A Minimal White-Box Dedicated Cipher Proposal Using Incompressible Lookup Tables: Space-Hard AES

  • Félix Carvalho Rodrigues Unicamp
  • Ricardo Dahab Unicamp
  • Julio López Unicamp
  • Hayato Fujii Unicamp
  • Ana Clara Zoppi Serpa Unicamp
DOI: https://doi.org/10.5753/sbseg.2023.233113

Resumo


In a white-box context, an attacker has full access to the execution environment and the implementation of cryptographic algorithms. Dedicated white-box ciphers, such as WEM and SPNbox, provide incompressibility and key extraction protections in this context, at the cost of increased memory usage and performance loss compared to standard ciphers. Even when a pure white-box threat model is not warranted, the use of incompressible lookup tables can be helpful in deterring side-channel attacks. In this paper we present a simple threat model for such scenarios and propose a dedicated cipher, Space-Hard AES, which provides minimal incompressibility guarantees while presenting better performance for ARMv8 implementations than other dedicated ciphers.

Referências

Alpirez Bock, E., Amadori, A., Brzuska, C., and Michiels, W. (2020). On the security goals of white-box cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2):327–357.

Bellare, M., Kane, D., and Rogaway, P. (2016). Big-key symmetric encryption: Resisting key exfiltration. In Proceedings, Part I, of the 36th Annual International Cryptology Conference on Advances in Cryptology — CRYPTO 2016 Volume 9814, pages 373– 402. Springer-Verlag.

Billet, O., Gilbert, H., and Ech-Chatbi, C. (2005). Cryptanalysis of a white box aes implementation. In Handschuh, H. and Hasan, M. A., editors, Selected Areas in Cryptography, pages 227–240, Berlin, Heidelberg. Springer Berlin Heidelberg.

Biryukov, A., Bouillaguet, C., and Khovratovich, D. (2014). Cryptographic schemes based on the asasa structure: Black-box, white-box, and public-key (extended abstract). In Sarkar, P. and Iwata, T., editors, Advances in Cryptology – ASIACRYPT 2014, pages 63–84, Berlin, Heidelberg. Springer Berlin Heidelberg.

Biryukov, A. and Khovratovich, D. (2015). Decomposition attack on SASASASAS. Cryptology ePrint Archive, Report 2015/646.

Bock, E. A., Brzuska, C., Fischlin, M., Janson, C., and Michiels, W. (2019). Security reductions for white-box key-storage in mobile payments. Cryptology ePrint Archive, Report 2019/1014.

Bogdanov, A. and Isobe, T. (2015). White-box cryptography revisited: Space-hard ciphers. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pages 1058–1069, New York, NY, USA. ACM.

Bogdanov, A., Isobe, T., and Tischhauser, E. (2016). Towards practical white-box cryptography: Optimizing efficiency and space hardness. In Advances in Cryptology – ASIACRYPT 2016, pages 126–158, Berlin, Heidelberg. Springer Berlin Heidelberg.

Bos, J. W., Hubain, C., Michiels, W., and Teuwen, P. (2016). Differential computation analysis: Hiding your white-box designs is not enough. In CHES, volume 9813 of Lecture Notes in Computer Science, pages 215–236. Springer.

Bukasa, S. K., Lashermes, R., Bouder, H. L., Lanet, J., and Legay, A. (2017). How trustzone could be bypassed: Side-channel attacks on a modern system-on-chip. In WISTP, volume 10741 of Lecture Notes in Computer Science, pages 93–109. Springer.

Cho, J., Choi, K. Y., Dinur, I., Dunkelman, O., Keller, N., Moon, D., and Veidberg, A. (2017). Wem: A new family of white-box block ciphers based on the even-mansour construction. In Handschuh, H., editor, Topics in Cryptology – CT-RSA 2017, pages 293–308, Cham. Springer International Publishing.

Chow, S., Eisen, P., Johnson, H., and Van Oorschot, P. C. (2003). White-box cryptography and an aes implementation. In Nyberg, K. and Heys, H., editors, Selected Areas in Cryptography, pages 250–270, Berlin, Heidelberg. Springer Berlin Heidelberg.

De Mulder, Y., Roelse, P., and Preneel, B. (2013). Cryptanalysis of the xiao – lai white-box aes implementation. In Knudsen, L. R. and Wu, H., editors, Selected Areas in Cryptography, pages 34–49, Berlin, Heidelberg. Springer Berlin Heidelberg.

De Mulder, Y., Wyseur, B., and Preneel, B. (2010). Cryptanalysis of a perturbated whitebox aes implementation. In Gong, G. and Gupta, K. C., editors, Progress in Cryptology INDOCRYPT 2010, pages 292–310, Berlin, Heidelberg. Springer Berlin Heidelberg.

Fouque, P.-A., Karpman, P., Kirchner, P., and Minaud, B. (2016). Efficient and provable white-box primitives. In Cheon, J. H. and Takagi, T., editors, Advances in Cryptology – ASIACRYPT 2016, pages 159–188, Berlin, Heidelberg. Springer Berlin Heidelberg.

Fujii, H., Rodrigues, F. C., and López, J. (2019). Fast AES implementation using armv8 ASIMD without cryptography extension. In ICISC, volume 11975 of Lecture Notes in Computer Science, pages 84–101. Springer.

Goubin, L., Masereel, J.-M., and Quisquater, M. (2007). Cryptanalysis of white box des implementations. In Adams, C., Miri, A., and Wiener, M., editors, Selected Areas in Cryptography, pages 278–295, Berlin, Heidelberg. Springer Berlin Heidelberg.

Gouvêa, C. P. L. and López, J. (2015). Implementing GCM on ARMv8. In Topics in Cryptology — CT-RSA 2015, pages 167–180, Cham. Springer International Publishing.

Karroumi, M. (2011). Protecting white-box aes with dual ciphers. In Rhee, K.-H. and Nyang, D., editors, Information Security and Cryptology ICISC 2010, pages 278– 291, Berlin, Heidelberg. Springer Berlin Heidelberg.

Knuth, D. E. (1998). The art of computer programming, Volume II: Seminumerical Algorithms, 3rd Edition. Addison-Wesley.

Lapid, B. and Wool, A. (2018). Navigating the samsung trustzone and cache-attacks on the keymaster trustlet. In ESORICS (1), volume 11098 of Lecture Notes in Computer Science, pages 175–196. Springer.

Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., and Preneel, B. (2014). Two attacks on a white-box aes implementation. In Lange, T., Lauter, K., and Lisoněk, P., editors, Selected Areas in Cryptography – SAC 2013, pages 265–285, Berlin, Heidelberg. Springer Berlin Heidelberg.

Michiels, W., Gorissen, P., and Hollmann, H. D. L. (2009). Cryptanalysis of a generic class of white-box implementations. In Avanzi, R. M., Keliher, L., and Sica, F., editors, Selected Areas in Cryptography, pages 414–428, Berlin, Heidelberg. Springer Berlin Heidelberg.

Rivain, M. and Wang, J. (2019). Analysis and improvement of differential computation attacks against internally-encoded white-box implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2019(2):225–255.

Rodrigues, F. C., Fujii, H., Zoppi Serpa, A. C., Sider, G., Dahab, R., and López, J. (2019). Fast white-box implementations of dedicated ciphers on the ARMv8 architecture. In Progress in Cryptology – LATINCRYPT 2019, pages 341–363, Cham. Springer International Publishing.

Xiao, Y. and Lai, X. (2009). A secure implementation of white-box aes. In 2009 2nd International Conference on Computer Science and its Applications, pages 1–6.
Publicado
18/09/2023
Como Citar

Selecione um Formato
RODRIGUES, Félix Carvalho; DAHAB, Ricardo; LÓPEZ, Julio; FUJII, Hayato; SERPA, Ana Clara Zoppi. A Minimal White-Box Dedicated Cipher Proposal Using Incompressible Lookup Tables: Space-Hard AES. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 125-138. DOI: https://doi.org/10.5753/sbseg.2023.233113.