A data processing method, apparatus, system, and storage medium for a block white-box cryptographic algorithm.
By introducing a double verification mechanism into the block white-box cryptography algorithm, sensitive data is detected in real time and erased at intermediate verification points, thus solving the problem of excessively long exposure windows for sensitive data and improving the security of sensitive data.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- 北京银联金卡科技有限公司
- Filing Date
- 2025-11-25
- Publication Date
- 2026-06-30
AI Technical Summary
In existing technologies, block white-box cryptography algorithms erase sensitive data only after the entire verification process is completed, resulting in a long window for sensitive data exposure and increasing the risk of sensitive data leakage.
In the block white-box cryptography algorithm, a double check protection mechanism is adopted to perform real-time detection and comparison of the first and second operation paths at any common intermediate check point. If the results are inconsistent, sensitive data is immediately erased and the operation is stopped.
By detecting and erasing sensitive data early, the exposure window for sensitive data is significantly shortened, reducing the risk of sensitive data leakage.
Smart Images

Figure CN121333540B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of information security technology, and in particular to a data processing method, apparatus, system and storage medium for a block white-box cryptographic algorithm. Background Technology
[0002] In the field of white-box cryptography, to protect key security in white-box attack environments, the industry has developed various protection techniques to address threats such as Differential Computation Analysis (DCA, also known as side-channel attacks) and Fault Injection Attacks (FIA). Constructing a dual-verification protection framework with two computational paths (e.g., repeated computation or encryption-decryption verification) for the same core information has become an effective system-level protection strategy. This framework, through redundant computation and result comparison, can promptly detect computational errors caused by fault injection and trigger a security response when verification fails, thereby effectively preventing the output of erroneous ciphertext and thwarting Differential Fault Analysis (DFA) based on erroneous ciphertext. However, in the above protection framework, data erasure only occurs after the entire verification process is completed, resulting in a long exposure window for sensitive data and increasing the risk of sensitive data leakage. Summary of the Invention
[0003] This invention provides a data processing method, apparatus, system, and storage medium for a block white-box cryptographic algorithm, to at least solve the problem in related technologies where data erasure occurs only after the entire verification process is completed, leading to a high risk of sensitive data leakage. The technical solution of this invention is as follows:
[0004] According to a first aspect of the present invention, a data processing method for a block white-box cryptographic algorithm is provided. The method includes: during the double-check protection process of two corresponding real cryptographic operations in the block white-box cryptographic algorithm, real-time detection and comparison of the first node verification result and the second node verification result of the first operation path and the second operation path at any common intermediate verification point; the first operation path and the second operation path are respectively the operation paths of the two corresponding real cryptographic operations; when the first node verification result and the second node verification result are inconsistent, an erasure operation is performed on the sensitive data generated by the current operation, and at the same time, the next real operation operation is stopped; the sensitive data includes the intermediate state and / or output result of the first calculation path and the second calculation path.
[0005] In one implementation, the method further includes: determining that the computation paths of the first computation path and the second computation path are the same; dividing the first computation path and the second computation path into multiple consecutive sub-computation nodes of the same number and in the same position according to a preset granularity; forming a common intermediate verification point when each corresponding sub-computation node on the first computation path and the second computation path completes its computation; wherein, the preset granularity includes dividing the granularity by computation round, computation operation, or instruction set; the distribution density of the multiple common intermediate verification points is negatively correlated with the size of the preset granularity.
[0006] Based on the information security index, system operation security index, and / or system performance requirements, set preset granularity to adapt to information security needs.
[0007] In this implementation, common intermediate verification points are set according to a preset granularity for isomorphic operations to adapt to the personalized needs of information security and system performance.
[0008] In another implementation, before forming a common intermediate verification point after each sub-operation node has completed its operation, the method further includes:
[0009] Following the execution order of multiple consecutive sub-operation nodes, the sub-operation nodes at the same position on the first operation path and the second operation path are executed sequentially and alternately.
[0010] In another implementation, the method further includes: when each sub-operation node on the first operation path and the second operation path completes its operation, performing an XOR operation on the intermediate state generated by each sub-operation node on the first operation path and the second operation path with a first preset number of first mask factors to obtain the first node verification result and the second node verification result for output, so as to form a common intermediate verification point; performing real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first operation path and the second operation path, including: performing an XOR operation on the received first node verification result and the second node verification result with a first preset number of first mask factors, and comparing the first node verification result and the second node verification result after the XOR operation.
[0011] In this implementation, to avoid sensitive data being directly exposed in registers, stacks, and memory, sensitive data such as state data or result data of each intermediate state are masked using a masking factor.
[0012] In another implementation, the verification results of the first node and the second node after the XOR operation are compared, including: determining that the verification results of the first node and the second node after the XOR operation are the same, so as to determine that the first node verification result is consistent with the first node verification result; determining that the verification results of the first node and the second node after the XOR operation are different, so as to determine that the first node verification result is inconsistent with the first node verification result.
[0013] In another implementation, the method further includes: determining that the computation paths of the first computation path and the second computation path are different; wherein, the first computation path represents the encryption main computation path, and the second computation path represents the decryption verification computation path; the input node of the first computation path and the corresponding output node associated on the second computation path form a common intermediate verification point;
[0014] The real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first and second operation paths includes: firstly, executing the first operation path; when the output node of the first operation path generates the first output result, performing an XOR operation on the first output result and a second preset number of second mask factors to input it into the second operation path; determining the first input of the first output result as the first node verification result, the first input including performing an XOR operation with a third preset number of third mask factors; then executing the second operation path; during the decryption operation, performing an XOR operation on the received first output result after the XOR operation and a second preset number of second mask factors, then performing the decryption operation, and performing an XOR operation on the second output result after the decryption operation and a third preset number of third mask factors to obtain the second node verification result; and then comparing the second node verification result of each output node with the first input of the corresponding input node and a third preset number of third mask factors.
[0015] In some implementations, the first and second computation paths are consecutive.
[0016] In this implementation, the first operation path is executed first. When the first output result is generated by the first operation path, the first output result is XORed with a second preset number of second mask factors, and the first input of the first output result is XORed with a third preset number of third mask factors. The first input after the XOR operation and the first output result after the XOR operation are combined according to a preset bit order to obtain the first node verification result for output. Then, the second operation path is executed. The received first node verification result is parsed according to the preset bit order to obtain the first input after the XOR operation and the first output result after the XOR operation for output. During the decryption operation, the first output result after the XOR operation is XORed with a second preset number of second mask factors, and then the decryption operation is performed. The second output result after the decryption operation is XORed with a third preset number of third mask factors to obtain the second node verification result. The first input after the XOR operation and the second node verification result are XORed with a third preset number of third mask factors respectively, and then compared.
[0017] Specifically, if the first input and the second node verification result are the same after XORing with the third preset number of third mask factors, then the first node verification result is consistent with the first node verification result; if the first input and the second node verification result are not the same after XORing with the third preset number of third mask factors, then the first node verification result is inconsistent with the first node verification result.
[0018] In another implementation, the second node verification result of each output node and the first input of the corresponding input node are XORed with a third preset number of third mask factors, and then compared. This includes: determining that the first input and the second node verification result after XORing with the third preset number of third mask factors are the same, and determining that the first node verification result is consistent with the first node verification result; and determining that the first input and the second node verification result after XORing with the third preset number of third mask factors are not the same, and determining that the first node verification result is inconsistent with the first node verification result.
[0019] According to a second aspect of the present invention, a data processing apparatus for a block white-box cryptographic algorithm is provided. The apparatus includes: a verification unit, configured to perform real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first and second computation paths during the double verification protection process of two corresponding real cryptographic operations in the block white-box cryptographic algorithm; the first and second computation paths are respectively the computation paths of the two corresponding real cryptographic operations; and an erasure unit, configured to perform an erasure operation on sensitive data generated by the current operation when the first node verification result and the second node verification result are inconsistent, and simultaneously control the cessation of entering the next real computation operation; the sensitive data includes the intermediate states and / or output results of the first and second computation paths.
[0020] According to a third aspect of the present invention, a data processing system for a block white-box cryptographic algorithm is provided, the system being configured to perform a data processing method for a block white-box cryptographic algorithm as described in the first aspect and any possible implementation thereof.
[0021] According to a fourth aspect of the present invention, an electronic device is provided, comprising: a processor and a memory for storing processor-executable instructions; wherein the processor is configured to execute the executable instructions to implement a data processing method of a block white-box cryptographic algorithm as described in the first aspect and any possible implementation thereof.
[0022] According to a fifth aspect of the present invention, a computer-readable storage medium is provided, on which instructions are stored, such that when the instructions in the computer-readable storage medium are executed by a processor of an electronic device, the electronic device is enabled to perform a data processing method of a block white-box cryptographic algorithm as described in the first aspect and any possible implementation thereof.
[0023] According to a sixth aspect of the present invention, a computer program product is provided, the computer program product including computer instructions, which, when executed on an electronic device, cause the electronic device to perform the data processing method of the block white-box cryptographic algorithm described in the first aspect and any possible implementation thereof.
[0024] The technical solution provided by this invention brings at least the following beneficial effects: This application decomposes the one-time, final result verification into multiple, phased verifications performed at "any common intermediate verification point". Once a fault is injected at an early stage and affects the intermediate state of that stage, the relevant sensitive data can be immediately erased at the intermediate verification point at the end of the current intermediate state stage, without waiting for the entire calculation to complete. This advances the fault detection time from the "end point of the process" to the "first nearest verification point after the fault occurs", significantly shortening the sensitive data exposure window and thus greatly reducing the risk of sensitive data leakage.
[0025] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure. Attached Figure Description
[0026] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application, and do not constitute an undue limitation of this application.
[0027] Figure 1 This is a flowchart illustrating a data processing method for a block white-box cryptography algorithm according to an exemplary embodiment;
[0028] Figure 2 This is a block diagram illustrating a data processing apparatus for a block white-box cryptographic algorithm according to an exemplary embodiment;
[0029] Figure 3 This is a schematic diagram of an electronic device according to an exemplary embodiment. Detailed Implementation
[0030] To enable those skilled in the art to better understand the technical solutions of this application, the technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings.
[0031] It should be noted that the terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.
[0032] Before providing a detailed description of the data processing method for the block white-box cryptography algorithm provided in this application embodiment, let's first briefly introduce the application scenarios and implementation environment involved in this application embodiment.
[0033] First, a brief introduction to the application scenarios involved in this application will be given.
[0034] In fields such as financial payments and digital content protection, a key challenge is effectively hiding encryption keys in insecure execution environments to prevent attackers from extracting them. The white-box attack model assumes that attackers have complete observation and control over the execution process of cryptographic software. Under this model, traditional key protection mechanisms are ineffective, and key information is easily leaked. Therefore, special techniques must be used to deeply embed key information into the implementation structure of cryptographic algorithms to achieve key concealment. The core objective of white-box cryptography is to ensure key security in such white-box attack environments by obfuscating and hiding key information, preventing attackers from extracting it during program execution. Therefore, it is increasingly important and has received widespread attention in current information security systems.
[0035] However, current security mechanisms for white-box cryptographic algorithms have not fundamentally eliminated the risk of side-channel attacks such as differential computation analysis. Therefore, a practical strategy at this stage is to significantly increase the complexity of attack execution, making it difficult to implement in practice. In this context, coarse-grained external protection mechanisms—rather than relying solely on the intrinsic security of the algorithm itself—have become an important component of security protection for white-box cryptographic systems. However, the introduction of such protection techniques (such as hiding techniques and random delay techniques) inevitably incurs additional time overhead.
[0036] From a computational structure perspective, the execution flow of white-box cryptography typically involves multiple encryption and decryption operations (coarse-grained - 3), each encryption and decryption involves multiple rounds of iterative computation (medium-coarse-grained - 2), each round of computation consists of multiple basic operations (fine-grained - 1), and each operation is implemented by several low-level instructions. Each of these abstraction levels can become a point of implementation for protective measures, providing multi-layered entry points for building a defense-in-depth system.
[0037] Research has found that protection techniques against side-channel attacks include concealment techniques and random delays.
[0038] In concealment techniques, scrambling and pseudo-wheel operations are used: These involve rearranging the intermediate processes of a block cipher algorithm in a scrambled order, and adding a random number of pseudo-wheel operations to the block cipher algorithm. These operations can cause the curves to become misaligned.
[0039] In random delays, random delays are added to the computation of block white-box cryptography algorithms. This can be achieved through random operations, pseudo-round operations, etc. Both concealment techniques and random delay techniques incur additional time overhead, thus representing a design solution that sacrifices performance for security. Overall, a trade-off needs to be struck.
[0040] Research has found that protection techniques against fault injection attacks include concealment techniques, random delays, and reverse calculation verification.
[0041] The concealment technique employs a strategy combining operation reordering and pseudo-round insertion to reconstruct the intermediate computation process of the block white-box cryptographic algorithm. Specifically, by randomly rearranging the execution order of round functions or sub-operations and dynamically inserting a random number of pseudo-round operations (i.e., redundant rounds that do not participate in effective computation but structurally simulate real round functions) into the main computation flow, the true computation path is obfuscated. This method effectively disrupts the time alignment of energy trajectories, increasing the difficulty of implementing side-channel attacks such as trajectory alignment-based differential computation analysis (DCA).
[0042] To address random delays, a randomized time delay is introduced during the execution of block white-box cryptography algorithms, employing the timing characteristics of random operations and pseudo-wheel operations. This delay can be achieved by inserting random null operations (NOPs), invoking irrelevant instructions, or combining pseudo-wheels and out-of-order operations. This technique aims to break the deterministic timing relationship between operations and sensitive data during cryptographic computation, thereby enhancing resistance to attacks.
[0043] For reverse calculation verification, the cryptographic operations are repeatedly executed and the consistency of the results is verified to detect and defend against potential abnormal execution or injection attacks.
[0044] The specific implementation methods include the following two categories: (1) Double execution comparison: Repeat the same block white-box cryptographic algorithm twice. Only when the two outputs are completely consistent will a valid ciphertext be output; otherwise, placeholder data or error values unrelated to the actual calculation result will be returned. (2) Double encryption and decryption verification: First, the plaintext is encrypted, and then the corresponding decryption operation is performed on the obtained ciphertext to verify whether the finally recovered plaintext is consistent with the original input. If they are consistent, the execution process is considered reliable and the encryption result is output; otherwise, the output is rejected or invalid data is returned.
[0045] Therefore, data erasure is a crucial security measure in white-box cryptography implementations, stemming from the potential information leakage risk caused by the presence of sensitive data in memory. If sensitive data (primarily referring to the results of white-box cryptographic algorithms, whose intermediate values pose a lower risk) is not promptly erased or released from memory after injection, attackers may obtain it through search methods. Such leaked algorithm output data can be exploited by attack methods such as Differential Fault Analysis (DFA). By analyzing the differences between normal and erroneous outputs, the encryption key can be reverse-engineered, thus seriously threatening system security.
[0046] The main advantage of implementing data erasure is that it significantly reduces the residence time of sensitive data in memory. Immediately performing erasure upon detecting anomalies or erroneous execution effectively reduces the attack window. In particular, in mechanisms employing multiple attempts to erase the final output data, even if individual erasure operations are evaded by the attacker, the frequent and intensive erasure attempts significantly increase the difficulty for the attacker to maintain control of the execution flow, making it difficult for them to reliably capture valid fault states, thereby enhancing the system's resistance to attacks.
[0047] When performing data erasure, it is essential to ensure the complete removal of all relevant sensitive information, including intermediate variables and temporary buffer contents, to prevent any residual data from remaining in memory. This comprehensive erasure strategy is crucial for preventing information from being reconstructed through residual traces and is a vital step in ensuring key security in white-box environments.
[0048] To address the aforementioned issues, this application proposes a data processing method for block cipher algorithms. In a protection scheme employing a double-checking mechanism, if the computation result fails the consistency check, this abnormal result serves as a trigger condition, immediately initiating a sensitive data erasure operation, thereby preventing fault propagation and potential information leakage. This mechanism effectively limits the exposure time of sensitive data in memory, reducing the risk of malicious exploitation. The core objective of double-checking protection is to improve the system's fault tolerance and security. Even if a cryptographic operation is interfered with by a fault, the system can still perform a second independent operation for comparison: when the results of the two operations are inconsistent, the system refuses to output any valid ciphertext, thus blocking the leakage of erroneous information. This strategy significantly reduces the possibility of attackers recovering the key through Differential Fault Analysis (DFA).
[0049] For ease of understanding, the data processing method of the block white-box cryptography algorithm provided in this application will be described in detail below with reference to the accompanying drawings.
[0050] Figure 1This is a flowchart illustrating a data processing method for a block white-box cryptography algorithm according to an exemplary embodiment, such as... Figure 1 As shown, the data processing method for this block white-box cryptography algorithm is implemented through the following steps.
[0051] S11, in the process of performing double verification protection on the two real cryptographic operations associated in the block white-box cryptography algorithm, the verification results of the first node and the second node at any common intermediate verification point of the first and second operation paths are detected and compared in real time.
[0052] The first and second operation paths are the operation paths for the two real cryptographic operations corresponding to the association.
[0053] In some implementations, a first protection strategy built through double verification enhances the system's fault tolerance and security. Given that a particular operation is affected by a fault injection attack, the existence of a supplementary second operation allows the system to refuse to output an erroneous result when the two results are inconsistent. This effectively prevents key information from being leaked through erroneous ciphertext, significantly reducing the risk of differential fault analysis.
[0054] Suboperations can be either real cryptographic operations or pseudo-operations.
[0055] Based on this step, a second protection strategy was constructed using a hybrid protection mechanism of real and pseudo-operations. This mechanism introduces multiple computational loops, embedding only two real cryptographic operations (operations on the same path or operations on different paths) within an execution sequence containing N total operations, while the rest are pseudo-operations with similar structural and power consumption characteristics. All operations are uniformly distributed in time, and the positions of the real operations are randomly selected each time they are executed, following a uniform distribution.
[0056] Based on this second protection strategy, the uncertainty of the actual computation's position on the timeline makes it difficult for attackers to align the effective power consumption trajectory across multiple executions. This reduces the probability of observing the actual computation at any fixed time point to 2 / N (and to 1 / N for different path computations). This trajectory alignment misalignment significantly weakens the signal-to-noise ratio of statistical analysis, increasing the difficulty of side-channel attacks. Simultaneously, it can be seen that schemes using different path computations are superior to schemes using the same path computations in terms of protection against differential computation attacks.
[0057] Simultaneously, this mechanism enhances robustness against fault injection attacks (FIA). Attackers cannot predict the exact timing of the actual computation, making it difficult to precisely inject faults at critical computational stages to obtain valid error information. The randomly distributed timing of the actual computation forces attackers to attempt to inject faults at every stage of the computation, which not only significantly increases the number of attempts required for the attack but also raises the probability of being detected by the system's detection mechanisms.
[0058] This hybrid true / false operation mechanism effectively achieves dual protection against side-channel analysis and fault injection attacks by introducing spatiotemporal randomness and redundant computation, thereby enhancing the security of the cryptographic module.
[0059] As a verification method, it is determined that the operation paths of two real cryptographic operations are the same, and isomorphic verification is performed on the first operation result and the second operation result.
[0060] As another verification method, it is determined that the operation paths of the two real cryptographic operations are different, and heterogeneous verification is performed on the first operation result and the second operation result.
[0061] The isomorphic operation paths of the two real cryptographic operations are set in parallel.
[0062] The heterogeneous operation paths of the two real cryptographic operations are set sequentially.
[0063] The above two verification methods under the first protection strategy can be divided into the following two categories.
[0064] The first type of verification is based on two repeated operations along the same path. This mechanism can be further enhanced into a multi-step Intra-Operation Consistency Check, which compares each execution stage within the white-box cryptographic algorithm to achieve comprehensive detection of the integrity and logical correctness of the algorithm's execution flow, thus achieving full-process and multi-stage coverage.
[0065] In this verification method, consistency verification is performed internally on the two calculations.
[0066] The second type of verification is based on two independent computational operations—Final Output Validation. This mechanism employs heterogeneous computational paths; for example, the first computation might be an encryption operation, and the second might be a corresponding decryption operation. A verification module, isolated from the main computational path or using a different implementation, recalculates or verifies the correctness of the final result. This not only enhances the ability to detect faults but also increases the difficulty for attackers to simultaneously compromise both independent paths, thereby further improving overall security.
[0067] Furthermore, the above isomorphic verification is implemented through the following steps.
[0068] First, identify the first operation nodes of the second preset number in the first target sub-operation that produces the first operation result, and the second operation nodes of the second target sub-operation that produces the second operation result.
[0069] Secondly, the consistency of the algorithm execution flow of the second preset number of first computing nodes and the second preset number of second computing nodes is verified to obtain the first verification result.
[0070] Third, determine the first comparison result between the first operation result and the second operation result.
[0071] Fourth, based on the first comparison result and the first verification result, determine the target verification result that indicates whether the execution flow corresponding to the two real cryptographic operations is abnormal.
[0072] Furthermore, the two actual cryptographic operations are encryption and decryption, and the above heterogeneous verification is implemented in the following two ways.
[0073] In the first implementation, the first operation result is determined to be the encryption operation result. The first input of the first operation result is compared with the second operation result to obtain the second comparison result. Based on the second comparison result, the target verification result indicating whether the execution process corresponding to the two real cryptographic operations is abnormal is determined.
[0074] In the second implementation, the second operation result is determined to be the encryption operation result. The second input of the second operation result is compared with the first operation result to obtain a third comparison result. Based on the third comparison result, a target verification result is determined to indicate whether the execution process corresponding to the two real cryptographic operations is abnormal.
[0075] S12, when the verification results of the first node and the second node are inconsistent, perform an erasure operation on the sensitive data generated by the current operation.
[0076] Sensitive data includes the intermediate states and / or output results of the first and second computation paths.
[0077] S13, at the same time, control stops the process from proceeding to the next actual calculation operation.
[0078] The above implementation methods are applicable to the "same-path hybrid cross-operation and fine-grained state check scheme" based on repeated operation verification along the same path, as well as the "verification operation proximity scheme" and "high-order multi-factor lightweight masking scheme" applicable to the final output verification of independent path operations. These schemes, by enhancing state monitoring, optimizing the computational structure, and introducing lightweight security coding, effectively shorten or even eliminate the residence time of sensitive data in memory, registers, and other media during the execution of white-box cryptographic algorithms, thereby significantly improving the system's defense capabilities against dynamic attacks such as fault injection.
[0079] Through the above implementation method, the one-time, final result verification is decomposed into multiple, phased verifications performed at any common intermediate verification point. Once a fault is injected at an early stage and affects the intermediate state of that stage, the relevant sensitive data can be immediately erased at the intermediate verification point at the end of the current intermediate state stage, without waiting for the entire calculation to complete. This advances the fault detection time from the "end point of the process" to the "first nearest verification point after the fault occurs," significantly shortening the sensitive data exposure window and thus greatly reducing the risk of sensitive data leakage.
[0080] As a refinement and extension of the specific implementation of the above embodiments, in order to fully explain the specific implementation process of this embodiment, this application provides another data processing method for a block white-box cryptographic algorithm.
[0081] For scenarios involving two repeated calculations based on the same path, the following first protection method is adopted for protection.
[0082] The scheme employs a hybrid cross-computation and fine-grained state checking mechanism along the same path. It uses two identical white-box cryptographic computation paths, executed in parallel with cross-step execution, and immediately performs an intermediate state consistency comparison after each corresponding computation stage. Once any deviation is detected, the system immediately triggers a data erasure process.
[0083] Practical security measures typically segment the execution flow of cryptographic algorithms, executing a computational segment of path 1 sequentially, followed by the corresponding segment of path 2, and finally performing consistency checks on the intermediate results. The finer the granularity of the process segmentation, the denser the distribution of verification points, thus enabling finer-grained state monitoring. However, finer segmentation also leads to an increased frequency of control transfer and verification operations, resulting in higher time overhead.
[0084] The corresponding data erasure scheme 1 has significant advantages: anomalies caused by faults can be identified in a very short time, and the exposure window for sensitive data is compressed to the shortest possible time. However, its main limitation is that it requires the deployment of two white-box implementations, which doubles the storage space overhead.
[0085] For scenarios involving two-stage verification operations based on independent paths, the following second protection method is adopted.
[0086] The verification operation proximity deployment scheme deploys the main operation (such as encryption) and its verification operation (such as decryption) as close as possible in the code execution flow to achieve fast verification and response. Although this design helps to speed up error detection and data erasure, its tight coupling of encryption and decryption logic may provide attackers with clear target location, increasing the probability of successful double fault injection attacks. Therefore, it has potential overall security flaws and is not recommended as the optimal strategy.
[0087] A third protection method can also be used for protection.
[0088] A lightweight masking scheme for high-order multi-factor implementation. This scheme focuses on masking the most risky outputs in block cipher algorithms, rather than fully masking all intermediate states, thus achieving a balance between security and implementation complexity. Specifically, only the final output is masked, while other intermediate values are left unprocessed. This is based on the security assumption that, given the unknown round keys, even if an attacker obtains some intermediate states, it will be difficult to construct the valid inputs required for a valid Differential Fault Analysis (DFA) attack.
[0089] Furthermore, considering the existence of joint register / stack / memory search attacks, attackers can obtain a large number of variable values but cannot discern their semantics. If the system masks some key values, attackers must include the masked variables in the combined calculations when exhaustively trying to recover the true values, causing the number of parameter combinations required for cracking to increase exponentially, significantly increasing the attack cost.
[0090] In one implementation, before performing the above steps, the verification points can also be divided in the following manner.
[0091] First, it is determined that the computation paths of the first computation path and the second computation path are the same. According to the preset granularity, the same number of consecutive sub-computation nodes are divided on the first computation path and the second computation path.
[0092] Secondly, when each sub-operation node on the first and second operation paths completes its operation, a common intermediate verification point is formed.
[0093] The above-mentioned granularity includes granularity based on the number of operation rounds, operation operations, or instruction sets.
[0094] The distribution density of the multiple common intermediate verification points formed above is negatively correlated with the size of the preset granularity.
[0095] In some embodiments, a preset granularity is set according to the information security index, the system operation security index, and / or system performance requirements to adapt to information security requirements.
[0096] In this implementation, common intermediate verification points are set according to a preset granularity for isomorphic operations to adapt to the personalized needs of information security and system performance.
[0097] In another implementation, before forming a common intermediate verification point after each sub-operation node has completed its operation, the method further includes:
[0098] Following the execution order of multiple consecutive sub-operation nodes, the sub-operation nodes at the same position on the first operation path and the second operation path are executed sequentially and alternately.
[0099] In another embodiment, the method further includes: when each sub-operation node on the first operation path and the second operation path completes its operation, performing an XOR operation on the intermediate state generated by each sub-operation node on the first operation path and the second operation path with a first preset number of first mask factors to obtain a first node verification result and a second node verification result for output, so as to form a common intermediate verification point; performing real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first operation path and the second operation path, including: performing an XOR operation on the received first node verification result and the second node verification result with a first preset number of first mask factors, and comparing the first node verification result and the second node verification result after the XOR operation.
[0100] The XOR operation (also known as the masking operation) has the property of associativity. In other words, (a⊕b)⊕c = a⊕(b⊕c).
[0101] For encryption operations, a masking operation is performed at the end of the calculation to prevent the ciphertext from appearing directly in the calculation.
[0102] In this implementation, to avoid sensitive data being directly exposed in registers, stacks, and memory, sensitive data such as state data or result data of each intermediate state are masked using a masking factor.
[0103] In another implementation, the first node verification result and the second node verification result after the XOR operation are compared, including: determining that the first node verification result and the second node verification result after the XOR operation are the same, so as to determine that the first node verification result is consistent with the first node verification result; determining that the first node verification result and the second node verification result after the XOR operation are different, so as to determine that the first node verification result is inconsistent with the first node verification result.
[0104] In another embodiment, the method further includes: determining that the computation paths of the first computation path and the second computation path are different; wherein, the first computation path represents the encryption main computation path, and the second computation path represents the decryption verification computation path; the input node of the first computation path and the corresponding output node associated on the second computation path form a common intermediate verification point.
[0105] The real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first and second operation paths includes: firstly, executing the first operation path; when the output node of the first operation path generates the first output result, performing an XOR operation on the first output result and a second preset number of second mask factors to input it into the second operation path; determining the first input of the first output result as the first node verification result, the first input including performing an XOR operation with a third preset number of third mask factors; then executing the second operation path; during the decryption operation, performing an XOR operation on the received first output result after the XOR operation and a second preset number of second mask factors, then performing the decryption operation, and performing an XOR operation on the second output result after the decryption operation and a third preset number of third mask factors to obtain the second node verification result; and then comparing the second node verification result of each output node with the first input of the corresponding input node and a third preset number of third mask factors.
[0106] In some implementations, the first computation path and the second computation path are continuous.
[0107] In this embodiment, the first operation path is executed first. When the first output result is generated by the first operation path, the first output result is XORed with a second preset number of second mask factors, and the first input of the first output result is XORed with a third preset number of third mask factors. The first input after the XOR operation and the first output result after the XOR operation are combined according to a preset bit order to obtain the first node verification result for output. Then, the second operation path is executed. The received first node verification result is parsed according to the preset bit order to obtain the first input after the XOR operation and the first output result after the XOR operation for output. During the decryption operation, the first output result after the XOR operation is XORed with a second preset number of second mask factors, and then the decryption operation is performed. The second output result after the decryption operation is XORed with a third preset number of third mask factors to obtain the second node verification result. The first input after the XOR operation and the second node verification result are XORed with a third preset number of third mask factors respectively, and then compared.
[0108] Specifically, if the first input and the second node verification result are the same after XORing with the third preset number of third mask factors, then the first node verification result is consistent with the first node verification result; if the first input and the second node verification result are not the same after XORing with the third preset number of third mask factors, then the first node verification result is inconsistent with the first node verification result.
[0109] In another implementation, the second node verification result of each output node and the first input of the corresponding input node are XORed with a third preset number of third mask factors, and then compared. This includes: determining that the first input and the second node verification result after XORing with the third preset number of third mask factors are the same, and determining that the first node verification result is consistent with the first node verification result; and determining that the first input and the second node verification result after XORing with the third preset number of third mask factors are not the same, and determining that the first node verification result is inconsistent with the first node verification result.
[0110] In one implementation, a lightweight masking operation is achieved in the AES algorithm scenario based on the above implementation method, which can be extended to other block cipher scenarios such as DES.
[0111] Specifically, before the final AddRoundKey operation, one or more sets of random mask factors (taking 3 factors as an example, which is a second-order mask) a1, a2, a3 are introduced into the state value to be output in order to avoid the real result appearing in the algorithm. The following operation is performed.
[0112] For example, state←state⊕w[40:43]⊕a1⊕a2⊕a3.
[0113] To enhance the obfuscation effect, approximately 32 sets of random numbers can be pre-generated. Only 3 sets are selected for the actual mask, while the remaining redundant random numbers are kept in memory to confuse attackers. During subsequent reverse verification (such as decryption loopback), the same mask factor is used for restoration, and then all mask variables are immediately released. If the number of random arrays (32 sets) and the number of sets used for the actual mask (3 sets) are deemed insufficient, the number of sets can be increased until the security requirements are met.
[0114] This method is lightweight and effectively prevents the actual output value from being directly exposed in memory or registers. At the same time, it avoids algorithm logic errors caused by the introduction of masking. After implementation, the correctness of the AES algorithm function must be strictly verified to ensure that the masking mechanism does not affect the normal encryption and decryption process.
[0115] To achieve the above functions, the data processing apparatus for the block white-box cryptography algorithm includes hardware structures and / or software modules corresponding to the execution of each function. Those skilled in the art will readily recognize that, based on the algorithmic steps of the examples described in conjunction with the embodiments disclosed herein, this application can be implemented in hardware or a combination of hardware and computer software. Whether a function is executed in hardware or by computer software driving hardware depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
[0116] This disclosure also provides an embodiment such as Figure 2 The data processing device for the block white-box cryptography algorithm shown includes a verification unit 31 and an erasure unit 32.
[0117] The verification unit 31 is used to perform real-time detection and comparison of the first node verification result and the second node verification result of the first operation path and the second operation path at any common intermediate verification point during the double verification protection process of the two corresponding real cryptographic operations in the block white-box cryptography algorithm; the first operation path and the second operation path are the operation paths of the two corresponding real cryptographic operations.
[0118] The erasure unit 32 is used to perform an erasure operation on the sensitive data generated by the current operation when the verification results of the first node and the verification results of the second node are inconsistent. At the same time, it controls the stop to enter the next real operation. The sensitive data includes the intermediate state and / or output results of the first calculation path and the second calculation path.
[0119] In one embodiment, the verification unit 31 is further configured to: determine that the first operation path and the second operation path have the same computation path, and divide the first operation path and the second operation path into multiple consecutive sub-operation nodes of the same number and in the same position according to a preset granularity; when each sub-operation node corresponding to the first operation path and the second operation path completes its operation, a common intermediate verification point is formed; wherein, the preset granularity includes the division granularity based on the number of operation rounds, operation operations, or instruction sets; the distribution density of the multiple common intermediate verification points formed is negatively correlated with the size of the preset granularity.
[0120] In another implementation, before a common intermediate verification point is formed after each sub-operation node has completed its operation, the verification unit 31 is also used to: sequentially and intermittently execute each sub-operation node at the same position on the first operation path and the second operation path according to the execution order of multiple consecutive sub-operation nodes.
[0121] In another implementation, the verification unit 31 is further configured to: when each sub-operation node on the first operation path and the second operation path completes its operation, perform an XOR operation on the intermediate state generated by the operation of each sub-operation node on the first operation path and the second operation path with a first preset number of first mask factors to obtain the first node verification result and the second node verification result for output, so as to form a common intermediate verification point; and perform real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first operation path and the second operation path, including: performing an XOR operation on the received first node verification result and the second node verification result with a first preset number of first mask factors, and comparing the first node verification result and the second node verification result after the XOR operation.
[0122] In another implementation, the verification unit 31 is further configured to: determine that the first node verification result after the XOR operation and the second node verification result after the XOR operation are the same, so as to determine that the first node verification result is consistent with the first node verification result; and determine that the first node verification result after the XOR operation and the second node verification result after the XOR operation are different, so as to determine that the first node verification result is inconsistent with the first node verification result.
[0123] In another implementation, the verification unit 31 is further configured to: determine that the computation paths of the first computation path and the second computation path are different; wherein, the first computation path represents the encryption main computation path, and the second computation path represents the decryption verification computation path; the input node of the first computation path and the corresponding output node associated on the second computation path form a common intermediate verification point; and perform real-time detection and comparison of the first node verification result and the second node verification result of the first computation path and the second computation path at any common intermediate verification point, including: first executing the first computation path, and when the output node of the first computation path generates the first output result, performing an XOR operation between the first output result and a second preset number of second mask factors. The first input of the first output result is input to the second operation path; the first input of the first output result is determined as the first node verification result, and the first input includes an XOR operation with a third preset number of third mask factors; then the second operation path is executed, and during the decryption operation, the first output result after the XOR operation is XORed with a second preset number of second mask factors, then the decryption operation is executed, and the second output result after the decryption operation is XORed with a third preset number of third mask factors to obtain the second node verification result; the second node verification result of each output node and the first input of the corresponding input node are XORed with a third preset number of third mask factors respectively, and then compared.
[0124] In some implementations, the first computation path and the second computation path are continuous.
[0125] In another embodiment, the verification unit 31 is further configured to: determine that the first input and the second node verification result after performing an XOR operation with the third preset number of third mask factors are the same, and determine that the first node verification result is consistent with the first node verification result; determine that the first input and the second node verification result after performing an XOR operation with the third preset number of third mask factors are not the same, and determine that the first node verification result is inconsistent with the first node verification result.
[0126] Regarding the apparatus in the above embodiments, the specific manner in which each unit module performs its operations has been described in detail in the embodiments related to the method, and will not be elaborated upon here.
[0127] Figure 3 This is a schematic diagram of an electronic device provided in this application. (For example...) Figure 3 The electronic device 30 may include at least one processor 301 and a memory 303 for storing processor-executable instructions. The processor 301 is configured to execute the instructions in the memory 303 to implement the data processing method of the block white-box cryptography algorithm in the following embodiments.
[0128] In addition, the electronic device 30 may also include a communication bus 302, at least one communication interface 304, an input device 306, and an output device 305.
[0129] Processor 301 may be a processor (central processing unit, CPU), microprocessor unit, ASIC, or one or more integrated circuits for controlling the execution of programs according to the present application.
[0130] The communication bus 302 may include a path for transmitting information between the aforementioned components.
[0131] Communication interface 304 uses any transceiver-like device for communicating with other devices or communication networks, such as Ethernet, radio access network (RAN), wireless local area network (WLAN), etc.
[0132] Input device 306 is used to receive input signals and output device 305 is used to output signals.
[0133] Memory 303 may be a read-only memory (ROM) or other type of static storage device capable of storing static information and instructions, random access memory (RAM) or other type of dynamic storage device capable of storing information and instructions, or electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compressed optical discs, laser discs, optical discs, digital versatile optical discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and accessible by a computer, but not limited thereto. Memory may exist independently and be connected to the processing unit via a bus. Memory may also be integrated with the processing unit.
[0134] The memory 303 stores instructions for executing the scheme of this application, and the processor 301 controls the execution. The processor 301 executes the instructions stored in the memory 303 to realize the functions of the method of this application.
[0135] In a specific implementation, as one example, processor 301 may include one or more CPUs, for example... Figure 3 CPU0 and CPU1 in the CPU.
[0136] In a specific implementation, as one example, the electronic device 30 may include multiple processors, such as... Figure 3 Processors 301 and 307 are described in the text. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor here may refer to one or more devices, circuits, and / or processing cores used to process data (such as computer program instructions).
[0137] The electronic device is as follows Figure 3 The diagram includes a processor 301 and a memory 303 for storing executable instructions of the processor 301. The processor 301 is configured to execute the executable instructions to implement a data processing method for a block white-box cryptographic algorithm as described in any of the possible embodiments above. Furthermore, it achieves the same technical effect, and to avoid repetition, will not be elaborated further here.
[0138] This application also provides a computer-readable storage medium. When the instructions in the computer-readable storage medium are executed by the processor of a data processing apparatus or electronic device for a block white-box cryptography algorithm, the data processing apparatus or electronic device for the block white-box cryptography algorithm is able to perform the data processing method of the block white-box cryptography algorithm as described in any of the possible embodiments above. And it can achieve the same technical effect; to avoid repetition, it will not be described again here.
[0139] This application also provides a computer program product, including a computer program or instructions, which are executed by a processor using a data processing method for a block white-box cryptographic algorithm as described in any of the possible implementations above. This achieves the same technical effect, and to avoid repetition, it will not be described again here.
[0140] Other embodiments of this application will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this application that follow the general principles of this application and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this application are indicated by the following claims.
[0141] It should be understood that this application is not limited to the precise structure described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this application is limited only by the appended claims.
Claims
1. A data processing method for a block white-box cryptography algorithm, characterized in that, The method includes: In the process of performing double verification protection on the two real cryptographic operations associated in the block white-box cryptography algorithm, the verification results of the first node and the second node at any common intermediate verification point of the first and second operation paths are detected and compared in real time; the first operation path and the second operation path are the operation paths of the two real cryptographic operations associated with the algorithm. When the verification results of the first node and the second node are inconsistent, an erasure operation is performed on the sensitive data generated by the current operation, and at the same time, the operation is stopped from proceeding to the next actual operation; the sensitive data includes the intermediate state and / or output results of the first operation path and the second operation path; The method further includes: It is determined that the first operation path and the second operation path are the same. According to the preset granularity, the same number of consecutive sub-operation nodes are divided on the first operation path and the second operation path. Following the execution order of multiple consecutive sub-operation nodes, the sub-operation nodes that are at the same position on the first operation path and the second operation path are executed sequentially and alternately. When each of the sub-operation nodes on the first operation path and the second operation path completes its operation, the intermediate state generated by each of the sub-operation nodes on the first operation path and the second operation path is XORed with a first preset number of first mask factors to obtain the first node verification result and the second node verification result for output, so as to form a common intermediate verification point. The preset granularity includes granularity based on the number of operation rounds, operation, or instruction set; the distribution density of the multiple common intermediate verification points is negatively correlated with the size of the preset granularity.
2. The method according to claim 1, characterized in that, The method further includes: The real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first and second operation paths includes: The received first node verification result and second node verification result are XORed with the first preset number of first mask factors, and the first node verification result and second node verification result after the XOR operation are compared.
3. The method according to claim 2, characterized in that, The step of comparing the first node verification result and the second node verification result after performing the XOR operation further includes: The first node verification result after the XOR operation and the second node verification result after the XOR operation are determined to be the same, thus confirming that the first node verification result and the second node verification result are consistent. The first node verification result after the XOR operation and the second node verification result after the XOR operation are determined to be different, thus indicating that the first node verification result and the second node verification result are inconsistent.
4. The method according to claim 1, characterized in that, The method further includes: The computation paths of the first computation path and the second computation path are determined to be different; wherein, the first computation path represents the encryption main computation path, and the second computation path represents the decryption verification computation path; the input node of the first computation path and the corresponding output node associated on the second computation path form the common intermediate verification point. The real-time detection and comparison of the first node verification result and the second node verification result at any common intermediate verification point of the first and second operation paths includes: First, the first operation path is executed. When the output node of the first operation path generates a first output result, the first output result is XORed with a second preset number of second mask factors to be input into the second operation path. The result of XORing the first input with a third preset number of third mask factors is determined as the first node verification result. The first input is the input of the first operation path that generates the first output result. Then execute the second operation path. During the decryption operation, perform an XOR operation on the first output result after the XOR operation received and the second preset number of second mask factors, then perform the decryption operation, and perform an XOR operation on the second output result after the decryption operation and the third preset number of third mask factors to obtain the second node verification result. The second node verification result and the corresponding first node verification result of the output node are XORed with the third preset number of third mask factors, and then compared.
5. The method according to claim 4, characterized in that, The step of performing an XOR operation between the second node verification result of the output node and the first input of the corresponding input node and the third preset number of third mask factors, and then comparing them, includes: The first input and the second node verification result are determined to be the same after performing an XOR operation with the third preset number of third mask factors, and the first node verification result is determined to be consistent with the second node verification result; If the first input and the second node verification result are determined to be different after performing an XOR operation with the third preset number of third mask factors, then the first node verification result and the second node verification result are determined to be inconsistent.
6. A data processing apparatus for a block white-box cryptographic algorithm, characterized in that, The device includes: The verification unit is used to perform real-time detection and comparison of the first node verification result and the second node verification result of the first operation path and the second operation path at any common intermediate verification point during the double verification protection process of the two corresponding real cryptographic operations in the block white-box cryptography algorithm; the first operation path and the second operation path are the operation paths of the two corresponding real cryptographic operations. The erasure unit is used to perform an erasure operation on the sensitive data generated by the current operation when the verification results of the first node and the verification results of the second node are inconsistent. At the same time, it controls the cessation of entering the next real operation. The sensitive data includes the intermediate state and / or output results of the first operation path and the second operation path. The verification unit is specifically used to determine that the first computation path and the second computation path are the same, and to divide the first computation path and the second computation path into multiple consecutive sub-computation nodes of the same number and position according to a preset granularity; to execute each sub-computation node of the same position on the first computation path and the second computation path in a sequential and cross-execution order according to the execution order of the multiple consecutive sub-computation nodes; when each of the corresponding sub-computation nodes on the first computation path and the second computation path has completed its operation, to perform an XOR operation on the intermediate state generated by each of the sub-computation nodes on the first computation path and the second computation path with a first preset number of first mask factors to obtain the first node verification result and the second node verification result for output, so as to form a common intermediate verification point; wherein, the preset granularity includes the division granularity based on the number of computation rounds, computation operations, or instruction sets; the distribution density of the multiple common intermediate verification points formed is negatively correlated with the size of the preset granularity.
7. An electronic device, characterized in that, include: A processor and a memory for storing processor-executable instructions, wherein the processor is configured to perform a data processing method for a block white-box cryptographic algorithm as described in any one of claims 1-5 when executing the executable instructions.
8. A computer-readable storage medium storing instructions thereon, characterized in that, When the instructions in the computer-readable storage medium are executed by the processor of the electronic device, the electronic device is able to perform a data processing method of the block white-box cryptographic algorithm as described in any one of claims 1-5.