基于arx的白盒实现密码分析

IACR Trans. Cryptogr. Hardw. Embed. Syst. Pub Date : 2023-06-09 DOI:10.46586/tches.v2023.i3.97-135

A. Biryukov, Baptiste Lambin, A. Udovenko

{"title":"基于arx的白盒实现密码分析","authors":"A. Biryukov, Baptiste Lambin, A. Udovenko","doi":"10.46586/tches.v2023.i3.97-135","DOIUrl":null,"url":null,"abstract":"At CRYPTO’22, Ranea, Vandersmissen, and Preneel proposed a new way to design white-box implementations of ARX-based ciphers using so-called implicit functions and quadratic-affine encodings. They suggest the Speck block-cipher as an example target.In this work, we describe practical attacks on the construction. For the implementation without one of the external encodings, we describe a simple algebraic key recovery attack. If both external encodings are used (the main scenario suggested by the authors), we propose optimization and inversion attacks, followed by our main result - a multiple-step round decomposition attack and a decomposition-based key recovery attack.Our attacks only use the white-box round functions as oracles and do not rely on their description. We implemented and verified experimentally attacks on white-box instances of Speck-32/64 and Speck-64/128. We conclude that a single ARX-round is too weak to be used as a white-box round.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"131 1","pages":"97-135"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cryptanalysis of ARX-based White-box Implementations\",\"authors\":\"A. Biryukov, Baptiste Lambin, A. Udovenko\",\"doi\":\"10.46586/tches.v2023.i3.97-135\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"At CRYPTO’22, Ranea, Vandersmissen, and Preneel proposed a new way to design white-box implementations of ARX-based ciphers using so-called implicit functions and quadratic-affine encodings. They suggest the Speck block-cipher as an example target.In this work, we describe practical attacks on the construction. For the implementation without one of the external encodings, we describe a simple algebraic key recovery attack. If both external encodings are used (the main scenario suggested by the authors), we propose optimization and inversion attacks, followed by our main result - a multiple-step round decomposition attack and a decomposition-based key recovery attack.Our attacks only use the white-box round functions as oracles and do not rely on their description. We implemented and verified experimentally attacks on white-box instances of Speck-32/64 and Speck-64/128. We conclude that a single ARX-round is too weak to be used as a white-box round.\",\"PeriodicalId\":13186,\"journal\":{\"name\":\"IACR Trans. Cryptogr. Hardw. Embed. Syst.\",\"volume\":\"131 1\",\"pages\":\"97-135\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Trans. Cryptogr. Hardw. Embed. Syst.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.46586/tches.v2023.i3.97-135\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2023.i3.97-135","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

在CRYPTO ' 22上，Ranea, Vandersmissen和Preneel提出了一种新的方法，使用所谓的隐式函数和二次仿射编码来设计基于arx的密码的白盒实现。他们建议以Speck分组密码为例。在这项工作中，我们描述了对结构的实际攻击。对于没有外部编码的实现，我们描述了一种简单的代数密钥恢复攻击。如果使用两种外部编码(作者建议的主要场景)，我们提出优化和反转攻击，然后是我们的主要结果-多步轮分解攻击和基于分解的密钥恢复攻击。我们的攻击只使用白盒圆函数作为预言，而不依赖于它们的描述。我们在Speck-32/64和Speck-64/128的白盒实例上实现并实验验证了攻击。我们的结论是，单一的arx弹太弱，不能用作白盒弹。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Cryptanalysis of ARX-based White-box Implementations

At CRYPTO’22, Ranea, Vandersmissen, and Preneel proposed a new way to design white-box implementations of ARX-based ciphers using so-called implicit functions and quadratic-affine encodings. They suggest the Speck block-cipher as an example target.In this work, we describe practical attacks on the construction. For the implementation without one of the external encodings, we describe a simple algebraic key recovery attack. If both external encodings are used (the main scenario suggested by the authors), we propose optimization and inversion attacks, followed by our main result - a multiple-step round decomposition attack and a decomposition-based key recovery attack.Our attacks only use the white-box round functions as oracles and do not rely on their description. We implemented and verified experimentally attacks on white-box instances of Speck-32/64 and Speck-64/128. We conclude that a single ARX-round is too weak to be used as a white-box round.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IACR Trans. Cryptogr. Hardw. Embed. Syst.

自引率

0.00%

发文量

期刊最新文献

MMM: Authenticated Encryption with Minimum Secret State for Masking Don't Forget Pairing-Friendly Curves with Odd Prime Embedding Degrees LPN-based Attacks in the White-box Setting Enhancing Quality and Security of the PLL-TRNG Protecting Dilithium against Leakage Revisited Sensitivity Analysis and Improved Implementations