A random data generation method, system and platform based on a white-box algorithm
By using a random data generation method based on white-box algorithms, and utilizing the encoding mapping of reseeding signals and device identity sequences, combined with the national cryptographic block cipher SM4, the internal state is updated in real time, solving the forward and backward security problem of IoT devices in a white-box environment, and achieving secure protection of seeds and internal states.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SOUTH CHINA NORMAL UNIV
- Filing Date
- 2022-11-21
- Publication Date
- 2026-06-26
AI Technical Summary
Existing technologies cannot effectively protect the forward and backward security and seed security of software random number generators in IoT devices in a white-box environment. This makes them vulnerable to attackers stealing the seed and internal state, resulting in insufficient security.
A random data generation method based on a white-box algorithm is adopted. Seed data is generated by acquiring reseeding signals, and then encoded and inversely mapped. Combined with the device identity sequence and the national cryptographic block cipher SM4, the internal state is updated in real time, and a self-equivalent affine transformation is generated to achieve random data generation.
In a white-box environment, the forward and backward security of the software random number generator is protected, preventing attackers from copying the device's unique identity sequence and reading its internal state. It also resists side-channel leakage and code extraction attacks, improving the security of the seed and internal state.
Smart Images

Figure CN115865322B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of software random number security technology, specifically relating to a random data generation method, system, and platform based on a white-box algorithm. Background Technology
[0002] Traditional software random number modules, such as Figure 1 As shown, it is divided into an entropy pool module and a random number processing algorithm module. In practice, there are two scenarios for using software random numbers: 1) The entropy pool module and the random number processing algorithm module are deployed on IoT devices; 2) The entropy pool module is deployed on a server, and the random number processing algorithm is deployed on IoT devices.
[0003] White-box block ciphers: Chow et al. proposed a software-oriented method for protecting cryptographic algorithms against key leakage at the SAC 2002 conference. Its main idea is to transform key-related operations into a series of lookup tables, hiding the key within these tables through obfuscation, affine transformations, and other techniques. Currently, publicly available white-box implementations of block ciphers include CEJO, self-equivalence, and implicit functions. Numerous studies have shown that the CEJO architecture provides limited security, and the construction of the lookup tables requires significant storage space. Implicit function implementations, with their nonlinear encoding operations and solving linear equations, demand substantial computational resources and do not offer good encryption speeds on low-end, small embedded devices (see Table 1).
[0004] External encoding technique: External encoding technique refers to mapping the input and output messages of a function to the length of the blocks. If the inverse mapping is protected, the attacker cannot deduce the original input and output data, thereby achieving the effect of obfuscating the original data.
[0005] Security of random number generation models: At the 2005 CCS conference, Barak et al. proposed a robust software random number generation model and architecture that needs to satisfy three security properties.
[0006] Resilience: Even when the entropy source is controlled by an attacker, the software RNG can still output sufficiently random data.
[0007] Forward security: Attackers cannot recover previously output random numbers from existing data.
[0008] Backward security: Attackers cannot predict the random numbers of future outputs from existing data.
[0009] Currently, under the condition of limited IoT resources, there are issues such as the binding of the entropy source of the software random number module to the module, the resistance of the cryptographic random number generator in the module to code-lifting attacks, and the forward and backward security issues caused by internal state leakage.
[0010] Patent 1, "A Method for Generating Pseudo-Random Numbers and a Pseudo-Random Number Generator," CN105376055B, does not include any protection measures for the seed output by the entropy pool. This invention uses the SM4 and 3DES encryption algorithms to output pseudo-random numbers, and its security relies on the security of the encryption algorithms. However, it lacks other measures to protect the side-channel security of the encryption algorithms and prevent internal state leakage, resulting in insufficient security protection.
[0011] Patent 2: "A Pseudo-random Number Generation Method and Device with Variable Structure" CN110058842B, is implemented using linear feedback shift registers and nonlinear feedback shift registers. It uses AND gates and XOR gates, which have certain hardware requirements and are not well compatible with IoT devices.
[0012] Patent 3, "A Method and Apparatus for Generating Full-Entropy Random Numbers Based on Flash Memory" (CN104615407B), extracts truly random numbers based on the physical characteristics of flash memory itself. Compared to pseudo-random number generators, its output has a random number sequence with better statistical properties. However, in resource-constrained IoT environments, the complex programming methods and special hardware requirements make it expensive and lacking in general usability.
[0013] Patent 4, "A Random Number Generation Method and Apparatus" (CN112130808A), uses a linear feedback shift register to generate random numbers. It can be configured as one or more integrated circuits, such as a Field Programmable Gate Array (FPGA), or implemented as a system-on-a-chip (SOC). However, because its implementation requires hardware design, it is incompatible with already manufactured IoT devices and lacks internal state protection.
[0014] Patent 5, "A Method for Generating Pseudo-Random Sequences in an LTE System" (CN105391545A), aims to solve the problem of rapid generation of scrambling codes in mobile communications, where the scrambling code is a random number sequence output by the invention. Its random sequence generation method for LTE systems is specific and lacks general applicability to other IoT devices, and it does not offer internal state protection in terms of security.
[0015] Patent 6, "A Method and Apparatus for Generating Random Numbers on a Blockchain" (CN109783057A), proposes a random number generation device on a blockchain that is unaffected by ledger nodes. Any submitter can submit results and challenges, and malicious ledger nodes cannot restrict the operator's actions for an extended period. While this invention involves blockchain technology for IoT devices, it lacks widespread usability.
[0016] Patent 7, "Hardware-Assisted Fast Pseudo-Random Number Generation" (CN107017981B), proposes a hybrid function for outputting random sequences. While less secure than cryptographic algorithms, it offers speed advantages. Furthermore, by concealing the input and output from attackers, side-channel attacks or traditional cryptographic attacks are impossible. It makes security assumptions regarding the internal state but does not propose protection measures for the seed.
[0017] Patent 8, "A Method for Generating Pseudo-Random Numbers" (CN106375082B), proposes a random number generator using a hash algorithm and a block cipher algorithm. The hash algorithm is used to update the internal state, and the block cipher algorithm is used to output a random sequence. In terms of randomness, it passed the randomness test of all fifteen sequences provided by the National Institute of Standards and Technology (NIST), but it does not provide security protection for the internal state.
[0018] Paper 1, "A Software Random Number Generator with Entropy Monitoring Function," proposes a software random number generator with entropy monitoring functionality. This aims to address the problem of insufficient entropy in the entropy source and employs secure SM3 and SM4 cryptographic algorithms as post-processing algorithms to prevent internal state leakage. Entropy monitoring requires continuous testing of the entropy pool data, increasing the computational burden on the device. Furthermore, the security of the SM3 and SM4 cryptographic algorithms relies on kernel security and lacks software-level protection, making them vulnerable to side-channel attacks.
[0019] None of the above patents or papers provide protection in a white-box environment. Attackers in a white-box environment can steal the seed and internal confidentiality, or perform code extraction attacks, side-channel attacks, etc., threatening the forward and backward security of the random number generator.
[0020] Therefore, in order to address the above-mentioned technical problems and shortcomings, there is an urgent need to design and develop a random data generation method, system, and platform based on white-box algorithms. Summary of the Invention
[0021] To overcome the shortcomings and difficulties of the existing technology, the present invention aims to provide a random data generation method, system and platform based on white-box algorithm, which improves the forward and backward security and seed security of software random number generators in resource-constrained IoT devices in white-box environment.
[0022] The primary objective of this invention is to provide a method for generating random data based on a white-box algorithm;
[0023] The second objective of this invention is to provide a random data generation system based on a white-box algorithm;
[0024] The third objective of this invention is to provide a random data generation platform based on a white-box algorithm;
[0025] The first objective of this invention is achieved as follows: the method comprises the following steps:
[0026] Acquire a reseeding signal and generate first seed data in real time based on the reseeding signal;
[0027] The encoding and mapping process is used to process the first seed data, generate the second seed data, and transmit the second seed data in real time.
[0028] The second seed data is processed by encoding inverse mapping to generate initial seed data and device identity sequence data, respectively.
[0029] The internal state is initialized based on the initial seed data, and self-equivalent affine transformations are generated in real time.
[0030] Random data is generated in real time by generating self-equivalent affine transformations and combining them with white-box algorithms.
[0031] Furthermore, the first seed data is seed data containing device identity information sequence data;
[0032] The second seed data is the seed data after the encoding mapping process of the first seed data.
[0033] Furthermore, the step of acquiring the reseeding signal and generating a seed containing a sequence of device identification information in real time based on the reseeding signal further includes the following steps:
[0034] Based on the seed data and combined with device identification information, the seed data and device identification information are spliced and processed in real time.
[0035] Furthermore, before acquiring the reseeding signal and generating a seed containing a sequence of device identification information in real time based on the reseeding signal, the method further includes the following steps:
[0036] A reseeding signal is generated within a specific time period and transmitted in real time.
[0037] Further, the encoding inverse mapping process for the second seed data, generating initial seed data and device identity sequence data respectively, also includes:
[0038] Generate and obtain the data string of the second seed data;
[0039] Based on the device identity information in the data string, compare it with the identity information whitelist in real time;
[0040] It can determine in real time whether seed data has been tampered with.
[0041] Furthermore, the step of initializing the internal state in real time based on the initial seed data and generating a self-equivalent affine transformation also includes:
[0042] Obtain initial seed data, and based on the initial seed data, update the internal state in real time using the SM4 national cryptographic block cipher.
[0043] Furthermore, the step of generating random data in real time through the generated self-equivalent affine transformation and combined with a white-box algorithm also includes:
[0044] It continuously updates its internal state and generates multiple sets of self-equivalent affine transformations;
[0045] The system stores the multiple sets of self-equivalent affine transformations and transmits them in real time according to the request acquisition signal.
[0046] The second objective of the present invention is achieved as follows: the system comprises:
[0047] A generation unit is used to acquire a reseeding signal and generate first seed data in real time based on the reseeding signal.
[0048] The encoding mapping processing unit is used to encode and map the first seed data, generate the second seed data, and transmit the second seed data in real time.
[0049] The encoding inverse mapping processing unit is used to encode and inverse map the second seed data to generate initial seed data and device identity sequence data respectively.
[0050] The first generation unit is used to initialize the internal state based on the initial seed data and generate self-equivalent affine transformations in real time.
[0051] The second generation unit is used to generate random data in real time through the generated self-equivalent affine transformation and in combination with a white-box algorithm.
[0052] Furthermore, the first seed data is seed data containing device identity information sequence data; the second seed data is seed data after encoding and mapping processing of the first seed data;
[0053] The acquisition and generation unit further includes:
[0054] The splicing processing module is used to splice and process seed data and device identification information in real time based on seed data and combined with device identification information.
[0055] And / or, the system further includes:
[0056] The third generation unit is used to generate a reseeding signal within a specific time period and transmit the reseeding signal in real time.
[0057] And / or, the encoding inverse mapping processing unit further includes:
[0058] The first generation module is used to generate and obtain the data string of the second seed data;
[0059] The comparison module is used to compare the device identity information in the data string with the identity information whitelist in real time.
[0060] The determination module is used to determine in real time whether the seed data has been tampered with;
[0061] And / or, the first generating unit further includes:
[0062] The status update module is used to obtain initial seed data and update the internal status in real time based on the initial seed data and the national cryptographic block cipher SM4.
[0063] And / or, the second generating unit further includes:
[0064] The second generation module is used to continuously update the internal state and generate multiple sets of self-equivalent affine transformations;
[0065] The storage and transmission module is used to store the multiple sets of self-equivalent affine transformations and transmit the multiple sets of self-equivalent affine transformations in real time according to the request acquisition signal.
[0066] The third objective of this invention is achieved as follows: it includes a processor, a memory, and a control program for a random data generation platform based on a white-box algorithm;
[0067] The processor executes the white-box algorithm-based random data generation platform control program, which is stored in the memory. The white-box algorithm-based random data generation platform control program implements the white-box algorithm-based random data generation method.
[0068] This invention obtains a reseeding signal through a method, generates first seed data in real time based on the reseeding signal, processes the first seed data through encoding and mapping to generate second seed data, and transmits the second seed data in real time, processes the second seed data through encoding and inverse mapping to generate initial seed data and device identity sequence data respectively, initializes the internal state based on the initial seed data, and generates a self-equivalent affine transformation in real time, generates random data in real time through the generated self-equivalent affine transformation, combined with a white-box algorithm, and provides a corresponding system and platform to ensure the forward and backward security of the software random number generator and the security of the seed.
[0069] In other words, attackers cannot copy the device's unique identity sequence. Even if the white-box algorithm is copied, attackers cannot generate the same random numbers. Moreover, it not only solves the side-channel leakage problem in gray-box environments but also prevents attackers from reading the internal state in white-box environments. The white-box algorithm operation of the self-equivalent architecture does not involve encoded key-related lookup table operations, and it integrates non-linear, redundant coding for side-channel protection. Therefore, algebraic attacks such as BGE, as well as differential computation analysis and differential fault analysis, cannot be implemented, protecting the forward and backward security of the software random number generator. Attached Figure Description
[0070] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0071] Figure 1 This is a schematic diagram of a traditional software random number module;
[0072] Figure 2 This is a schematic diagram of the first scheme of a random data generation method based on a white-box algorithm according to the present invention.
[0073] Figure 3 This is a schematic diagram of the second scheme of the random data generation method based on white-box algorithm of the present invention;
[0074] Figure 4 This is a schematic diagram of the registration process of a random data generation method based on a white-box algorithm according to the present invention;
[0075] Figure 5 This is a schematic diagram of the identity authentication process of a random data generation method based on a white-box algorithm according to the present invention;
[0076] Figure 6 This is a schematic diagram of the process of a random data generation method based on a white-box algorithm according to the present invention;
[0077] Figure 7 This is a schematic diagram of a random data generation system architecture based on a white-box algorithm according to the present invention;
[0078] Figure 8 This is a schematic diagram of a random data generation platform architecture based on a white-box algorithm according to the present invention;
[0079] Figure 9 This is a schematic diagram of a computer-readable storage medium architecture in one embodiment of the present invention;
[0080] The objectives, features, and advantages of this invention will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0081] To facilitate a clearer understanding of the objectives, technical solutions, and advantages of this invention, the invention will be further described below in conjunction with the accompanying drawings and specific embodiments. Those skilled in the art can easily understand other advantages and effects of this invention from the content disclosed in this specification.
[0082] This invention can also be implemented or applied through other different specific examples, and various details in this specification can also be modified and changed based on different viewpoints and applications without departing from the spirit of this invention.
[0083] It should be noted that if the embodiments of the present invention involve directional indicators (such as up, down, left, right, front, back, etc.), the directional indicators are only used to explain the relative positional relationship and movement of the components in a certain specific posture (as shown in the figure). If the specific posture changes, the directional indicators will also change accordingly.
[0084] Furthermore, if the embodiments of this invention involve descriptions such as "first" or "second," these descriptions are for descriptive purposes only and should not be construed as indicating or implying their relative importance or implicitly specifying the number of technical features indicated. Therefore, a feature defined with "first" or "second" may explicitly or implicitly include at least one of those features. Secondly, the technical solutions of the various embodiments can be combined with each other, but this must be based on the ability of those skilled in the art to implement them. When the combination of technical solutions is contradictory or impossible to implement, it should be considered that such a combination of technical solutions does not exist and is not within the scope of protection claimed by this invention.
[0085] Preferably, the random data generation method based on white-box algorithm of the present invention is applied in one or more terminals or servers. The terminal is a device capable of automatically performing numerical calculations and / or information processing according to pre-set or stored instructions, and its hardware includes, but is not limited to, microprocessors, application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), digital signal processors (DSPs), embedded devices, etc.
[0086] The terminal can be a desktop computer, laptop, handheld computer, or cloud server, etc. The terminal can interact with the customer via a keyboard, mouse, remote control, touchpad, or voice control device.
[0087] This invention provides a method, system, and platform for generating random data based on a white-box algorithm.
[0088] like Figure 6 The diagram shown is a flowchart of a random data generation method based on a white-box algorithm provided in an embodiment of the present invention.
[0089] In this embodiment, the random data generation method based on the white-box algorithm can be applied to a terminal or fixed terminal with display function. The terminal is not limited to personal computers, smartphones, tablets, desktop computers or all-in-one computers with cameras, etc.
[0090] The white-box algorithm-based random data generation method can also be applied to a hardware environment consisting of a terminal and a server connected to the terminal via a network. The network includes, but is not limited to, a wide area network (WAN), a metropolitan area network (MAN), or a local area network (LAN). The white-box algorithm-based random data generation method of this invention can be executed by the server, by the terminal, or by both the server and the terminal.
[0091] For example, for terminals that need to generate random data based on white-box algorithms, the random data generation function based on white-box algorithms provided by the method of this invention can be directly integrated into the terminal, or a client for implementing the method of this invention can be installed. Alternatively, the method provided by this invention can also run on servers or other devices in the form of a Software Development Kit (SDK), providing an interface for the random data generation function based on white-box algorithms. Terminals or other devices can then implement the random data generation function based on white-box algorithms through the provided interface.
[0092] The present invention will be further described below with reference to the accompanying drawings.
[0093] like Figure 1-9 As shown, this invention provides a method for generating random data based on a white-box algorithm. The method includes the following steps:
[0094] S1. Obtain the reseeding signal and generate first seed data in real time based on the reseeding signal;
[0095] S2. The first seed data is encoded and mapped to generate the second seed data, and the second seed data is transmitted in real time.
[0096] S3. The second seed data is processed by encoding inverse mapping to generate initial seed data and device identity sequence data respectively;
[0097] S4. Initialize the internal state based on the initial seed data and generate self-equivalent affine transformations in real time;
[0098] S5. Random data is generated in real time through the self-equivalent affine transformation and combined with the white-box algorithm.
[0099] The first seed data is seed data containing device identity information sequence data; the second seed data is seed data after encoding and mapping processing of the first seed data.
[0100] The step of acquiring the reseeding signal and generating a seed containing a sequence of device identification information in real time based on the reseeding signal further includes the following steps:
[0101] S11. Based on the seed data and combined with the device identification information, process the seed data and the device identification information in real time.
[0102] Before acquiring the reseeding signal and generating a seed containing a device identification information sequence in real time based on the reseeding signal, the method further includes the following steps:
[0103] S01. Generate a reseeding signal within a specific time period and transmit the reseeding signal in real time.
[0104] The inverse encoding process, which generates initial seed data and device identity sequence data respectively, further includes:
[0105] S31. Generate and obtain the data string of the second seed data;
[0106] S32. Based on the device identity information in the data string, compare it with the identity information whitelist in real time;
[0107] S33. Real-time determination of whether seed data has been tampered with.
[0108] The step of initializing the internal state in real time based on the initial seed data and generating a self-equivalent affine transformation further includes:
[0109] S41. Obtain initial seed data, and update the internal state in real time based on the initial seed data and the national cryptographic block cipher SM4.
[0110] The method of generating random data in real time through the generated self-equivalent affine transformation and combined with a white-box algorithm also includes:
[0111] S51. Continuously update the internal state and generate multiple sets of self-equivalent affine transformations;
[0112] S52. Store the multiple sets of self-equivalent affine transformations, and transmit the multiple sets of self-equivalent affine transformations in real time according to the request acquisition signal.
[0113] Specifically, in this embodiment of the invention, the present invention provides a software random number module and method based on white-box block cipher. There are two schemes, both of which include an entropy pool module, a random number application module and a server module. The difference is that in Scheme 1, the entropy pool and the random number application module are located in the Internet of Things (IoT) device, while in Scheme 2, only the random number application module is located in the IoT device, and the entropy pool is located in the server module.
[0114] Flowchart reference for Option 1 Figure 2 :
[0115] During the registration phase, the identity sequences of IoT devices deployed with the entropy pool module and random number application module are recorded. These identity sequences are then added to the server module's identity whitelist to complete the registration. (See process reference). Figure 4 .
[0116] During the operational phase, the random number application module has a built-in timer that sends a reseeding signal to the entropy pool module at fixed intervals. Upon receiving the signal, the entropy pool module generates a seed containing a sequence of device identity information. After external encoding and mapping, this seed is sent to the random number application module via inter-process communication, and then to the server module via the network. Upon receiving the data, the server module performs reverse mapping using the external encoding to obtain the seed and the device identity sequence, and then completes the identity authentication process (see process reference). Figure 5The internal state is initialized using Seed data [Seed data initialization is based on the internal state of the block cipher random number generator, i.e., initializing the key and counter value (V) required for the block cipher algorithm]. This internal state can be used to generate self-equivalent affine transformations [Self-equivalent affine transformations, also known as self-equivalent affine codes, are the generating objects], which are used by the white-box algorithm of the random number application module to output random numbers. During idle periods, the server module continuously updates its internal state and generates and stores multiple sets of self-equivalent affine transformations. The random number application module sends an update signal to the server module, which then sends the required internal state to the random number application module and outputs random numbers. The specific steps are as follows:
[0117] 1. Entropy Pool Module ( Figure 2 Steps 1-2):
[0118] Step 1: The entropy pool collects the entropy source outputs, and the random number application module sends a reseeding request to the entropy pool module through inter-process communication.
[0119] enter:
[0120] —Request: Reseeding request
[0121] Output:
[0122] --none
[0123] The process is as follows: RNG_Module → EntropyPool: Request;
[0124] Step 2: Upon receiving a reseeding request, the entropy pool outputs seed data, concatenates it with the device identification information DeviceID, and obtains the data Message after external encoding and mapping, which is then sent to the random number application module.
[0125] enter:
[0126] —Seed: seed;
[0127] —DeviceID: Device identity sequence;
[0128] —F: External mapping encoding (e.g., 256-bit to 256-bit mapping).
[0129] Output:
[0130] —Message: A data string that has been externally encoded and mapped.
[0131] The process is as follows:
[0132] 2. Random number application module ( Figure 2 Step 3):
[0133] Step 3: The random number application module sends the Message to the server via the network.
[0134] enter:
[0135] —Message: Data string sent by the entropy pool
[0136] Output:
[0137] --none
[0138] The process is as follows:
[0139] RNG_Module→Server:Message;
[0140] 3. Server module ( Figure 2 Steps 4-7):
[0141] Step 4: The Message is reverse-mapped through external encoding to obtain the data string Seed||DeviceID. The server performs a Check operation, comparing the DeviceID with the identity information whitelist. If the comparison is successful, the identity verification is passed, and it is proven that the seed has not been tampered with by the attacker; otherwise, the Message is discarded.
[0142] enter:
[0143] —Message: A data string sent by the random number application module;
[0144] —G: The inverse mapping of the external mapping encoding F (e.g., a 256-bit to 256-bit mapping).
[0145] Output:
[0146] ——Result: Test results
[0147] The process is as follows:
[0148] (a)
[0149] (b)Result=Check(DeviceID);
[0150] (c) Return(Result);
[0151] Step 5: Initialize the internal state, i.e., the initial values of V and Key required by the block cipher algorithm.
[0152] enter:
[0153] --none
[0154] Output:
[0155] —Initial internal state, i.e., V, initial value of Key.
[0156] The process is as follows:
[0157] (a)Key=0 keylen (a string of zero bits, where keylen represents the key length)
[0158] (b)V=0 blocklen (a zero-bit string of blocklen bits, where blocklen represents the block length);
[0159] (c) Return(key, V);
[0160] Step 6: Input the initial internal state and seed, and update the internal state using the SM4 block cipher [the internal state refers to the key and counter value V required by the block cipher algorithm based on the random number generated by the block cipher algorithm software]. Generate self-equivalent affine transformations M, C, and D [M, C, and D are all 32-bit mappings, replacing the linear operations and key XOR of the round function in the ordinary SM4 algorithm. The round function of the white-box SM4 algorithm consists of input data, M, C, and D affine transformations, S-box, and output data] and the externally encoded mapping. The original random number generator's internal state V is mapped to obtain data through external encoding. The updated internal state Key [Key Key participates in the generation of self-equivalent affine transformations M, C, D] is injected into the update module, and step 6 continues to be executed, continuously generating multiple sets of M, C, D, and... Stored until the seed is reseeded, at which point the previously stored affine transformations and...
[0161] enter:
[0162] —Key: The current value of the key
[0163] —V: The current value of V
[0164] —Seed: The seed bit string, with a length of seedlen
[0165] Output:
[0166] ——{M, C, D}: Affine transformations M, C, D
[0167] —— V mapped by external encoding P
[0168] The process is as follows:
[0169] (a) temp = Null;
[0170] (b)While(len(temp) <seedlen)do:
[0171] iV = (V+1) mod 2blocklen;
[0172] ii.output_block=SM4(Key, V);
[0173] iii.temp=temp||ouput_block;
[0174] (c)temp=leftmost(temp,seedlen);
[0175] (d)
[0176] (e)Key=leftmost(temp,keylen);
[0177] (f)V=rightmost(temp,blocklen);
[0178] (g) M, C, D ← SE_Encode(Key); (Operation to generate self-equivalent affine transformation)
[0179] (h)
[0180] (i)Return
[0181] Step 7: The random number application module sends an Update request to the server module. The server module sends the equivalent affine transformations M, C, and D from storage space, along with the externally encoded mapping... During this period, the application module can receive multiple sets of M, C, D and It is stored in the memory space allocated by the device until the memory space is full and then reception stops.
[0182] enter:
[0183] —Update: Update request
[0184] Output:
[0185] ——{M, C, D}: Affine transformations M, C, D
[0186] —— Mapped by external encoding P
[0187] The process is as follows:
[0188] (a)RNG_Module→Server:Update
[0189] (b)Server→RNG_Module:
[0190] 4. Random number application module ( Figure 2 Steps 8-9):
[0191] Step 8: The application module uses self-equivalent affine transformations M, C, D, and The white-box algorithm WBSM4, implemented based on a self-equivalence architecture, outputs random data of the required bit length. The device's identity sequence is incorporated into the output to achieve a binding effect, resisting code extraction attacks. After output, affine transformations M, C, and D are removed. And request an update.
[0192] enter:
[0193] ——{M, C, D}: Affine transformations M, C, D
[0194] —— V with external encoding P
[0195] —DeviceID: Device Identity Sequence
[0196] Output:
[0197] —returned_bits: The output random numbers
[0198] The process is as follows:
[0199] (a) temp = Null;
[0200] (b)While(len(temp) <requested_number_of_bits)do:
[0201] i.
[0202] ii.
[0203] iii.temp=temp||output_block;
[0204] (c) returned_bits=leftmost(output_block, requested_number_of_bits);
[0205] (d)Delete
[0206] (e)Return(returned_bits);
[0207] Step 9: The output module requests an update to its internal state. The update module first checks whether the new self-equivalent affine transformation is cached in its local memory space. If a cache exists, it is used by the output module; otherwise, an update request is sent to the server module over the network, and step 7 is executed.
[0208] Flowchart reference for Option 2 Figure 3 :
[0209] During the registration phase, the identity sequences of IoT devices deploying the random number application module are recorded, and then these identity sequences are added to the server module's identity whitelist to complete the registration. (See the process description below.) Figure 4 .
[0210] During the working phase, the entropy pool module has a built-in timer that generates a seed at fixed intervals and sends it to the update module via inter-process communication. The update module initializes its internal state with the seed, which is used to generate self-equivalent affine transformations for the white-box algorithm outputting random numbers in the random number application module. During idle periods, the update module continuously updates its internal state and generates multiple sets of self-equivalent affine transformations, storing them for later use by the random number application module. The random number application module sends a device identity sequence to the server module for authentication (see process reference). Figure 5 After successful verification, the server module sends the required value to the random number application module, which then outputs a random number. The details of each step are similar to those in Solution 1, and will not be elaborated here.
[0211] Applicable Scenarios: Scheme 1 assumes the IoT device exists in a trusted environment to support the entropy pool module. This scheme maximizes the use of the device's existing entropy source and entropy pool to generate the seed, eliminating the need to redesign and implement the entropy pool module. Scheme 2 assumes the IoT device lacks a trusted environment and requires the introduction of a server within that environment to complete the entropy pool module's functionality and update its internal state. This scheme offers higher security than Scheme 1, as the IoT device only retains a secure white-box algorithm random number application module. This means that even in a white-box environment, attackers cannot recover the seed and internal state from the IoT device's data.
[0212] In other words, the key point of this invention is to propose a design concept for a software random number generator in a white-box environment.
[0213] First, there's the binding between the seed and the device. With traditional software random number generators, attackers can tamper with the seed to reduce its entropy or steal the seed to generate the same random numbers on other devices. In this invention, the seed carries a unique device identification sequence and is externally encoded and mapped. Attackers cannot derive the original seed data from the mapped data. To reduce entropy, attackers might tamper with or even set the mapped data to 0. In this case, the device identification sequence will be scrambled, preventing the authentication process from passing, and the tampered data will be discarded.
[0214] Secondly, the white-box algorithm is device-dependent. Traditional white-box algorithms are vulnerable to code extraction attacks. If a white-box algorithm is copied to other devices, an attacker can intercept data sent by the server module and generate the same random numbers on other devices. The white-box algorithm of this invention introduces a unique device identity sequence, which participates in the entire random number generator execution process. Attackers cannot copy the unique device identity sequence, and even if the white-box algorithm is copied, attackers cannot generate the same random numbers.
[0215] Furthermore, the invention addresses the forward and backward security of software random number generators. Traditional software random number generators are prone to security issues such as internal state leakage, especially those based on block ciphers, where internal state leakage can cause forward and backward security problems. This invention proposes a software random number module and method based on white-box block ciphers, which not only solves the side-channel leakage problem in gray-box environments but also prevents attackers from reading the internal state in white-box environments. Its self-equivalent architecture white-box algorithm operation does not involve encoded key-related lookup table operations, and it integrates nonlinear and redundant coding side-channel protection. Therefore, algebraic attacks such as BGE, as well as differential computation analysis and differential fault analysis, cannot be implemented, thus protecting the forward and backward security of the software random number generator.
[0216] To achieve the above objectives, the present invention also provides a random data generation system based on a white-box algorithm, such as... Figure 7 As shown, the system specifically includes:
[0217] A generation unit is used to acquire a reseeding signal and generate first seed data in real time based on the reseeding signal.
[0218] The encoding mapping processing unit is used to encode and map the first seed data, generate the second seed data, and transmit the second seed data in real time.
[0219] The encoding inverse mapping processing unit is used to encode and inverse map the second seed data to generate initial seed data and device identity sequence data respectively.
[0220] The first generation unit is used to initialize the internal state based on the initial seed data and generate self-equivalent affine transformations in real time.
[0221] The second generation unit is used to generate random data in real time through the generated self-equivalent affine transformation and in combination with a white-box algorithm.
[0222] The first seed data is seed data containing device identity information sequence data; the second seed data is seed data after encoding and mapping processing of the first seed data;
[0223] The acquisition and generation unit further includes:
[0224] The splicing processing module is used to splice and process seed data and device identification information in real time based on seed data and combined with device identification information.
[0225] And / or, the system further includes:
[0226] The third generation unit is used to generate a reseeding signal within a specific time period and transmit the reseeding signal in real time.
[0227] And / or, the encoding inverse mapping processing unit further includes:
[0228] The first generation module is used to generate and obtain the data string of the second seed data;
[0229] The comparison module is used to compare the device identity information in the data string with the identity information whitelist in real time.
[0230] The determination module is used to determine in real time whether the seed data has been tampered with;
[0231] And / or, the first generating unit further includes:
[0232] The status update module is used to obtain initial seed data and update the internal status in real time based on the initial seed data and the national cryptographic block cipher SM4.
[0233] And / or, the second generating unit further includes:
[0234] The second generation module is used to continuously update the internal state and generate multiple sets of self-equivalent affine transformations;
[0235] The storage and transmission module is used to store the multiple sets of self-equivalent affine transformations and transmit the multiple sets of self-equivalent affine transformations in real time according to the request acquisition signal.
[0236] In the system solution embodiment of the present invention, the specific details of the method steps involved in the random data generation based on the white-box algorithm have been described above and will not be repeated here.
[0237] To achieve the above objectives, the present invention also provides a random data generation platform based on a white-box algorithm, such as... Figure 8As shown, it includes a processor, memory, and a control program for a random data generation platform based on a white-box algorithm;
[0238] Specifically, the processor executes the white-box algorithm-based random data generation platform control program, which is stored in the memory. This white-box algorithm-based random data generation platform control program implements the steps of the white-box algorithm-based random data generation method, for example:
[0239] S1. Obtain the reseeding signal and generate first seed data in real time based on the reseeding signal;
[0240] S2. The first seed data is encoded and mapped to generate the second seed data, and the second seed data is transmitted in real time.
[0241] S3. The second seed data is processed by encoding inverse mapping to generate initial seed data and device identity sequence data respectively;
[0242] S4. Initialize the internal state based on the initial seed data and generate self-equivalent affine transformations in real time;
[0243] S5. Random data is generated in real time through the self-equivalent affine transformation and combined with the white-box algorithm.
[0244] The specific details of the steps have been explained above and will not be repeated here.
[0245] In this embodiment of the invention, the built-in processor of the random data generation platform based on the white-box algorithm can be composed of integrated circuits. For example, it can be composed of a single packaged integrated circuit, or multiple integrated circuits packaged with the same or different functions. This includes combinations of one or more central processing units (CPUs), microprocessors, digital processing chips, graphics processors, and various control chips. The processor connects to various components using various interfaces and lines, and executes programs or units stored in memory, as well as calling data stored in memory, to perform various functions of random data generation based on the white-box algorithm and process data.
[0246] The memory is used to store program code and various data. It is installed in a random data generation platform based on a white-box algorithm and enables high-speed and automatic access to programs or data during operation.
[0247] The memory includes read-only memory (ROM), random access memory (RAM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), one-time programmable read-only memory (OTPROM), electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, disk storage, magnetic tape storage, or any other computer-readable medium capable of carrying or storing data.
[0248] To achieve the above objectives, the present invention also provides a computer-readable storage medium, such as... Figure 9 As shown, the computer-readable storage medium stores a control program for a random data generation platform based on a white-box algorithm. This control program implements the steps of the random data generation method based on the white-box algorithm, for example:
[0249] S1. Obtain the reseeding signal and generate first seed data in real time based on the reseeding signal;
[0250] S2. The first seed data is encoded and mapped to generate the second seed data, and the second seed data is transmitted in real time.
[0251] S3. The second seed data is processed by encoding inverse mapping to generate initial seed data and device identity sequence data respectively;
[0252] S4. Initialize the internal state based on the initial seed data and generate self-equivalent affine transformations in real time;
[0253] S5. Random data is generated in real time through the self-equivalent affine transformation and combined with the white-box algorithm.
[0254] The specific details of the steps have been explained above and will not be repeated here.
[0255] In the description of embodiments of the present invention, it should be noted that any process or method description in the flowcharts or otherwise described herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing a particular logical function or process, and the scope of the preferred embodiments of the present invention includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order according to the functions involved, as should be understood by those skilled in the art to which the embodiments of the present invention pertain.
[0256] The logic and / or steps represented in the flowchart or otherwise described herein, for example, can be considered as a sequenced list of executable instructions for implementing logical functions, and can be embodied in any computer-readable medium for use by, or in conjunction with, an instruction execution system, apparatus, or device (such as a computer-based system, a system including a processing module, or other system that can fetch and execute instructions from, an instruction execution system, apparatus, or device). For the purposes of this specification, a “computer-readable medium” can be any means that can contain, store, communicate, propagate, or transmit programs for use by, or in conjunction with, an instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of computer-readable media include: an electrical connection having one or more wires (electronic device), a portable computer disk drive (magnetic device), random access memory (RAM), read-only memory (ROM), erasable and editable read-only memory (EPROM or flash memory), fiber optic devices, and portable optical disc read-only memory (CDROM).
[0257] Furthermore, the computer-readable medium can even be paper or other suitable media on which the program can be printed, since the program can be obtained electronically, for example, by optically scanning the paper or other medium, followed by editing, interpreting, or otherwise processing as necessary, and then stored in a computer memory.
[0258] In this embodiment of the invention, to achieve the above objective, the present invention also provides a chip system, the chip system including at least one processor, wherein when program instructions are executed in the at least one processor, the chip system performs the steps of the random data generation method based on the white-box algorithm, for example:
[0259] S1. Obtain the reseeding signal and generate first seed data in real time based on the reseeding signal;
[0260] S2. The first seed data is encoded and mapped to generate the second seed data, and the second seed data is transmitted in real time.
[0261] S3. The second seed data is processed by encoding inverse mapping to generate initial seed data and device identity sequence data respectively;
[0262] S4. Initialize the internal state based on the initial seed data and generate self-equivalent affine transformations in real time;
[0263] S5. Random data is generated in real time through the self-equivalent affine transformation and combined with the white-box algorithm.
[0264] The specific details of the steps have been explained above and will not be repeated here.
[0265] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application. Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.
[0266] This invention obtains a reseeding signal through a method, generates first seed data in real time based on the reseeding signal, processes the first seed data through encoding and mapping to generate second seed data, and transmits the second seed data in real time, processes the second seed data through encoding and inverse mapping to generate initial seed data and device identity sequence data respectively, initializes the internal state based on the initial seed data, and generates a self-equivalent affine transformation in real time, generates random data in real time through the generated self-equivalent affine transformation, combined with a white-box algorithm, and provides a corresponding system and platform to ensure the forward and backward security of the software random number generator and the security of the seed.
[0267] In other words, attackers cannot copy the device's unique identity sequence. Even if the white-box algorithm is copied, attackers cannot generate the same random numbers. Moreover, it not only solves the side-channel leakage problem in gray-box environments but also prevents attackers from reading the internal state in white-box environments. The white-box algorithm operation of the self-equivalent architecture does not involve encoded key-related lookup table operations, and it integrates non-linear, redundant coding for side-channel protection. Therefore, algebraic attacks such as BGE, as well as differential computation analysis and differential fault analysis, cannot be implemented, protecting the forward and backward security of the software random number generator.
[0268] In other words, a design concept and implementation scheme for a software random number generator in a white-box environment are proposed. The white-box SM4 national cryptographic algorithm based on a self-equivalence architecture is used. The white-box block cipher implemented based on the self-equivalence architecture has the advantages of lower storage overhead and faster encryption speed compared to other white-box block ciphers. Specific performance comparisons are shown in Table 1, and test equipment is shown in Table 2.
[0269] Table 1: Performance Comparison of White-Box SM4 Algorithm
[0270] plan Executable program storage space (KB) Memory usage (MB) Output rate (Mbps) Xiao-Lai [1] 233.039 2.512 19.750 Bai-wu[2] 33385.472 34.887 153.968 Yao-Chen[3] 379.258 2.652 19.670 Self-equivalent architecture white-box SM4 116.882 2.398 19.928
[0271] [1] Xiao Yaying, Lai Xuejia. White-box cryptography and white-box implementation of SMS4 algorithm [J]. Proceedings of the 2009 Annual Meeting of the Chinese Association for Cryptologic Research, Guangzhou, 2009: 24-34.
[0272] [2]Bai K, Wu CA secure white-box SM4 implementation[J]. Security and Communication Networks, 2016, 9(10):996-1006.
[0273] [3] Yao Si, Chen Jie. A novel white-box implementation of the SM4 algorithm [J]. Journal of Cryptology, 2020, 7(3):358-374.
[0274] Table 2: Performance Testing Equipment Environment
[0275]
[0276] The embodiments described above are merely illustrative of several implementations of the present invention, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of the present invention. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of the present invention, and these modifications and improvements all fall within the scope of protection of the present invention. Therefore, the scope of protection of this patent should be determined by the appended claims.
Claims
1. A method for generating random data based on a white-box algorithm, characterized in that, The method includes the following steps: Acquire a reseeding signal and generate first seed data in real time based on the reseeding signal; The encoding and mapping process is used to process the first seed data, generate the second seed data, and transmit the second seed data in real time. The second seed data is processed by encoding inverse mapping to generate initial seed data and device identity sequence data, respectively. The internal state is initialized based on the initial seed data, and the internal state parameters, which are self-equivalent affine transformations and mapped by external encoding, are generated in real time. ; Through the self-equivalent affine transformation and In addition, random data is generated in real time by combining white-box algorithms and the device identity sequence data.
2. The random data generation method based on a white-box algorithm according to claim 1, characterized in that, The first seed data is seed data containing device identity information sequence data; The second seed data is the seed data after the encoding mapping process of the first seed data.
3. The random data generation method based on a white-box algorithm according to claim 2, characterized in that, The step of acquiring the reseeding signal and generating a seed containing a sequence of device identification information in real time based on the reseeding signal further includes the following steps: Based on the seed data and combined with device identification information, the seed data and device identification information are spliced and processed in real time.
4. A random data generation method based on a white-box algorithm according to claim 1 or 3, characterized in that, Before acquiring the reseeding signal and generating a seed containing a device identification information sequence in real time based on the reseeding signal, the method further includes the following steps: A reseeding signal is generated within each preset fixed time period, and the reseeding signal is transmitted in real time.
5. The random data generation method based on a white-box algorithm according to claim 1, characterized in that, The inverse encoding process, which generates initial seed data and device identity sequence data respectively, further includes: Generate and obtain the data string of the second seed data; Based on the device identity information in the data string, compare it with the identity information whitelist in real time; It can determine in real time whether seed data has been tampered with.
6. The random data generation method based on a white-box algorithm according to claim 1, characterized in that, The step of initializing the internal state in real time based on the initial seed data and generating a self-equivalent affine transformation further includes: Obtain initial seed data, and based on the initial seed data, update the internal state in real time using the SM4 national cryptographic block cipher.
7. The random data generation method based on a white-box algorithm according to claim 1, characterized in that, The method of generating random data in real time through the generated self-equivalent affine transformation and combined with a white-box algorithm also includes: It continuously updates its internal state and generates multiple sets of self-equivalent affine transformations; The system stores the multiple sets of self-equivalent affine transformations and transmits them in real time according to the request acquisition signal.
8. A random data generation system based on a white-box algorithm, characterized in that, The system includes: A generation unit is used to acquire a reseeding signal and generate first seed data in real time based on the reseeding signal. The encoding mapping processing unit is used to encode and map the first seed data, generate the second seed data, and transmit the second seed data in real time. The encoding inverse mapping processing unit is used to encode and inverse map the second seed data to generate initial seed data and device identity sequence data respectively. The first generation unit is used to initialize the internal state based on the initial seed data and generate the internal state parameters, which are self-equivalent affine transformations and externally encoded mappings, in real time. ; The second generation unit, through the self-equivalent affine transformation and... In addition, random data is generated in real time by combining white-box algorithms and the device identity sequence data.
9. A random data generation system based on a white-box algorithm according to claim 8, characterized in that, The first seed data is seed data containing device identity information sequence data; The second seed data is the seed data after the encoding mapping process of the first seed data; The acquisition and generation unit further includes: The splicing processing module is used to splice and process seed data and device identification information in real time based on seed data and combined with device identification information. And / or, the system further includes: The third generation unit is used to generate a reseeding signal within each preset fixed time period and transmit the reseeding signal in real time. And / or, the encoding inverse mapping processing unit further includes: The first generation module is used to generate and obtain the data string of the second seed data; The comparison module is used to compare the device identity information in the data string with the identity information whitelist in real time. The determination module is used to determine in real time whether the seed data has been tampered with; And / or, the first generating unit further includes: The status update module is used to obtain initial seed data and update the internal status in real time based on the initial seed data and the national cryptographic block cipher SM4. And / or, the second generating unit further includes: The second generation module is used to continuously update the internal state and generate multiple sets of self-equivalent affine transformations; The storage and transmission module is used to store the multiple sets of self-equivalent affine transformations and transmit the multiple sets of self-equivalent affine transformations in real time according to the request acquisition signal.
10. A random data generation platform based on a white-box algorithm, characterized in that, This includes the processor, memory, and a control program for a random data generation platform based on a white-box algorithm; Wherein, the processor executes the random data generation platform control program based on the white-box algorithm, the random data generation platform control program based on the white-box algorithm is stored in the memory, and the random data generation platform control program based on the white-box algorithm implements the random data generation method based on the white-box algorithm as described in any one of claims 1 to 7.