对一种白盒SM4方案的差分计算分析  

作　　者：原梓清 陈杰[1,2] YUAN Zi-Qing;CHEN Jie(State Key Laboratory of Integrated Services Networks(Xidian University),Xi’an 710071,China;Guangxi Key Laboratory of Cryptography and Information Security(Guilin University of Electronic Technology),Guilin 541004,China)

机构地区：[1]综合业务网理论及关键技术国家重点实验室(西安电子科技大学),陕西西安710071 [2]广西密码学与信息安全重点实验室(桂林电子科技大学),广西桂林541004

出　　处：《软件学报》2023年第8期3891-3904,共14页Journal of Software

基　　金：“十三五”国家密码发展基金(MMJJ20180219);陕西省自然科学基础研究计划(2021JM-126);广西密码学与信息安全重点实验室研究课题(GCIS202125)。

摘　　要：传统密码算法的安全性建立在黑盒攻击模型下.在这种攻击模型下,攻击者只能获取密码算法的输入输出,而无法得知密码算法运行时的内部细节.近年来白盒攻击模型的概念被提出.在白盒攻击模型下,攻击者既可以获取密码算法的输入输出,也可以直接观测或更改密码算法运行时的内部数据.为保证已有密码算法在白盒攻击环境下的安全性,在不改变其功能的基础上通过白盒密码技术对其进行重新设计被称为已有密码算法的白盒实现.研究白盒实现方案的设计与分析对于解决数字版权管理问题具有重要意义.近年来,出现了一类针对白盒实现方案的旁信道分析方法.这类分析手段只需要知道很少白盒实现方案的内部细节,却可以提取到密钥,因此是一类对现有白盒实现方案具有实际威胁的分析手段.对现有白盒实现方案进行此类分析对于确保方案安全性具有重要现实意义.此类分析方法中的典型代表是基于差分功耗分析原理的差分计算分析.基于差分计算分析,对白-武白盒SM4方案进行了安全性分析.基于对GF(2)上n阶均匀随机可逆矩阵统计特征的研究结果,提出了一种改进型差分计算分析(IDCA),可以在分析成功率几乎不变的前提下显著提升分析效率.结果表明,白-武白盒SM4方案在面对差分计算分析时不能保证安全性,必须对其进行进一步改进使之满足实际应用场景下的安全性需求.The security of traditional cryptographic algorithms is based on the black-box attack model.In this attack model,the attacker can only obtain the input and output of the cryptographic algorithm,but not the internal details of the cryptographic algorithm.In recent years,the concept of white-box attack model has been proposed.In the white-box attack model,attackers can not only obtain the input and output of cryptographic algorithm,but also directly observe or change the internal data of cryptographic algorithm.In order to ensure the security of existing cryptographic algorithms under white-box attack environment,redesigning the existing cryptographic algorithms through white-box cryptography technology without changing their functions is called white-box implementation of existing cryptographic algorithms.It is of great significance to study the design and analysis of the white-box implementation scheme for solving the issue of digital rights management.In recent years,a kind of side channel analysis method for white-box implementation schemes has emerged.This kind of analysis method only needs to know a few internal details of white-box implementation schemes,then it can extract the key.Therefore,it is the analysis method with practical threat to the existing white-box implementation schemes.It is of great practical significance to analyze the existing white-box implementation schemes to ensure the security of the schemes.The typical representative of this kind of analysis method is the differential computation analysis(DCA)based on the principle of differential power analysis.This study analyzes the Bai-Wu white-box SM4 scheme based on DCA.Based on the research results of the statistical characteristics of n-order uniform random invertible matrix on GF(2),an improved DCA(IDCA)is proposed,which can significantly improve the analysis efficiency on the premise of almost constant success rate.The results also show that the Bai-Wu white-box SM4 scheme can not guarantee the security in the face of DCA,therefore,it mus

关 键 词：白盒密码 白盒实现 SM4算法 旁信道分析 差分计算分析 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]