp.16-31.Google Scholar
- Link H E, Neumann W D. Clarifying obfuscation: Improving the security of whitebox DES. In Proc. International Conference on Information Technology: Coding and Computing, April 2005, pp.679-684.Google Scholar
- Wyseur B, Michiels W, Gorissen P, Preneel B. Cryptanalysis of white-box DES implementations with arbitrary external encodings. In Proc. the 14th International Conference on Selected Areas in Cryptography, August 2007, pp.264-277.Google Scholar
- Goubin L, Masereel J M, Quisquater M. Cryptanalysis of white box DES implementations. In Proc. the 14th International Conference on Selected Areas in Cryptography, August 2007, pp.278-295.Google Scholar
- Billet O, Gilbert H, Ech-Chatbi C. Cryptanalysis of a white box AES implementation. In Proc. the 11th International Conference on Selected Areas in Cryptography, August 2005, pp.227-240.Google Scholar
- Michiels W, Gorissen P, Hollmann H D L. Cryptanalysis of a generic class of white-box implementations. In Lecture Notes in Computer Science 5381, Avanzi R M, Keliher L, Sica F (eds.), Springer, 2009, pp.414-428.Google Scholar
- Lepoint T, Rivain M, De Mulder Y, Roelse P, Preneel B. Two attacks on a white-box AES implementation. In Lecture Notes in Computer Science 8282, Lange T, Lauter K, Lisonăk P (eds.), Springer, 2014, pp.265-285.Google Scholar
- Xiao Y Y, Lai X J. A secure implementation of white-box AES. In Proc. the 2nd International Conference on Computer Science and its Applications, December 2009, pp.153-158.Google Scholar
- De Mulder Y, Roelse P, Preneel B. Cryptanalysis of the Xiao-Lai white-box AES Implementation. In Lecture Notes in Computer Science 7707, Knudsen L R, Wu H P (eds.), Springer, 2013, pp.34-49Google Scholar
- Biryukov A, De Canni`ere C, Braeken A, Preneel B. A toolbox for cryptanalysis: Linear and affine equivalence algorithms. In Lecture Notes in Computer Science 2656, Biham E (ed.), Springer, 2003, pp.33-50.Google Scholar
- Karroumi M. Protecting white-box AES with dual ciphers. In Lecture Notes in Computer Science 6829, Rhee K H, Nyang D (eds.), Springer, 2011, pp.278-291.Google Scholar
- Bringer J, Chabanne H, Dottax E. White box cryptography: Another attempt. IACR Cryptology ePrint Archive, 2006.Google Scholar
- De Mulder Y, Wyseur B, Preneel B. Cryptanalysis of a perturbated white-box AES implementation. In Lecture Notes in Computer Science 6498, Gong G, Gupta K C (eds.), Springer, 2010, pp.292-310.Google Scholar
- Xiao Y Y.White-Box cryptography and implementations of AES SMS4. In Proc. the Chaincrypto, Nov. 2009, pp.24-34. (in Chinese)Google Scholar
- Lin T T, Lai X J. Efficient attack to white-box SMS4 implementation. Journal of Software, 2013, 24(9): 2238-2249. (in Chinese)Google Scholar
- Biryukov A, Bouillaguet C, Khovratovich D. Cryptographic schemes based on the ASASA structure: Black-box, whitebox, and public-key (Extended Abstract). In Lecture Notes in Computer Science 8873, Sarkar P, Iwata T (eds.), Springer, 2014, pp.63-84.Google Scholar
- Minaud B, Derbez P, Fouque P A, Karpman P. Keyrecovery attacks on ASASA. In Lecture Notes in Computer Science 9453, Iwata T, Cheon J H (eds.), Springer, 2015, pp.3-27.Google Scholar
- Dinur I, Dunkelman O, Kranz T, Leander G. Decomposing the ASASA block cipher construction. Cryptology ePrint Archive, Report 2015/507, 2015. http://eprint.iacr.org/2015/507, Jan. 2017.
- Biryukov A, Khovratovich D. Decomposition attack on SASASASAS. https://eprint.iacr.org/2015/646.pdf, Jan. 2017.
- Bogdanov A, Isobe T. White-box cryptography revisited: Space-hard ciphers. In Proc. the 22nd ACM SIGSAC Conference on Computer and Communications Security, October 2015, pp.1058-1069.Google Scholar
- Data Encryption Standard, Federal Information Processing Standard (FIPS). National Bureau of Standards, U.S. Department of Commerce, Washington D. C., Jan. 1977.Google Scholar
- Rivest R L, Robshaw M J B, Sidney R, Yin Y L. The RC6TM block cipher. In Proc. the 1st Advanced Encryption Standard (AES) Conference, August 1998, pp.82-104.Google Scholar
- Schneier B, Kelsey J, Whiting D, Wagner D, Hall C, Ferguson N. Twofish: A 128-bit block cipher. NIST AES Proposal, 1998. https://www.schneier.com/academic/archives/1998/06/twofish a 128-bit bl.html, Jan. 2017.
- Patarin J, Goubin L. Asymmetric cryptography with Sboxes: Is it easier than expected to design efficient asymmetric cryptosystems? In Lecture Notes in Computer Science 1334, Han Y F, Okamoto T, Qing S H (eds.), Springer, 1997, pp.369-380.Google Scholar
- Biham E. Cryptanalysis of Patarin’s 2-round public key system with S boxes (2R). In Lecture Notes in Computer Science 1807, Preneel B (ed), Springer, 2000, pp.408-416.Google Scholar
- Biryukov A, Shamir A. Structural cryptanalysis of SASAS. In Lecture Notes in Computer Science 2045, Pfitzmann B (ed.), Springer, 2001, pp.395-405.Google Scholar