Paper 2022/444

A White-Box Speck Implementation using Self-Equivalence Encodings (Full Version)

Joachim Vandersmissen, Adrián Ranea, and Bart Preneel

Abstract

In 2002, Chow et al. initiated the formal study of white-box cryptography and introduced the CEJO framework. Since then, various white-box designs based on their framework have been proposed, all of them broken. Ranea and Preneel proposed a different method in 2020, called self-equivalence encodings and analyzed its security for AES. In this paper, we apply this method to generate the first academic white-box Speck implementations using self-equivalence encodings. Although we focus on Speck in this work, our design could easily be adapted to protect other add-rotate-xor (ARX) ciphers. Then, we analyze the security of our implementation against key-recovery attacks. We propose an algebraic attack to fully recover the master key and external encodings from a white-box Speck implementation, with limited effort required. While this result shows that the linear and affine self-equivalences of self-equivalence encodings are insecure, we hope that this negative result will spur additional research in higher-degree self-equivalence encodings for white-box cryptography. Finally, we created an open-source Python project implementing our design, publicly available at https://github.com/jvdsn/white-box-speck. We give an overview of five strategies to generate output code, which can be used to improve the performance of the white-box implementation. We compare these strategies and determine how to generate the most performant white-box Speck code. Furthermore, this project could be employed to test and compare the efficiency of attacks on white-box implementations using self-equivalence encodings.

Note: This is the full version of the paper published at ACNS 2022. This version includes attack results and performance details for additional Speck configurations.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. MAJOR revision.ACNS 2022
Keywords
white-box cryptographyself-equivalenceSpeck
Contact author(s)
joachim @ atsec com
History
2022-04-12: received
Short URL
https://ia.cr/2022/444
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/444,
      author = {Joachim Vandersmissen and Adrián Ranea and Bart Preneel},
      title = {A White-Box Speck Implementation using Self-Equivalence Encodings (Full Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2022/444},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/444}},
      url = {https://eprint.iacr.org/2022/444}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.