Unlock instant, AI-driven research and patent intelligence for your innovation.

Encryption algorithm with key-dependent mask computation step (sbox call)

A technology related to computing and keys, which is applied to encryption devices with shift registers/memory, usage of multiple keys/algorithms, countermeasures for attacking encryption mechanisms, etc., can solve the problem of increasing the running time and memory requirements of implementation methods, and attacking And other issues

Active Publication Date: 2021-06-15
捷德移动安全有限责任公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The disadvantage of the solution in WO 2010146139 A9 is that the additional "key translation unit" increases the runtime and memory requirements of the implementation
[0012] Yet another disadvantage of the solution in WO 2010146139 A9 is that the modified implementation now contains information about the new key and the old key
It must be assumed that the information now presented about the two different keys will enable certain attacks against white-box implementations, e.g. by way of statistical evaluation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encryption algorithm with key-dependent mask computation step (sbox call)
  • Encryption algorithm with key-dependent mask computation step (sbox call)
  • Encryption algorithm with key-dependent mask computation step (sbox call)

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0052] Example 1: The key values ​​k, f and g-1 derived for the input distribution of the calculation step S are linear functions.

[0053] Sk: Calculation step where derived key value = k

[0054] x: input value

[0055] k: the key value included in the calculation step S

[0056] SBOX: SBOX table call in table SBOX

[0057] Sk(x)=SBOX(k XOR x)

[0058] Linearly obfuscate the input and output of the table SBOX using the linear maps g-1 and f.

[0059] Tab S SubK (x)=f SBOX(k XOR g-1(x))

[0060] The key change data: SWD=g(kneu XOR k) is XORed on input.

[0061] This outputs:

[0062] Tab S SubKneu (x)=f SBOX(kneu XOR g-1(x))=f SBOX(k XOR g-1(g(k XOR kneu))XOR g-1(x))=f SBOX(k XOR g-1( g(k XOR kneu)XOR x)=f SBOX(k XOR g-1(SWDXOR x))

example 2

[0063] Example 2: Assignment of the derived key values ​​k, f and g-1 to the output of the computation step S are linear functions.

[0064] Sk: Calculation step, if key value = k

[0065] x: input value

[0066] k: the key value included in the calculation step S

[0067] SBOX: SBOX table call

[0068] Sk(x)=k XOR SBOX(x)

[0069] Linearly obfuscate the input and output using the linear maps g-1 and f.

[0070] Tab S SubK (x)=S'k(y)=f(k XOR SBOX(g-1x)), where y=g-1x

[0071] Key change data: SWD = f(kneu XOR k), XORed on output.

[0072] This outputs:

[0073] Tab S SubKneu (x)=S'kneu(y)=SWD XOR f(k XOR SBOX(g-1x))=

[0074] f(kneu XOR k)XOR f(k XOR SBOX(g-1x))=

[0075] f(kneu XOR k XOR k XOR SBOX(g-1x))=

[0076] f(kneu XOR SBOX(g-1x)).

[0077] In example 1 and example 2, initially from the simplest case, ie g-1 and f are linear maps. If g-1 and f are non-linear, additional auxiliary data are required for computing S'kneu(y). In other constructions of Sk(x), ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a processor device having implemented thereon an executable embodiment of an encryption algorithm (AES, DES) built to generate an output text from an input text using a secret key K, wherein the algorithm's Embodiment: comprising a key-dependent calculation step S comprising key linkage of an input value x derived directly or indirectly from the input text with a key value SubK derived directly or indirectly from the key; and a key-dependent calculation step S is masked by an input mask and / or an output mask to form a masked table TabS SubK table to represent. The processor device comprises a rekeying device, which is arranged to perform a rekeying method from the derived key value SubK to a newly derived key value SubKneu in the key correlation calculation step S, wherein, in the rekeying method Middle: Key change data calculated using the derived key value SUbK, the newly derived key value SubKneu and the utilized input mask and / or output mask are available to the processor device, in particular to the key Key update device, with the help of the key to change the data, generate a new mask table TabS in the processor device, especially the key update device Kneu , the table is built to calculate the key value Sub for the new derivation using the new mask table TabSicneu Kneu The key related calculation step S.

Description

technical field [0001] The invention relates to a processor device implementing an encryption algorithm such as DES or AES including a key-dependent mask calculation step. In particular, the invention relates to the technical field of protecting encryption algorithms against attacks by means of white-box cryptography and implements encryption algorithms in a representation suitable for white-box cryptography. Background technique [0002] A processor device within the meaning of the present invention is understood to be a device or other object having a processor, for example a mobile terminal, such as a smartphone. Security-critical data used by encryption algorithms (such as PINs, passwords, encryption keys, etc.) is provided to the processor device in a secure manner. Traditionally, security-critical data is secured by (grey-box) encryption to protect it against attacks by unauthorized persons. For this purpose, the data is provided on a secure element of the mobile ter...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G09C1/00H04L9/00H04L9/06
CPCG09C1/00H04L9/002H04L9/0618H04L2209/043H04L2209/16H04L2209/24H04L2209/122H04L9/0625H04L9/0631H04L9/0819H04L9/14
Inventor S.鲍尔H.德雷克斯勒J.普尔库斯
Owner 捷德移动安全有限责任公司