Abstract
White-box cryptography aims to provide secure cryptographic primitives and implementations for the white-box attack model, which assumes that an adversary has full access to the implementation of the cryptographic algorithms. Real-world applications require highly efficient and secure white-box schemes, whereas the existing proposals cannot meet this demand. In this paper, we design a new white-box block cipher based on addition/rotation/XOR (ARX) primitives and random maximal distance separable (MDS) matrix, white-box ARX (WARX), aiming for efficient implementations in both black- and white-box models. The implementation of WARX in the black-box model is nine times faster than SPNbox-16 from ASI-ACRYPT’16, and the implementation in the white-box model is more efficient than SPNbox-16 and WEM from CT-RSA’17. Moreover, the security of WARX in both black- and white-box models is analyzed, which ensures its practical applicability. The design of WARX shows that ARX primitives and random linear layer can improve the efficiency of a white-box block cipher. This article may inspire more provably secure and efficient white-box block ciphers and help to narrow the gap between provably secure white-box schemes from academia and highly applicable schemes in great demand from industry.
Similar content being viewed by others
References
Chow S, Eisen P, Johnson H, et al. White-box cryptography and an AES implementation. In: Proceedings of the 9th International Workshop on Selected Areas in Cryptography, 2002. 250–270
Chow S, Eisen P, Johnson H, et al. A white-box DES implementation for DRM applications. In: Proceedings of ACM CCS-9 Workshop on Digital Rights Management, 2002. 1–15
Bringer J, Chabanne H, Dottax E. White box cryptography: another attempt. 2006. https://eprint.iacr.org/2006/468.pdf
Xiao Y Y, Lai X J. A secure implementation of white-box AES. In: Proceedings of the 2nd International Conference on Computer Science and Its Applications, 2009. 1–6
Karroumi M. Protecting white-box AES with dual ciphers. In: Proceedings of the 13th International Conference on Information Security and Cryptology, 2010. 278–291
Billet O, Gilbert H, Ech-Chatbi C. Cryptanalysis of a white box AES implementation. In: Proceedings of the 11th International Workshop on Selected Areas in Cryptography, 2004. 227–240
Lepoint T, Rivain M, de Mulder Y, et al. Two attacks on a white-box AES implementation. In: Proceedings of the 20th International Workshop on Selected Areas in Cryptography, 2013. 265–285
Wyseur B, Michiels W, Gorissen P, et al. Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Proceedings of the 14th International Workshop on Selected Areas in Cryptography, 2007. 264–277
de Mulder Y, Wyseur B, Preneel B. Cryptanalysis of a perturbated white-box AES implementation. In: Proceedings of the 11th International Conference on Cryptology, 2010. 292–310
de Mulder Y, Roelse P, Preneel B. Cryptanalysis of the Xiao-Lai white-box AES implementation. In: Proceedings of the 19th International Workshop on Selected Areas in Cryptography, 2012. 34–49
Michiels W, Gorissen P, Hollmann H D L. Cryptanalysis of a generic class of white-box implementations. In: Proceedings of the 15th International Workshop on Selected Areas in Cryptography, 2008. 414–428
Derbez P, Fouque P A, Lambin B, et al. On recovering affine encodings in white-box implementations. IACR Trans Cryptogr Hardw Embed Syst, 2018, 3: 121–149
Biryukov A, Bouillaguet C, Khovratovich D. Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security, 2014. 63–84
Gilbert H, Plût J, Treger J. Key-recovery attack on the ASASA cryptosystem with expanding s-boxes. In: Proceedings of the 35th Annual Cryptology Conference, 2015. 475–490
Minaud B, Derbez P, Fouque P A, et al. Key-recovery attacks on ASASA. J Cryptol, 2018, 31: 845–884
Bogdanov A, Isobe T. White-box cryptography revisited: space-hard ciphers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 1058–1069
Bogdanov A, Isobe T, Tischhauser E. Towards practical whitebox cryptography: optimizing efficiency and space hardness. In: Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security, 2016. 126–158
Fouque P A, Karpman P, Kirchner P, et al. Efficient and provable white-box primitives. In: Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security, 2016. 159–188
Cho J, Choi K Y, Dinur I. WEM: a new family of white-box block ciphers based on the Even-Mansour construction. In: Proceedings of the Cryptographers’ Track at the RSA Conference, 2017. 293–308
Lin T T, Lai X J, Xue W J, et al. A new Feistel-type white-box encryption scheme. J Comput Sci Technol, 2017, 32: 386–395
Beaulieu R, Shors D, Smith J, et al. The SIMON and SPECK families of lightweight block ciphers. 2013. https://eprint.iacr.org/2013/404.pdf
Dinu D, Perrin L, Udovenko A, et al. Design strategies for ARX with provable bounds: SPARX and LAX. In: Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security, 2016. 484–513
Beierle C, Biryukov A, Santos L C, et al. Alzette: a 64-bit ARX-box (feat. CRAX and TRAX). In: Proceedings of the 40th Annual International Cryptology Conference, 2020. 419–448
Biryukov A, Velichkov V, Le Corre Y. Automatic search for the best trails in ARX: application to block cipher SPECK. In: Proceedings of the 23rd International Conference on Fast Software Encryption, 2016. 289–310
Daemen J, Rijmen V. The wide trail design strategy. In: Proceedings of the 8th IMA International Conference on Cryptography and Coding, 2001. 222–238
Barreto P, Rijmen V. The Khazad legacy-level block cipher. NESSIE Project, 2000. https://www.researchgate.net/publication/228924670_The_Khazad_legacy-level_block_cipher
National Institute of Standards and Technology. Recommendation for key derivation using pseudorandom functions. NIST SP 800-108. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf
National Institute of Standards and Technology. SHA-3 standard: permutation-based hash and extendable-output functions. FIPS PUB 202. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
Biryukov A, Perrin L. State of the art in lightweight symmetric cryptography. 2017. https://eprint.iacr.org/2017/511.pdf
Lai X J, Massey J, Murphy S. Markov ciphers and differential cryptanalysis. In: Proceedings of the 10th Workshop on the Theory and Application of Cryptographic Techniques, 1991. 17–38
Kölbl S, Leander G, Tiessen T. Observations on the SIMON block cipher family. In: Proceedings of the 35th Annual Cryptology Conference, 2015. 161–185
Fu K, Wang M Q, Guo Y H, et al. MILP-based automatic search algorithms for differential and linear trails for SPECK. In: Proceedings of the 23rd International Conference on Fast Software Encryption, 2016. 268–288
Albrecht M, Rechberger C, Schneider T, et al. Ciphers for MPC and FHE. In: Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2015. 430–454
Dinur I, Kales D, Promitzer A, et al. Linear equivalence of block ciphers with partial non-linear layers: application to LowMC. In: Proceedings of the 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2019. 343–372
Randall D. Efficient generation of random nonsingular matrices. Random Struct Alg, 1993, 4:111–118
Murtaza G, Ikram N. Direct exponent and scalar multiplication classes of an MDS matrix. 2011. https://eprint.iacr.org/2011/151.pdf
Daemen J, Rijmen V. The Design of Rijndael: the Advanced Encryption Standard (AES). Berlin: Springer, 2020
Diffie W, Hellman M E. Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer, 1977, 10: 74–84
Biham E, Shamir A. Differential Cryptanalysis of the Data Encryption Standard. Berlin: Springer, 1993
Matsui M. Linear cryptanalysis method for DES cipher. In: Proceedings of the 12th Workshop on the Theory and Application of Cryptographic Techniques, 1993. 386–397
Biryukov A, Shamir A. Structural cryptanalysis of SASAS. In: Proceedings of the 20th International Conference on the Theory and Application of Cryptographic Techniques, 2001. 395–405
Knudsen L, Wagner D. Integral cryptanalysis (extended abstract). In: Proceedings of the 9th International Workshop on Fast Software Encryption, 2002. 112–127
Daemen J, Knudsen L, Rijmen V. The block cipher square. In: Proceedings of the 4th International Workshop on Fast Software Encryption, 1997. 149–165
Biryukov A, Khovratovich D. Decomposition attack on SASASASAS. 2015. https://eprint.iacr.org/2015/646.pdf
Perrin L. Cryptanalysis, reverse-engineering and design of symmetric cryptographic algorithms. Dissertation for Ph.D. Degree. Luxembourg: University of Luxembourg, 2017
Boura C, Canteaut A, Cannière C. Higher-order differential properties of KECCAK and Luffa. In: Proceedings of the 18th International Workshop on Fast Software Encryption, 2011. 252–269
Biryukov A, Wagner D. Slide attacks. In: Proceedings of the 6th International Workshop on Fast Software Encryption, 1999. 245–259
Biryukov A, Wagner D. Advanced slide attacks. In: Proceedings of the 19th International Conference on the Theory and Application of Cryptographic Techniques, 2000. 589–606
Bar-On A, Biham E, Dunkelman O, et al. Efficient slide attacks. J Cryptol, 2018, 31: 641–670
Shannon C E. Communication theory of secrecy systems. Bell Syst Tech J, 1949, 28: 656–715
Courtois N T, Pieprzyk J. Cryptanalysis of block ciphers with overdefined systems of equations. In: Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security, 2002. 267–287
Albrecht M. Algorithmic algebraic techniques and their application to block cipher cryptanalysis. Dissertation for Ph.D. Degree. London: Royal Holloway, University of London, 2010
Ankele R, List E. Differential cryptanalysis of round-reduced SPARX-64/128. In: Proceedings of the 16th International Conference on Applied Cryptography and Network Security, 2018. 459–475
Ankele R, Kölbl S. Mind the GAP-a closer look at the security of block ciphers against differential cryptanalysis. In: Proceedings of the 25th International Conference on Selected Areas in Cryptography, 2018. 163–190
Sun L, Wang W, Wang M Q. Automatic search of bit-based division property for ARX ciphers and word-based division property. In: Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security, 2017. 128–157
Eskandari Z, Kidmose A B, Kölbl S, et al. Finding integral distinguishers with ease. In: Proceedings of the 25th International Conference on Selected Areas in Cryptography, 2018. 115–138
Sun L, Wang W, Liu R, et al. MILP-aided bit-based division property for ARX ciphers. Sci China Inf Sci, 2018, 61: 118102
Braeken A, Semaev I. The ANF of the composition of addition and multiplication mod 2n with a boolean function. In: Proceedings of the 12th International Workshop on Fast Software Encryption, 2005. 112–125
Liu Y W, de Witte G, Ranea A, et al. Rotational-XOR cryptanalysis of reduced-round SPECK. IACR Trans Symmetric Cryptol, 2017, 3: 24–36
Acknowledgements
This work was supported by the National Key R&D Program of China (Grant No. 2017YFB0802000), National Natural Science Foundations of China (Grant Nos. 61672412, 61972457, 61902303, U19B2021), National Cryptography Development Fund of China (Grant Nos. MMJJ20170104, MMJJ20180219), China Scholarship Council (Grant No. 201806960067), Key Research and Development Program of Shaanxi (Grant No. 2020ZDLGY08-04), and Natural Science Basic Research Program of Shaanxi (Grant No. 2020JQ-832). We thank Adrián Ranea for fruitful discussions and reviewers for their effort.
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Liu, J., Rijmen, V., Hu, Y. et al. WARX: efficient white-box block cipher based on ARX primitives and random MDS matrix. Sci. China Inf. Sci. 65, 132302 (2022). https://doi.org/10.1007/s11432-020-3105-1
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-020-3105-1