Advertisement

White-Box Implementation of the KMAC Message Authentication Code

  • Jiqiang LuEmail author
  • Zhigang Zhao
  • Huaqun Guo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)

Abstract

In 2016, US NIST released the KMAC message authentication code, which is actually a keyed variant of the new-generation hash function standard SHA-3. Following the increasing use of SHA-3, it is highly anticipated that KMAC will also be increasingly widely used in various security applications. Due to the distinctions between sponge hash functions and Merkle-Damgård hash functions, white-box implementations of KMAC and HMAC are rather different. In this paper, we present an efficient white-box implementation of KMAC with strong resistance against both key extraction and code lifting attacks, which can still work with an updated user key. It has a storage complexity of about 107.7 MB, and has a running time of about 1.5 ms on a DELL Precision T5610 workstation, about 375 times slower than the original KMAC implementation without white-box protection. There are implementation variants with different trade-offs between security and performance. This is the first published white-box implementation of KMAC to the best of our knowledge, and our implementation methods can be applied to similar sponge constructions.

Keywords

White-box cryptography Message authentication code (MAC) Hash function Sponge construction SHA-3 KMAC 

References

  1. 1.
    Banik, S., Bogdanov, A., Isobe, T., Jepsen, M.B.: Analysis of software countermeasures for whitebox encryption. IACR Trans. Symmetric Cryptol. 2017(1), 307–328 (2017)Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68697-5_1CrossRefGoogle Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop 2007 (2007)Google Scholar
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. SHA-3 Submission (2011)Google Scholar
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28496-0_19CrossRefGoogle Scholar
  6. 6.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30564-4_16CrossRefGoogle Scholar
  7. 7.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  8. 8.
    Bogdanov, A., Isobe, T.: White-box cryptography revised: space-hard ciphers. In: ACM CCS 2015, pp. 1058–1069. ACM (2015)Google Scholar
  9. 9.
    Bogdanov, A., Isobe, T., Tischhauser, E.: Towards practical whitebox cryptography: optimzing efficiency and space hardness. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 126–158. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_5CrossRefGoogle Scholar
  10. 10.
    Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_11CrossRefGoogle Scholar
  11. 11.
    Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36492-7_17CrossRefzbMATHGoogle Scholar
  12. 12.
    Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-44993-5_1CrossRefGoogle Scholar
  13. 13.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_39CrossRefGoogle Scholar
  14. 14.
    Fouque, P.-A., Karpman, P., Kirchner, P., Minaud, B.: Efficient and provable white-box primitives. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 159–188. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_6CrossRefGoogle Scholar
  15. 15.
    GitHub Website: HMAC-SHA256 Whitebox. Posted online on 12 April 2017. https://github.com/aguinet/hmac_sha256_whitebox
  16. 16.
    Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77360-3_18CrossRefGoogle Scholar
  17. 17.
    Kolegov, D., Oleksov, N., Broslavsky, O.: White-box HMAC: make your cryptography secure to white-box attacks, Moscow, Russia, 17–18 May 2016. Video posted online on 20 May 2016. https://www.youtube.com/watch?v=FAiz0_bWaac
  18. 18.
    Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43414-7_14CrossRefGoogle Scholar
  19. 19.
    Marián \(\check{C}\)e\(\check{c}\)unda: Whitebox cryptography implementation proposals of RSA and HMAC algorithms. Master thesis, Masaryk University, Czech Republic (2014)Google Scholar
  20. 20.
    Merkle, R.C.: Secrecy, authentication, and public key systems. Ph.D. thesis, Stanford University, USA (1979)Google Scholar
  21. 21.
    Muir, J.A.: A tutorial on white-box AES. In: Kranakis, E. (ed.) Advances in Network Analysis and its Applications. Mathematics in Industry, vol. 18, pp. 209–229. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-30904-5_9CrossRefGoogle Scholar
  22. 22.
    National Bureau of Standards (NBS): Data Encryption Standard (DES), FIPS-46 (1977)Google Scholar
  23. 23.
    National Institute of Standards and Technology (NIST): Advanced Encryption Standard (AES), FIPS-197 (2001)Google Scholar
  24. 24.
    National Institute of Standards and Technology (NIST): Secure Hash Standard, FIPS-180-1 (1995)Google Scholar
  25. 25.
    National Institute of Standards and Technology (NIST): Specifications for the SECURE HASH STANDARD, FIPS-180-2 (2001)Google Scholar
  26. 26.
    National Institute of Standards and Technology (NIST): SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS-202 (2015)Google Scholar
  27. 27.
    National Institute of Standards and Technology (NIST): SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash, NIST Special Publication 800–185 (2016)Google Scholar
  28. 28.
    The Internet Engineering Task Force (IETF): The MD5 message-digest algorithm. Request for Comments 1321 (1992)Google Scholar
  29. 29.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_2CrossRefGoogle Scholar
  30. 30.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_2CrossRefGoogle Scholar
  31. 31.
    Wood, G.: Ethereum: A Secure Decentralised Generalised Transaction Ledger. EIP-150 Revision (2017). https://ethereum.github.io/yellowpaper/paper.pdf
  32. 32.
    Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77360-3_17CrossRefGoogle Scholar
  33. 33.
    Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: Proceedings of Second International Conference on Computer Science and its Applications, pp. 1–6. IEEE (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Cyber Science and TechnologyBeihang UniversityBeijingChina
  2. 2.Institute for Infocomm Research, Agency for Science, Technology and ResearchSingaporeSingapore

Personalised recommendations