Abstract
The CLEFIA block cipher has a generalised Feistel structure, which has been an ISO international standard since 2012. In 2014 Su et al. proposed a white-box CLEFIA implementation with a white-box table for an S-box, and in 2020 Yao et al. presented an algebraic attack on Su et al.’s implementation with a time complexity of \(2^{30}\) and proposed another white-box CLEFIA implementation with a basic white-box table for two S-boxes. In this paper, we apply Lepoint et al.’s collision-based attack method to Su et al.’s implementation and recover all the white-box operations and the round and whitening keys with a time complexity of about \(2^{22}\) S-box computations, and analyse the security of Yao et al.’s implementation against Lepoint et al.’s collision-based attack method. For Yao et al.’s implementation, on one hand, our experiment under a small fraction of (affine encodings, round key) combinations suggests that it can resist Lepoint et al.’s collision-based attack method, for the rank of the concerned linear system is much less than the number of the involved unknowns, but on the other hand, it is not clear whether there exist affine encodings such that the rank of the corresponding linear system is slightly less than the number of the involved unknowns, for which case Lepoint et al.’s method can be applied to remove most white-box operations until mainly some Boolean masks remain. We also experimentally test that the rank of the concerned linear system is invariant when the Boolean encodings are changed to affine encodings in our attack on Su et al.’s implementation. Our cryptanalysis suggests to some extent that for white-box CLEFIA implementation, building a white-box table with two S-boxes is preferable to building a white-box table with a single S-box in the sense of their security against Lepoint et al.’s collision-based attack method, but nevertheless we leave it as an open problem to investigate the distribution of the ranks under all encodings.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baek, C.H., Cheon, J.H., Hong, H.: White-box AES implementation revisited. J. Commun. Netw. 18, 273–287 (2016)
Bai, K.P., Wu, C.K., Zhang, Z.F.: Protect white-box AES to resist table composition attacks. IET Inf. Secur. 12, 305–313. IET (2018)
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16
Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_11
Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. IACR Cryptology ePrint Archive, 468 (2006)
Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17
Derbez, P., Fouque, P.A., Lambin, B., Minaud, B.: On recovering affine encodings in white-box implementations. IACR Trans. Crypt. Hardw. Embed. Syst. 2018(3), 121–149 (2018)
De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3
De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8_21
Jacob, M., Boneh, D., Felten, E.: Attacking an obfuscated cipher by injecting faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_2
Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_19
International Standardization of Organization (ISO), International Standard - ISO/IEC 29192–2:2012, Information technology–Security techniques– Lightweight cryptography–Part 2: Block ciphers (2012)
Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233. Springer, Boston (1994). https://doi.org/10.1007/978-1-4615-2694-0_23
Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_14
Lu, J., Wang, M., Wang, C., Yang, C.: Collision-based attacks on white-box implementations of the AES block cipher. In: Smith, B., Wang, H. (eds.) SAC 2022, LNCS, vol. 13742. Springer (to appear)
Luo, R., Lai X.J., You, R.: A new attempt of white-box AES implementation. In: Proceedings of SPAC 2014, pp. 423–429. IEEE (2014)
Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_27
National Institute of Standards and Technology (NIST): Advanced Encryption Standard (AES), FIPS-197 (2001)
Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74619-5_12
Su, S., Dong, H., Fu, G., Zhang, C., Zhang, M.: A white-box CLEFIA implementation for mobile devices. In: Proceedings of the 2014 Communications Security Conference, pp. 1–8. IET (2014)
Xiao, Y.Y., Lai, X.J.: A secure implementation of white-box AES. In: Proceedings of CSA 2009, pp. 1–6. IEEE (2009)
Yao, S., Chen, J., Gong, Y., Xu, D.: A new white-box implementation of the CLEFIA algorithm (in Chinese). J. Xidian Univ. 47(5), 150–158 (2020)
Acknowledgement
This work was supported by Guangxi Key Laboratory of Cryptography and Information Security (No. GCIS202102). Jiqiang Lu was Qianjiang Special Expert of Hangzhou.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lu, J., Wang, C. (2023). Cryptanalysis of Two White-Box Implementations of the CLEFIA Block Cipher. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_4
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)