白盒化Piccolo密码算法的设计与应用  

作　　者：杨亚涛[1,2] 殷方锐 董辉 陈亮宇 刘培鹤 YANG Yatao;YIN Fangrui;DONG Hui;CHEN Liangyu;LIU Peihe(Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China;Xidian University,Xi’an 710071,P.R.China)

机构地区：[1]北京电子科技学院,北京市100070 [2]西安电子科技大学,西安市710071

出　　处：《北京电子科技学院学报》2024年第2期1-13,共13页Journal of Beijing Electronic Science And Technology Institute

基　　金：中央高校基本科研业务费专项资金(编号:328202222,3282024058,3282024052);北京市自然科学基金(编号:4232034)。

摘　　要：白盒攻击环境下敌手可以完全获取甚至改变密码算法的运行过程,给数据安全带来巨大威胁,目前移动终端、无线传感器网络(WSN)等部分轻量级应用场景均可视作白盒环境。通过改进Piccolo算法的部分结构与迭代方式将其进行白盒化实现,采用自编码查找表,根据给定的映射关系对数据分区进行标记,添加数据标记编码,并结合仿射变换等操作将密钥信息进行隐藏,能够保障较高的查表效率与白盒安全性。经安全性分析与对比,白盒化的Piccolo算法白盒多样性与白盒含混度数值较高,并且可以应对侧信道攻击、代码提取攻击、BGE攻击、MGH攻击、仿射编码恢复攻击等多种密码攻击方式,能在WSN等硬件资源受限的场景下得到良好部署与应用。In white⁃box attack environment,adversary could completely access or even change the oper⁃ation process of cryptographic algorithms,bringing huge threats to data security.Currently,some light⁃weight application scenarios such as the mobile terminals and the wireless sensor networks(WSNs)are regarded as white⁃box environments.Part of the structure and iteration in the Piccolo algorithm are im⁃proved to be white⁃boxed.According to the given mapping relationship,the self⁃coding lookup table is adopted to mark the data partition and add data marking encoding.Combining with the affine transfor⁃mation and other operations,the key information is hidden to guarantee high lookup table efficiency and white⁃box security.Security analysis and comparison indicate that the white⁃boxed Piccolo algorithm has high white⁃box diversity and white⁃box ambiguity,and can cope with various cryptographic attacks such as side channel attack,code lifting attack,BGE attack,MGH attack,affine code recovery attack,etc.The white⁃boxed Piccolo algorithm could be well deployed and applied in the scenarios of WSN and other platforms with constrained hardware resource.

关 键 词：白盒密码 Piccolo算法 自编码查找表 FEISTEL结构 

分 类 号：TN918[电子电信—通信与信息系统]