Skip to main content
SpringerLink
Log in

White-Box Implementation of the KMAC Message Authentication Code

  • Conference paper
  • First Online:
Book cover Information Security Practice and Experience (ISPEC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11879))

Abstract

In 2016, US NIST released the KMAC message authentication code, which is actually a keyed variant of the new-generation hash function standard SHA-3. Following the increasing use of SHA-3, it is highly anticipated that KMAC will also be increasingly widely used in various security applications. Due to the distinctions between sponge hash functions and Merkle-Damgård hash functions, white-box implementations of KMAC and HMAC are rather different. In this paper, we present an efficient white-box implementation of KMAC with strong resistance against both key extraction and code lifting attacks, which can still work with an updated user key. It has a storage complexity of about 107.7 MB, and has a running time of about 1.5 ms on a DELL Precision T5610 workstation, about 375 times slower than the original KMAC implementation without white-box protection. There are implementation variants with different trade-offs between security and performance. This is the first published white-box implementation of KMAC to the best of our knowledge, and our implementation methods can be applied to similar sponge constructions.

J. Lu—The author was with Institute for Infocomm Research (Singapore) when the work was partially completed.

This work was supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate, and was supported also by a grant (No. ZG216S1992) of Beihang University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Banik, S., Bogdanov, A., Isobe, T., Jepsen, M.B.: Analysis of software countermeasures for whitebox encryption. IACR Trans. Symmetric Cryptol. 2017(1), 307–328 (2017)

    Google Scholar 

  2. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_1

    Chapter  Google Scholar 

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop 2007 (2007)

    Google Scholar 

  4. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. SHA-3 Submission (2011)

    Google Scholar 

  5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28496-0_19

    Chapter  Google Scholar 

  6. Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16

    Chapter  Google Scholar 

  7. Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  8. Bogdanov, A., Isobe, T.: White-box cryptography revised: space-hard ciphers. In: ACM CCS 2015, pp. 1058–1069. ACM (2015)

    Google Scholar 

  9. Bogdanov, A., Isobe, T., Tischhauser, E.: Towards practical whitebox cryptography: optimzing efficiency and space hardness. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 126–158. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_5

    Chapter  Google Scholar 

  10. Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_11

    Chapter  Google Scholar 

  11. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17

    Chapter  MATH  Google Scholar 

  12. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1

    Chapter  Google Scholar 

  13. Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_39

    Chapter  Google Scholar 

  14. Fouque, P.-A., Karpman, P., Kirchner, P., Minaud, B.: Efficient and provable white-box primitives. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 159–188. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_6

    Chapter  Google Scholar 

  15. GitHub Website: HMAC-SHA256 Whitebox. Posted online on 12 April 2017. https://github.com/aguinet/hmac_sha256_whitebox

  16. Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_18

    Chapter  Google Scholar 

  17. Kolegov, D., Oleksov, N., Broslavsky, O.: White-box HMAC: make your cryptography secure to white-box attacks, Moscow, Russia, 17–18 May 2016. Video posted online on 20 May 2016. https://www.youtube.com/watch?v=FAiz0_bWaac

  18. Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_14

    Chapter  Google Scholar 

  19. Marián \(\check{C}\)e\(\check{c}\)unda: Whitebox cryptography implementation proposals of RSA and HMAC algorithms. Master thesis, Masaryk University, Czech Republic (2014)

    Google Scholar 

  20. Merkle, R.C.: Secrecy, authentication, and public key systems. Ph.D. thesis, Stanford University, USA (1979)

    Google Scholar 

  21. Muir, J.A.: A tutorial on white-box AES. In: Kranakis, E. (ed.) Advances in Network Analysis and its Applications. Mathematics in Industry, vol. 18, pp. 209–229. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-30904-5_9

    Chapter  Google Scholar 

  22. National Bureau of Standards (NBS): Data Encryption Standard (DES), FIPS-46 (1977)

    Google Scholar 

  23. National Institute of Standards and Technology (NIST): Advanced Encryption Standard (AES), FIPS-197 (2001)

    Google Scholar 

  24. National Institute of Standards and Technology (NIST): Secure Hash Standard, FIPS-180-1 (1995)

    Google Scholar 

  25. National Institute of Standards and Technology (NIST): Specifications for the SECURE HASH STANDARD, FIPS-180-2 (2001)

    Google Scholar 

  26. National Institute of Standards and Technology (NIST): SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS-202 (2015)

    Google Scholar 

  27. National Institute of Standards and Technology (NIST): SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash, NIST Special Publication 800–185 (2016)

    Google Scholar 

  28. The Internet Engineering Task Force (IETF): The MD5 message-digest algorithm. Request for Comments 1321 (1992)

    Google Scholar 

  29. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_2

    Chapter  Google Scholar 

  30. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_2

    Chapter  Google Scholar 

  31. Wood, G.: Ethereum: A Secure Decentralised Generalised Transaction Ledger. EIP-150 Revision (2017). https://ethereum.github.io/yellowpaper/paper.pdf

  32. Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_17

    Chapter  Google Scholar 

  33. Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: Proceedings of Second International Conference on Computer Science and its Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Beihang University, 37 Xueyuan Road, Beijing, 100083, China

    Jiqiang Lu

  2. Institute for Infocomm Research, Agency for Science, Technology and Research, 1 Fusionopolis Way, Singapore, 138632, Singapore

    Zhigang Zhao & Huaqun Guo

Authors
  1. Jiqiang Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhigang Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Huaqun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiqiang Lu .

Editor information

Editors and Affiliations

  1. Multimedia University, Malacca, Malaysia

    Swee-Huay Heng

  2. University of Malaga, Malaga, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lu, J., Zhao, Z., Guo, H. (2019). White-Box Implementation of the KMAC Message Authentication Code. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34339-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34338-5

  • Online ISBN: 978-3-030-34339-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation