Cryptanalysis of a white‐box SM4 implementation based on collision attack

Wang, Rusi; Guo, Hua; Lu, Jiqiang; Liu, Jianwei

doi:10.1049/ise2.12045

Cited by 8 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although it is not an optimized implementation, there is also a study of side-channel attacks on SM4 block cipher. In [29] tried collision-based attack, however it has more efficiently attack then [30]. The main ideas of [29], first they combined the look-up tables T-boxes.…”

Section: E Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Optimized Implementation of SM4 on AVR Microcontrollers, RISC-V Processors, and ARM Processors

et al. 2022

View full text Add to dashboard Cite

At 2003, the SM4 block cipher was introduced that is a Chinese domestic cryptographic. It is mandated in the Chinese National Standard for Wireless LAN Wired Authentication and Privacy Infrastructure (WAPI), because the algorithm was developed for use in wireless sensor networks to provide safety network environment. The SM4 block cipher uses a 128-bit block size and a 32-bit round key. It consists of 32 rounds and one reverse translation R. In this paper, we present the optimized implementation of the SM4 block cipher on 8-bit AVR microcontrollers, which are widely used in wireless sensor devices; the optimized implementation of the SM4 block cipher on 32-bit RISC-V processors, which are opensource-based computer architectures, and the optimized implementation of SM4 on 64-bit ARM processors with parallel computation, which are widely used in smartphones and tablets. In the AVR microcontroller, three versions are implemented for various purposes, including speed-optimization, memory-optimization, and code size-optimization. As a result, the speed-optimization, memory-optimization, and code sizeoptimization versions achieved 205.2 cycles per byte, 213.3 cycles per byte, and 207.4 cycles per byte, respectively. This is faster than the reference implementation written in C language (1670.7 cycles per byte). The implementation on 32-bit RISC-V processors achieved 128.8 cycles per byte. This is faster than the reference implementation written in C language (345.7 cycles per byte). The implementation on 64-bit ARM processors achieved 8.62 cycles per byte. This is faster than the reference implementation written in C language (120.07 cycles per byte).

show abstract

Section: E Related Workmentioning

confidence: 99%

“…In [29] tried collision-based attack, however it has more efficiently attack then [30]. The main ideas of [29], first they combined the look-up tables T-boxes. Second, to remove the effect of dual cipher, it shuffled the order of data in the T-boxes.…”

Section: E Related Workmentioning

confidence: 99%

Optimized Implementation of SM4 on AVR Microcontrollers, RISC-V Processors, and ARM Processors

et al. 2022

View full text Add to dashboard Cite

show abstract

“…It includes time [3], power consumption [4][5][6], electromagnetic energy [7,8], and some other ones. After that, many effective methods have been proposed along with the development of SCA, such as correlation power analysis (CPA) [9], template attack [10], collision attack [11], mutual information analysis [12], and other methods. Among them, CPA is one of the most commonly used attack methods in SCA [13][14][15].…”

Section: Introductionmentioning

confidence: 99%

SFGA-CPA: A Novel Screening Correlation Power Analysis Framework Based on Genetic Algorithm

Liu,

Li,

et al. 2024

CMC

View full text Add to dashboard Cite

Correlation power analysis (CPA) combined with genetic algorithms (GA) now achieves greater attack efficiency and can recover all subkeys simultaneously. However, two issues in GA-based CPA still need to be addressed: key degeneration and slow evolution within populations. These challenges significantly hinder key recovery efforts. This paper proposes a screening correlation power analysis framework combined with a genetic algorithm, named SFGA-CPA, to address these issues. SFGA-CPA introduces three operations designed to exploit CPA characteristics: propagative operation, constrained crossover, and constrained mutation. Firstly, the propagative operation accelerates population evolution by maximizing the number of correct bytes in each individual. Secondly, the constrained crossover and mutation operations effectively address key degeneration by preventing the compromise of correct bytes. Finally, an intelligent search method is proposed to identify optimal parameters, further improving attack efficiency. Experiments were conducted on both simulated environments and real power traces collected from the SAKURA-G platform. In the case of simulation, SFGA-CPA reduces the number of traces by 27.3% and 60% compared to CPA based on multiple screening methods (MS-CPA) and CPA based on simple GA method (SGA-CPA) when the success rate reaches 90%. Moreover, real experimental results on the SAKURA-G platform demonstrate that our approach outperforms other methods.

show abstract

“…Over the past two decades, dozens of white-box implementations of the existing block ciphers have been proposed [1][2][3][4][5]. However, their security was penetrated severely [6][7][8][9][10][11][12]. In recent years, dedicated white-box block ciphers appeared as a promising direction in white-box cryptography.…”

Section: Introductionmentioning

confidence: 99%

Improved integral cryptanalysis of SPNbox in digital rights management systems

Liu

Wang

et al. 2022

IET Information Security

View full text Add to dashboard Cite

As an access control technology of digital material, digital rights management systems have a profound effect on the copyright protection of digital content. To address the threat of key exposure, applying white‐box ciphers is effective to provide a security guarantee for digital rights management systems. SPNbox, proposed at Asiacrypt’16 is such a white‐box cipher that fulfils comprehensive resistance against key exposure for digital rights management systems, including black‐box security on the server‐side and white‐box security on the client‐side. So far, the previous integral cryptanalysis of SPNbox employs a general 2‐round distinguisher without considering the details of SPNbox. The properties of SPNbox are carefully explored and a novel 2‐round integral distinguisher is introduced. On this basis, we propose new competitive 3‐round key recovery attacks with lower complexities. Particularly, the improved attack on 3‐round SPNbox‐32 only requires 232 chosen plaintexts, whereas the current best attack necessitates 262 chosen plaintexts. In addition, integral attacks on 4‐ and 5‐round SPNbox‐8 are presented for the first time. Thus, the security margin of SPNbox‐8 is narrowed by two rounds. These results indicate that the capability of SPNbox resisting integral cryptanalysis is inferior to the designers' claim.

show abstract

Cryptanalysis of a white‐box SM4 implementation based on collision attack

Cited by 8 publications

References 17 publications

Optimized Implementation of SM4 on AVR Microcontrollers, RISC-V Processors, and ARM Processors

Optimized Implementation of SM4 on AVR Microcontrollers, RISC-V Processors, and ARM Processors

SFGA-CPA: A Novel Screening Correlation Power Analysis Framework Based on Genetic Algorithm

Improved integral cryptanalysis of SPNbox in digital rights management systems

Contact Info

Product

Resources

About