Patent Grant
10897345
The present invention relates to the field of cryptography, and in particular an encryption/decryption method of “white box” type.
A function is considered as a “black box” when there can be no access to its internal operation, i.e. its inputs and outputs can be known but not its secret parameters or its intermediate states.
Cryptographic algorithms (for example for encryption or signature) are thus conventionally supposed as black boxes when their reliability is evaluated (resistance to attacks).
For example, in the case of typical cryptographic algorithms such as DES (“Data Encryption Standard”) or AES (“Advanced Encryption Standard”), these work on blocks of size 64 or 128 bits (and tomorrow 256 bits), but in a single operation cannot process such a block (there are already over 1019 possible values of blocks of 64 bits). It is necessary to work inside a block on smaller elements, typically of size 8 bits (only 256 possibilities) by chaining non-linear (bijective) operations with linear (non-injective) operations.
In reference to
The hypothesis of black box in this case supposes that the data k0 and k1 or the intermediate states ƒ(a0+k0) and ƒ(a1+k1) are inaccessible.
This hypothesis imposes a major restriction on the storage and handling of these parameters. But tools have recently been published to enable automation of attacks on hardware implementation, so-called side channel or fault attacks.
Today, for many cases of use including payment on mobile, it is necessary to deploy cryptographic algorithms by making as few assumptions as possible on the security of the target hardware. Secure storage and handling of secret parameters must be ensured at the application level.
The cryptography known as white box aims to respond to this challenge by proposing implementations of cryptographic algorithms which are supposed to make extraction of secrets impossible, even in case of attack allowing the attacker full access to the software implementation of the algorithm. More exactly, a function is considered as a “white box” when its mechanisms are visible and enable understanding of its operation. In other terms, the direct assumption is made that the attacker has access to everything he wants (the binary is completely visible and modifiable by the attacker who has complete control of the operation platform). Consequently, implementation itself is the sole line of defence.
To protect implantation of a pattern such as described earlier, it has first been proposed to merge keys k0 and k1 with the function ƒ by representing computations by tables. For the example studied, in reference to
This ploy avoids having the keys in the clear, but is not enough to resist an attack consisting of exhaustively testing all possible keys k0 (respectively k1) to the point of finding the one which verifies y0=ƒ(a0+k0) (respectively y1=ƒ(a1+k1)).
It has been proposed to “mask” the internal states which are masked by random permutations G0, G1, G2 (unknown but constant) called internal encodings. More precisely, as shown by
But attacks have shown that patterns such as above could still be attacked when the encoding was linear by exploiting the correlation between the encoded datum and the sensitive datum (i.e. yi or z in the example above), cf. the article “Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough” at CHES2016.
This pattern is also sensitive to other attacks known as collision attacks which exploit the non-injective character of linear transformations (here TL) to build algebraic relations giving information on the key (the pair (k0, k1) in the example above), cf. the article “Cryptanalysis of a White Box AES Implementation” published at SAC2004.
More precisely, couples of pairs can be found (a0, ai) and (a′0, a′1) such as G2 ∘TL [ƒ(a0+k0), ƒ(a1+k1)]=G2∘TL [ƒ(a′0+k0), ƒ(a′1+k1)], i.e. TL [ƒ (a0+k1), ƒ(a1+k1)]=TL [ƒ(a′0+k0), ƒ(a′1+k1)] to make of the non-injective character of TL. Random permutations are thus eliminated and if there are enough couples, the values of keys k0, k1, can again be exhaustively tested which is long though feasible.
Applications EP2924677, EP2922234 and EP2996278 have consequently proposed a breakdown of internal states into a sum of fragments “splits”, so as to execute the non-linear function fragment by fragment. For this, a linear sharing function Di(y) for splitting y, is used and the random permutations at G00, G10, GL0, G01, G11, GL1 corresponding to one or the other of the fragments are duplicated.
However, this pattern remains sensitive to some attacks, in particular by collision: assuming the computations are simpler than TL is the eXclusive OR function, “XOR”, which does not diminish the generality of the idea since any linear function can decompose into a succession of XORs and scalar products with constants, if for given z, the set z of pairs (x0, x1) is built such that z=GL0∘(D0(y0)+D1(y1)), then for each pair (x0, x1) ∈
z, D0(y0)+cz=D1(y1), i.e. y1=D1−1(D0(y0)+cz) can be posed.
This builds the function φ{circumflex over (k)}z, for any pair of keys {circumflex over (k)}0, {circumflex over (k)}1), whereof it can be shown that the case ({circumflex over (k)}0, {circumflex over (k)}1)=(k0, k1) is distinguishable, which goes back to the keys. In fact, in the right example, the function φ{circumflex over (k)}
As a consequence, it would be preferable to have a novel solution of “white box” encryption using standard mechanisms such as DES and AES which is completely resistant to all known attacks (by channel analysis, by collision, etc.).
According to a first aspect, the present invention relates to a method for encrypting or decrypting a n-tuple of data with a n-tuple of predetermined secret keys, n≥2, for a given non-linear permutation function and a given linear multiplexing function, the method being characterized in that it comprises data-processing means of equipment implementing steps of:
According to other advantageous and non-limiting features:
According to a second and a third aspect, the invention proposes a computer program product comprising code instructions for executing a method according to the first aspect for encrypting or decrypting a n-tuple of data with a n-tuple of predetermined secret keys; and storage means legible by computer equipment on which a computer program product comprises code instructions for executing a method according to the first aspect for encrypting or decrypting a n-tuple of data with a n-tuple of predetermined secret keys.
Other features and advantages of the present invention will become more apparent upon reading the following description of a preferred embodiment. This description will be given in reference to the appended drawings, in which:
Architecture
In reference to
The equipment 10a comprises data-processing means 11a (a processor) and data-storage means 12a (a memory, for example flash).
The equipment 10a is for example connected to a server 10b for example via the internet network 20. It can be led to receive tables (to be described later) from this server 10b (for example that of a provider of security solutions), containing secrets which will be stored in the memory 12a and used to implement the present method.
The equipment 10a can in turn be connected to other third-party servers 10c with whom it could exchange data encrypted by means of the present method.
Cryptographic Method
The present method is a cryptographic “encryption or decryption” method, meaning that according to the case it encrypts data or decrypts them. It is of symmetrical or “secret key” type.
It is understood that the present method is a novel implementation of known algorithms such as DES or AES which are the current standards. More precisely, it is not a novel encryption strategy but only a new way of handling data within the algorithm which is resistant to all “white box” hardware attacks.
According to a classic pattern, it processes data block by block, and within a block, it manipulates elements of smaller size, for example 16 elements of one byte for 128 bits block (such as AES for example). These elements are manipulated n by n, with n≥2, and advantageously n=2.
So, the present method encrypts or decrypts a n-tuple of data {ai}i∈[[0,n-1]] with a n-tuple of predetermined secret keys {ki}i∈[[0,n-1]]. In the rest of the description, it will be assumed that n=2 (i.e. there is a pair of elements a0, a1 and a pair of keys k0, k1), but the skilled person can transpose the method to other higher values of n.
Each element ai of said n-tuple of data {ai}i∈[[0,n-1]] has a value in a space {0; 1}k to be noted 2k and advantageously has a size of one byte (a “byte” of 8 bits, i.e. k=8), but a size of one half-byte (a “nibble” of 4 bits, i.e. k=4) or even 6 bits could be taken for example. The preferred example of one byte will be taken in the rest of the description.
To process a complete block from smaller elements, it is necessary to multiply the operations within the block, and for this the present method classically combines the use of a non-linear permutation function ƒ (step (a) as will be seen), and the use of a linear multiplexing function L (step (b) as will be seen), each datum as a function of the cryptographic algorithm to be implemented.
The permutation function ƒ is a bijective function parameterized with a secret key ki which takes as input an input element of 2k and generates at output an output element of the same size (i.e. of
2k). These functions are well known and that of any cryptographic algorithm could be used in particular using permutations, in particular an algorithm selected from DES and AES (the function ƒ is then for example a box S).
“Multiplexing” function means a function taking as input several elements of 2k (in particular n) and generating at output a single element of
2k. Thus, the multiplexing function combines several elements of
2k. These functions are well known and the commonly used eXclusive OR function could be used in particular (in particular in AES), noted XOR and more simply +.
It is understood that ƒ is non-linear and that L is linear.
The algorithm typically comprises alternating a stage of use of ƒ to permutate elements, then a stage of use of L for merging data, until the whole block has been processed (merged data are again permutated, then merged with other data, etc.). It is understood that the present method advantageously comprises the repetition of steps (a) and (b) so as to encrypt or decrypt a set of data comprising those of said n-tuple {ai}i∈[[0,n-1]].
In the rest of the present description, the illustrative example of the general pattern a0, a1→z=L (ƒ(a0+k0), ƒ(a1+k1)) as found in
It should be noted that for computations more complex than those described in the present examples, it can be interesting to use decomposition in the form of sequences of linear operations and multiplications. In this case, ideas continue to apply in combination with the works of Rivain-Prouff (“Provably Secure Higher-Order Masking of AES” CHES 2010) and Ishai-Sahai-Wagner (“Private Circuits: Securing Hardware against Probing Attacks” at CRYPTO 2003).
Permutation Step
The present method is implemented by the data-processing means 11a of the equipment 10a.
To counter attacks of the prior art, the present method proposes as shown in
As explained, the first step (a) is called permutation, and will use the function ƒ but not the function L.
In this step (a), for each element ai of said n-tuple of data {ai}i∈[[0,n-1]] (i.e. ∀i ∈[[0, n-1]]), “first internal states” {yij}j∈[[0,m-1]] are determined (belonging as elements ai to 2k, and to the number of m) by application to said element ai of m “first operations”. The first internal states are visible in the hypothesis of white box and must therefore be unusable for obtaining information on the secret keys.
Each first operation for this is:
Therefore, typically there is:
yi0=Ti0[ai]=Gi0∘Di∘ƒ(ai+ki)=Gi0∘Di(yi),
yi1=Ti1[ai]=Gi1∘Ei∘ƒ(ai+ki)=Gi1∘Ei(y1),
yi2=Ti2[ai]=Gi2∘Fi∘ƒ(ai+ki)=Gi2∘Fi(yi),
etc.
More precisely, the idea of non-linear sharing is to build functions Di, Ei, Fi . . . such as ∀i ∈[[0, n-1]], ∀x,x=Di(x)+Ei(x)+Fi(x)+ . . . . It is assumed that m=3, that is, three families Di, Ei, Fi suffice, and therefore 6 functions if n=2. The Gij serve as internal encoding while the Di, Ei and Fi serve to share a secret.
Therefore, each “non-masked” internal value yi=ƒ(ai+ki), which is a sensitive datum, can be rebuilt only from Di(yi), Ei(yi) and Fi(yi).
Ei and Fi can be selected randomly from all functions (not just bijective) operating on elements of preferred size, in particular bytes, but not Di, which is linked to the others.
The method preferably comprises a previous step (a0) of random generation by the data-processing means 11b of a server 10b connected to the equipment 10a of m−1 non-linear sharing functions Ei, Fi . . . for each collection (Di, Ei, Fi . . . ), from which the m-th non-linear sharing function Di is built (by posing for example Di(y)=yi+Ei(y)+Fi(y)+ . . . for any element y).
As explained, all Gij are bijective masking encodings (of 2k in
2k), selected randomly once for all, in particular by the server 10b.
In this way and as preferred, step (a0) further comprises random generation of internal encodings Gij (and as will be seen GLj), construction of tables Tij, and as will be seen TLj), and their transmission to the equipment 10a for storage on the storage means 12a. In the preferred embodiment there are m× n first internal encodings Gij and their inverses, and m second internal encodings GLj and their inverses. In total, (m−1)+(m×n)+m=(n+2)m−1 functions of 2k in
2k must be generated randomly.
On completion of step (a) (when it has been implemented n times for all ai), there is a set (in this case m×n) of said first internal states yij. So m n-tuples can be formed from first internal states {{yij}i∈[[0,n-1]]}j∈[[0,m-1]].
Multiplexing Step
The second step (b) is called multiplexing, and uses the function L to combine the first internal states yij.
In this step (b), for each n-tuple of first internal states {yij}i∈[[0,n-1]] (i.e. ∀j ∈[[0,m−1]]) a (single) “second internal state” zj is determined (still in 2k) by application to said internal states yij of the n-tuple of first internal states {yij}i∈[[0,n-1]] of a “second operation”.
As before, the second internal states are visible in the hypothesis of white box and therefore must be unusable for obtaining information on the first internal states and the secret keys.
Each second operation for this is:
Therefore, this typically gives: zj=TLj[y0j, y1j . . . ]=GLj ∘L(G0j−1[y0j], G1j−1[y1j] . . . ).
n by n will be cross-combined as evident in
Explanation
The encrypted/decrypted z of said n-tuple of data {ai}i∈[[0,n-1]] can easily be retrieved from m second internal states {zj}j∈[[0,m-1]].
If needed, it is sufficient to apply to them in a step (c) a “third operation” which is:
Therefore, this typically gives:
Yet, because n<m, each zj contains insufficient information for rebuilding to obtain a relation linking the yi, an attack by collision therefore becomes impossible.
To illustrate this in the case n=2 and m=3, for any pair of octets (a, b), there is ∀j ∈{0; 1; 2}, TLj(a, b)=GLj (L(G0j−1(a), G1j−1(b))), that is, TL0(a, b)=GL0 (L(G00−1 (a), G10−1(b))), TL1(a, b)=GL1(L(G01−1(a), G11−1(b))) and TL2(a, b)=GL2(L(G02−1(a), G12−1(b))).
It can be verified that by linearity of L and by construction, there is TL0(T00 [a0], T10 [a1])=GL0(L(G00−1(G00 o D0[y0]), G10−1 (G10 o D1[y1])))=GL0(L(D0[y0], D1[y1]));
That is ∀j∈{0; 1; 2}, TLj (T0j[a0], T1j[a1])=GLj (L(G0j−1[y0j], G1j−1[y1j])). This suggests that the GLj for j=0,1,2 form encoding of a share of the datum TL[y0, y1] described in
And z=GL0−1[z0]+GL1−1[z1]+GL2−1[z2]=GL0−1 o GL0(L(D0[y0], D1[y1]))+GL1−1 o GL1(L(E0[y0], E1[y1]))+GL2−1 o GL2(L(F0[y0], F1[y1]))=L(D0[a0], D1[a1])+L(E0[y0], E1[y1])+L(F0 [y0], F1[y1])=L(D0[y0]+E0[y0]+F0[y0], D1[y1]+E1[y1]+F1[y1])=L(y0, y1)=L(ƒ(x0+k0), ƒ(y0+k1)).
The present breakdown therefore easily achieves its objective, specifically enabling encryption or decryption of elements and obtaining only internal states which cannot be exploited to recover the secret keys.
Computer Program Product
According to a second and a third aspects, the invention relates to a computer program product comprising code instructions for executing (in particular on the data-processing means 11a of the equipment 10a) a method according to the first aspect of the invention for encrypting or decrypting a n-tuple of data {ai}i∈[[0,n-1]] with a n-tuple of predetermined secret keys {ki}i∈[[0,n-1]], as well as storage means legible by computer equipment (a memory 12a of the equipment 10a) hosting this computer program product.
| Number | Date | Country | Kind |
|---|---|---|---|
| 17 50215 | Jan 2017 | FR | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 20100299515 | Michiels et al. | Nov 2010 | A1 |
| 20120045050 | Farrugia et al. | Feb 2012 | A1 |
| 20150270949 | Michiels | Sep 2015 | A1 |
| 20150270950 | Michiels | Sep 2015 | A1 |
| 20160330019 | Michiels | Nov 2016 | A1 |
| Number | Date | Country |
|---|---|---|
| 2922234 | Sep 2015 | EP |
| 2924677 | Sep 2015 | EP |
| 2996278 | Mar 2016 | EP |
| Entry |
|---|
| Chow et al., “White-Box Cryptography and an AES implementation”, SAC, pp. 1-18. (Year: 2002). |
| Billet O., Gilbert H., Ech-Chatbi C. (2004) Cryptanalysis of a White Box AES Implementation. In: Handschuh H., Hasan M.A. (eds) Selected Areas in Cryptography. SAC 2004. Lecture Notes in Computer Science, vol. 3357. Springer, Berlin, Heidelberg (Year: 2004). |
| (AES) Federal Information Processing Standards. Nov. 26, 2001. doi:10.6028/NIST.FIPS.197. 197. (Year: 2001). |
| (DES) Federal Information Processing Standards. Oct. 25, 1999. NIST.FIPS.46-3 (Year: 1999). |
| S. Dziembowski and K. Pietrzak, “Leakage-Resilient Cryptography,” 2008 49th Annual IEEE Symposium on Foundations of Computer Science, Philadelphia, PA, 2008, pp. 293-302, doi: 10.1109/FOCS.2008.56. (Year: 2008). |
| Rivain et al., “Provably Secure Higher-Order Masking of AES”, Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, Aug. 17-20, 2010, 20 pages. |
| Preliminary Research Report received for French Application No. 1750215, dated Oct. 26, 2017, 4 pages (1 page of French Translation Cover Sheet and 3 pages of original document). |
| Ishai et al., “Private Circuits: Securing Hardware against Probing Attacks”, Annual International Cryptology Conference, Advances in Cryptology, CRYPTO 2003, pp. 462-479. |
| European Search Report and Written Opinion received for EP Patent Application No. 18305016.0, dated May 8, 2018, 5 pages of Original Document Only. |
| Chow et al., “Selected Areas in Cryptography, White-Box Cryptography and an AES Implementation”, Selected Areas in Cryptography, 9th Annual International Workshop, SAC 2002, Lecture Notes in Computer Science, vol. 2595, pp. 250-270. |
| Number | Date | Country | |
|---|---|---|---|
| 20180198611 A1 | Jul 2018 | US |
