• PDF / 437,149 Bytes
• 30 Pages / 439.37 x 666.142 pts Page_size
• 97 Downloads / 233 Views

DOWNLOAD

REPORT

5

Universit´e de Rennes 1, Rennes, France [email protected] 2 Institut Universitaire de France, Paris, France 3 Inria, Rennes, France 4 ´ Ecole Polytechnique, Paris, France Nanyang Technological University, Singapore, Singapore [email protected] 6 ´ Ecole Normale Sup´erieure, Paris, France [email protected] 7 Royal Holloway University of London, Egham, UK [email protected]

Abstract. In recent years there have been several attempts to build white-box block ciphers whose implementations aim to be incompressible. This includes the weak white-box ASASA construction by Bouillaguet, Biryukov and Khovratovich from Asiacrypt 2014, and the recent space-hard construction by Bogdanov and Isobe from CCS 2015. In this article we propose the first constructions aiming at the same goal while offering provable security guarantees. Moreover we propose concrete instantiations of our constructions, which prove to be quite efficient and competitive with prior work. Thus provable security comes with a surprisingly low overhead.

Keywords: White-box cryptography

1

· Provable security

Introduction

1.1

White-Box Cryptography

The notion of white-box cryptography was originally introduced by Chow et al. in the early 2000s [CEJO02a,CEJO02b]. The basic goal of white-box cryptography is to provide implementations of cryptographic primitives that offer cryptographic guarantees even in the presence of an adversary having direct access to the implementation. The exact content of these security guarantees varies, and different models have been proposed. P.-A. Fouque, P. Karpman, P. Kirchner, B. Minaud—Partially supported by the French ANR project BRUTUS, ANR-14-CE28-0015. P. Karpman—Partially supported by the Direction G´en´erale de l’Armement and by the Singapore National Research Foundation Fellowship 2012 (NRF-NRFF2012-06). c International Association for Cryptologic Research 2016  J.H. Cheon and T. Takagi (Eds.): ASIACRYPT 2016, Part I, LNCS 10031, pp. 159–188, 2016. DOI: 10.1007/978-3-662-53887-6 6

160

P.-A. Fouque et al.

Ideally, white-box cryptography can be thought of as trying to achieve security guarantees similar to a Trusted Execution Environment [ARM09] or trusted enclaves [CD16], purely through implementation means—in so far as this is feasible. Of course this line of research finds applications in many situations where code containing secret information is deployed in non-trusted environments, such as software protection (DRM) [Wys09,Gil16]. Concretely, the initial goal in [CEJO02a,CEJO02b] was to offer implementations of the DES and AES block ciphers, such that an adversary having full access to the implementation would not be able to extract the secret keys. Unfortunately both the initial constructions and later variants aiming at the same goal (such as [XL09]) were broken [BGEC04,GMQ07,WMGP07,DMRP12]: to this day no secure white-box implementation of DES or AES is known. Beside cryptanalytic weaknesses, defining white-box security as the impossibility to extract the secret key has some drawbacks. Namel

Recommend Documents

Provable Properties

142 101 239KB

An Efficient and Provable Secure Certificate-Based Combined Signature, Encryption and Signcryption Scheme for Internet o

191 29 8MB

Computational Soundness for Interactive Primitives

151 72 837KB

Towards Practical Whitebox Cryptography: Optimizing Efficiency and Space Hardness

146 55 2MB

Hierarchical Learning of Primitives Using Neurodynamic Model

185 85 77MB

Simpler Constructions of Asymmetric Primitives from Obfuscation

110 1 32MB

On the Design of Cryptographic Primitives

154 104 220KB

Design Strategies for ARX with Provable Bounds: Sparx and LAX

168 37 671KB

Blockwise p-Tampering Attacks on Cryptographic Primitives, Extractors, and Learners

158 67 523KB

Provable Security Second International Conference, ProvSec 2008, Sha

154 71 5MB

Provable Security 9th International Conference, ProvSec 2015, Kanaza

158 21 14MB

A Model of Onion Routing with Provable Anonymity

165 32 475KB