White-Box Implementation of the KMAC Message Authentication Code

  • Jiqiang LuEmail author
  • Zhigang Zhao
  • Huaqun Guo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)


In 2016, US NIST released the KMAC message authentication code, which is actually a keyed variant of the new-generation hash function standard SHA-3. Following the increasing use of SHA-3, it is highly anticipated that KMAC will also be increasingly widely used in various security applications. Due to the distinctions between sponge hash functions and Merkle-Damgård hash functions, white-box implementations of KMAC and HMAC are rather different. In this paper, we present an efficient white-box implementation of KMAC with strong resistance against both key extraction and code lifting attacks, which can still work with an updated user key. It has a storage complexity of about 107.7 MB, and has a running time of about 1.5 ms on a DELL Precision T5610 workstation, about 375 times slower than the original KMAC implementation without white-box protection. There are implementation variants with different trade-offs between security and performance. This is the first published white-box implementation of KMAC to the best of our knowledge, and our implementation methods can be applied to similar sponge constructions.


White-box cryptography Message authentication code (MAC) Hash function Sponge construction SHA-3 KMAC 


  1. 1.
    Banik, S., Bogdanov, A., Isobe, T., Jepsen, M.B.: Analysis of software countermeasures for whitebox encryption. IACR Trans. Symmetric Cryptol. 2017(1), 307–328 (2017)Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop 2007 (2007)Google Scholar
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. SHA-3 Submission (2011)Google Scholar
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). Scholar
  6. 6.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). Scholar
  7. 7.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  8. 8.
    Bogdanov, A., Isobe, T.: White-box cryptography revised: space-hard ciphers. In: ACM CCS 2015, pp. 1058–1069. ACM (2015)Google Scholar
  9. 9.
    Bogdanov, A., Isobe, T., Tischhauser, E.: Towards practical whitebox cryptography: optimzing efficiency and space hardness. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 126–158. Springer, Heidelberg (2016). Scholar
  10. 10.
    Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). Scholar
  11. 11.
    Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). Scholar
  12. 12.
    Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). Scholar
  13. 13.
    Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, New York (1990). Scholar
  14. 14.
    Fouque, P.-A., Karpman, P., Kirchner, P., Minaud, B.: Efficient and provable white-box primitives. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 159–188. Springer, Heidelberg (2016). Scholar
  15. 15.
    GitHub Website: HMAC-SHA256 Whitebox. Posted online on 12 April 2017.
  16. 16.
    Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007). Scholar
  17. 17.
    Kolegov, D., Oleksov, N., Broslavsky, O.: White-box HMAC: make your cryptography secure to white-box attacks, Moscow, Russia, 17–18 May 2016. Video posted online on 20 May 2016.
  18. 18.
    Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). Scholar
  19. 19.
    Marián \(\check{C}\)e\(\check{c}\)unda: Whitebox cryptography implementation proposals of RSA and HMAC algorithms. Master thesis, Masaryk University, Czech Republic (2014)Google Scholar
  20. 20.
    Merkle, R.C.: Secrecy, authentication, and public key systems. Ph.D. thesis, Stanford University, USA (1979)Google Scholar
  21. 21.
    Muir, J.A.: A tutorial on white-box AES. In: Kranakis, E. (ed.) Advances in Network Analysis and its Applications. Mathematics in Industry, vol. 18, pp. 209–229. Springer, Heidelberg (2013). Scholar
  22. 22.
    National Bureau of Standards (NBS): Data Encryption Standard (DES), FIPS-46 (1977)Google Scholar
  23. 23.
    National Institute of Standards and Technology (NIST): Advanced Encryption Standard (AES), FIPS-197 (2001)Google Scholar
  24. 24.
    National Institute of Standards and Technology (NIST): Secure Hash Standard, FIPS-180-1 (1995)Google Scholar
  25. 25.
    National Institute of Standards and Technology (NIST): Specifications for the SECURE HASH STANDARD, FIPS-180-2 (2001)Google Scholar
  26. 26.
    National Institute of Standards and Technology (NIST): SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS-202 (2015)Google Scholar
  27. 27.
    National Institute of Standards and Technology (NIST): SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash, NIST Special Publication 800–185 (2016)Google Scholar
  28. 28.
    The Internet Engineering Task Force (IETF): The MD5 message-digest algorithm. Request for Comments 1321 (1992)Google Scholar
  29. 29.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005). Scholar
  30. 30.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005). Scholar
  31. 31.
    Wood, G.: Ethereum: A Secure Decentralised Generalised Transaction Ledger. EIP-150 Revision (2017).
  32. 32.
    Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007). Scholar
  33. 33.
    Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: Proceedings of Second International Conference on Computer Science and its Applications, pp. 1–6. IEEE (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Cyber Science and TechnologyBeihang UniversityBeijingChina
  2. 2.Institute for Infocomm Research, Agency for Science, Technology and ResearchSingaporeSingapore

Personalised recommendations