A Secure and Efficient White-Box Implementation of SM4
Differential Computation Analysis (DCA) leverages memory traces to extract secret keys, bypassing countermeasures employed in white-box designs, such as encodings. Although researchers have made great efforts to enhance security against DCA, most solutions considerably decrease algorithmic efficienc...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-12-01
|
| Series: | Entropy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1099-4300/27/1/1 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832588562726387712 |
|---|---|
| author | Xiaobo Hu Yanyan Yu Yinzi Tu Jing Wang Shi Chen Yuqi Bao Tengyuan Zhang Yaowen Xing Shihui Zheng |
| author_facet | Xiaobo Hu Yanyan Yu Yinzi Tu Jing Wang Shi Chen Yuqi Bao Tengyuan Zhang Yaowen Xing Shihui Zheng |
| author_sort | Xiaobo Hu |
| collection | DOAJ |
| description | Differential Computation Analysis (DCA) leverages memory traces to extract secret keys, bypassing countermeasures employed in white-box designs, such as encodings. Although researchers have made great efforts to enhance security against DCA, most solutions considerably decrease algorithmic efficiency. In our approach, the Feistel cipher SM4 is implemented by a series of table-lookup operations, and the input and output of each table are protected by affine transformations and nonlinear encodings generated randomly. We employ fourth-order non-linear encoding to reduce the loss of efficiency while utilizing a random sequence to shuffle lookup table access, thereby severing the potential link between memory data and the intermediate values of SM4. Experimental results indicate that the DCA procedure fails to retrieve the correct key. Furthermore, theoretical analysis shows that the techniques employed in our scheme effectively prevent existing algebraic attacks. Finally, our design requires only 1.44 MB of memory, significantly less than that of the known DCA-resistant schemes—Zhang et al.’s scheme (24.3 MB), Yuan et al.’s scheme (34.5 MB) and Zhao et al.’s scheme (7.8 MB). Thus, our SM4 white-box design effectively ensures security while maintaining a low memory cost. |
| format | Article |
| id | doaj-art-896ced72ec4947a1849cea22d4fe397e |
| institution | Kabale University |
| issn | 1099-4300 |
| language | English |
| publishDate | 2024-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Entropy |
| spelling | doaj-art-896ced72ec4947a1849cea22d4fe397e2025-01-24T13:31:37ZengMDPI AGEntropy1099-43002024-12-01271110.3390/e27010001A Secure and Efficient White-Box Implementation of SM4Xiaobo Hu0Yanyan Yu1Yinzi Tu2Jing Wang3Shi Chen4Yuqi Bao5Tengyuan Zhang6Yaowen Xing7Shihui Zheng8Beijing Smart-Chip Microelectronics Technology Co., Ltd., Beijing 102299, ChinaBeijing Smart-Chip Microelectronics Technology Co., Ltd., Beijing 102299, ChinaBeijing Smart-Chip Microelectronics Technology Co., Ltd., Beijing 102299, ChinaBeijing Smart-Chip Microelectronics Technology Co., Ltd., Beijing 102299, ChinaSchool of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaDifferential Computation Analysis (DCA) leverages memory traces to extract secret keys, bypassing countermeasures employed in white-box designs, such as encodings. Although researchers have made great efforts to enhance security against DCA, most solutions considerably decrease algorithmic efficiency. In our approach, the Feistel cipher SM4 is implemented by a series of table-lookup operations, and the input and output of each table are protected by affine transformations and nonlinear encodings generated randomly. We employ fourth-order non-linear encoding to reduce the loss of efficiency while utilizing a random sequence to shuffle lookup table access, thereby severing the potential link between memory data and the intermediate values of SM4. Experimental results indicate that the DCA procedure fails to retrieve the correct key. Furthermore, theoretical analysis shows that the techniques employed in our scheme effectively prevent existing algebraic attacks. Finally, our design requires only 1.44 MB of memory, significantly less than that of the known DCA-resistant schemes—Zhang et al.’s scheme (24.3 MB), Yuan et al.’s scheme (34.5 MB) and Zhao et al.’s scheme (7.8 MB). Thus, our SM4 white-box design effectively ensures security while maintaining a low memory cost.https://www.mdpi.com/1099-4300/27/1/1SM4white-box cryptographydifferential computation attacknonlinear encodingalgebraic attack resistance |
| spellingShingle | Xiaobo Hu Yanyan Yu Yinzi Tu Jing Wang Shi Chen Yuqi Bao Tengyuan Zhang Yaowen Xing Shihui Zheng A Secure and Efficient White-Box Implementation of SM4 Entropy SM4 white-box cryptography differential computation attack nonlinear encoding algebraic attack resistance |
| title | A Secure and Efficient White-Box Implementation of SM4 |
| title_full | A Secure and Efficient White-Box Implementation of SM4 |
| title_fullStr | A Secure and Efficient White-Box Implementation of SM4 |
| title_full_unstemmed | A Secure and Efficient White-Box Implementation of SM4 |
| title_short | A Secure and Efficient White-Box Implementation of SM4 |
| title_sort | secure and efficient white box implementation of sm4 |
| topic | SM4 white-box cryptography differential computation attack nonlinear encoding algebraic attack resistance |
| url | https://www.mdpi.com/1099-4300/27/1/1 |
| work_keys_str_mv | AT xiaobohu asecureandefficientwhiteboximplementationofsm4 AT yanyanyu asecureandefficientwhiteboximplementationofsm4 AT yinzitu asecureandefficientwhiteboximplementationofsm4 AT jingwang asecureandefficientwhiteboximplementationofsm4 AT shichen asecureandefficientwhiteboximplementationofsm4 AT yuqibao asecureandefficientwhiteboximplementationofsm4 AT tengyuanzhang asecureandefficientwhiteboximplementationofsm4 AT yaowenxing asecureandefficientwhiteboximplementationofsm4 AT shihuizheng asecureandefficientwhiteboximplementationofsm4 AT xiaobohu secureandefficientwhiteboximplementationofsm4 AT yanyanyu secureandefficientwhiteboximplementationofsm4 AT yinzitu secureandefficientwhiteboximplementationofsm4 AT jingwang secureandefficientwhiteboximplementationofsm4 AT shichen secureandefficientwhiteboximplementationofsm4 AT yuqibao secureandefficientwhiteboximplementationofsm4 AT tengyuanzhang secureandefficientwhiteboximplementationofsm4 AT yaowenxing secureandefficientwhiteboximplementationofsm4 AT shihuizheng secureandefficientwhiteboximplementationofsm4 |