Abstract
The SM4 block cipher has a 128-bit block length and a 128-bit user key, formerly known as SMS4. It is a Chinese national standard and an ISO international standard. White-box cryptography aims primarily to protect the secret key used in a cryptographic software implementation in the white-box scenario that assumes an attacker to have full access to the execution environment and execution details of an implementation. Since white-box cryptography has many real-life applications nowadays, a few white-box implementations of the SM4 block cipher has been proposed, in particular, in 2009 Xiao and Lai presented the first white-box SM4 implementation based on traditional way, which has been attacked with the lowest currently published attack complexity of about \(2^{32}\) using affine equivalence technique; and in 2020 Yao and Chen presented a white-box SM4 implementation based on state expansion, and got the lowest attack complexity of about \(2^{51}\) among a variety of attack techniques. In this paper, we present collision-based attacks on Yao and Chen’s and Xiao and Lai’s white-box SM4 implementations with a time complexity of about \(2^{23}\) for recovering a round key, and thus show that their security is much lower than previously published.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Baek, C.H., Cheon, J.H., Hong, H.: White-Box AES implementation revisited. J. Commun. Netw. 18(3), 273–287 (2016)
Bai, K., Wu, C.: A secure White-Box SM4 implementation. Secur. Commun. Netw. 9(10), 996–1006 (2016)
Bai, K., Wu, C., Zhang, Z.: Protect White-Box AES to resist table composition attacks. IET Inf. Secur. 12(4), 305–313 (2018)
Barkan, E., Biham, E.: In how many ways can you write Rijndael? In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 160–175. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_10
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a White Box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16
Biryukov, A., De Cannière, C., Braeken, A., Preneel, B.: A Toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_3
Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. IACR Cryptol. ePrint Arch. 2006, 468 (2006)
Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-Box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A White-Box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1
Derbez, P., Fouque, P., Lambin, B., Minaud, B.: On recovering affine encodings in white-box implementations. IACR Trans. Cryptogr. Hard. Embed. Syst. 2018(3), 121–149 (2018)
Office of State Commercial Cryptography Administration of China: The SMS4 Block Cipher (2006). (in Chinese)
Standardization Administration of China: Information Security Technology - SM4 Block Cipher Algorithm (2016)
International Standardization of Organization (ISO), International Standard - ISO/IEC 18033–3:2010/AMD1:2021, Amendment 1 - Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers - SM4 (2021)
Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of White Box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_18
Jacob, M., Boneh, D., Felten, E.: Attacking an obfuscated cipher by injecting faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_2
Karroumi, M.: Protecting White-Box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_19
Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science (Communications and Information Theory), vol. 276, pp. 227–233. Springer, Boston, MA (1994). https://doi.org/10.1007/978-1-4615-2694-0_23
Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a White-Box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_14
Lin, T., Lai, X.: Efficient attack to White-Box SMS4 implementation. J. Softw. 24(9), 2238–2249 (2013).(in Chinese)
Lin, T., Yan, H., Lai, X., Zhong, Y., Jia, Y.: Security evaluation and improvement of a White-Box SMS4 implementation based on affine equivalence algorithm. Comput. J. 61(12), 1783–1790 (2018)
Link, H.E., Neumann, W.D.: Clarifying obfuscation: improving the security of White-Box DES. In: International Symposium on Information Technology: Coding and Computing, pp. 679–684. IEEE (2005)
Luo, R., Lai, X., You, R.: A new attempt of White-box AES implementation. In: Proceedings of IEEE International Conference on Security, pp. 423–429. IEEE (2014)
Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of White-Box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_27
De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai White-Box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3
De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated White-Box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8_21
National Institute of Standards and Technology (NIST): Advanced Encryption Standard (AES), FIPS-197 (2001)
National Bureau of Standards (NBS): Data Encryption Standard (DES), FIPS-46 (1977)
Shi, Y., Wei, W., He, Z.: A lightweight white-box symmetric encryption algorithm against node capture for WSNs. Sensors 15(5), 11928–11952 (2015)
Tolhuizen, L.: Improved cryptanalysis of an AES implementation. In: Proceedings of the 33rd WIC Symposium on Information Theory in the Benelux, pp. 68–71 (2012)
Wang, R.: Security analysis of lightweight white-box cryptography algorithm . Master’s thesis, Beihang University (2021). (in Chinese)
Wang, R., Guo, H., Lu, J., Liu, J.: Cryptanalysis of a White-Box SM4 implementation based on collision attack. IET Inf. Secur. (to appear)
Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of White-Box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_17
Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: Proceedings of the Second International Conference on Computer Science and its Applications, pp. 1–6. IEEE (2009)
Xiao, Y., Lai, X.: White-Box cryptography and a SMS4 implementation . In: Proceedings of 2009 Annual Conference of the Chinese Association of Cryptologic Research, pp. 24–34 (2009). (in Chinese)
Yao, S., Chen, J.: A new method for White-Box implementation of SM4 algorithm (in Chinese). J. Cryptol. Res. 7(3), 358–374 (2020)
Acknowledgement
This work was supported by National Natural Science Foundation of China (No. 61972018) and Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS202102). Jiqiang Lu is Qianjiang Special Expert of Hangzhou.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Lu, J., Li, J. (2021). Cryptanalysis of Two White-Box Implementations of the SM4 Block Cipher. In: Liu, J.K., Katsikas, S., Meng, W., Susilo, W., Intan, R. (eds) Information Security. ISC 2021. Lecture Notes in Computer Science(), vol 13118. Springer, Cham. https://doi.org/10.1007/978-3-030-91356-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-91356-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91355-7
Online ISBN: 978-3-030-91356-4
eBook Packages: Computer ScienceComputer Science (R0)