상세정보
학술지
Improvement on a Masked White-Box Cryptographic Implementation
- 저자
- 이승광, 김명철
- 발행일
- 202005
- 출처
- IEEE Access, v.8, pp.90992-91004
- ISSN
- 2169-3536
- 출판사
- IEEE
- 협약과제
- 20HR1700, (총괄+1세부) IoT 디바이스 자율 신뢰보장 기술 및 글로벌 표준기반 IoT 통합보안 오픈 플랫폼 기술개발, 강유성
- 초록
- White-box cryptography is a software technique to protect secret keys of cryptographic algorithms from attackers who have access to memory. By adapting techniques of differential power analysis to computation traces consisting of runtime information, Differential Computation Analysis (DCA) has recovered the secret keys from white-box cryptographic implementations. In order to thwart DCA, a masked white-box implementation was suggested. It was a customized masking technique that randomizes all the values in the lookup tables with different masks. However, the round output was only permuted by byte encodings, not protected by masking. This is the main reason behind the success of DCA variants on the masked white-box implementation. In this paper, we improve the masked white-box cryptography in such a way to protect against DCA variants by obfuscating the round output with random masks. Specifically, we introduce a white-box AES (WB-AES) implementation applying the masking technique to the key-dependent intermediate value and the several outer-round outputs computed by partial bits of the key. Our analysis and experimental results show that the proposed WB-AES can protect against DCA variants including DCA with a 2-byte key guess, collision, and bucketing attacks. This work requires approximately 3.7 times the table size and 0.7 times the number of lookups compared to the previous masked WB-AES.
- KSP 제안 키워드
- Computation analysis, Cryptographic Algorithms, Differential Power Analysis, Key-dependent, Runtime Information, White-box implementation, Whitebox Cryptography(WBC), look-up table, masking technique, secret key
본 저작물은 크리에이티브 커먼즈 저작자 표시 (CC BY) 조건에 따라 이용할 수 있습니다.
