Cryptographic algorithm having a key-dependent masked computing step (SBOX call)

Abstract

A processor device has an executable implementation of a cryptographic algorithm implemented thereon, which algorithm is adapted to produce an output text from an input text employing a secret key K. The implementation of the algorithm comprises a key-dependent computing step S which comprises a key combination of input values x derived directly or indirectly from the input text with key values SubK derived directly or indirectly from the key; the key-dependent computing step S is represented by a table which is masked with input masking and/or output masking to form a masked table TabSSubK; and a new masked table TabSKneu is generated in the processor device.

Claims

1. A processor device with an executable implementation of a cryptographic algorithm implemented thereon, which is adapted to produce an output text from an input text, employing a secret key K, wherein the implementation of the algorithm: comprises a masked key-dependent computing step T which comprises a key combination of input values derived directly or indirectly from the input text and key values SubK derived directly or indirectly from the key; the masked key-dependent computing step T is represented by a table which is masked with an input masking and/or output masking to form a masked table TabS.sub.SubK; the processor device comprises a key update device adapted to perform a key update method from the derived key value SubK to a new derived key value SubKneu on the masked key-dependent computing step T; and wherein in the key update method key change data are supplied to the processor device, in particular to the key update device, said key change data being computed employing the derived key value SubK, the new derived key value SubKneu and the employed input masking and/or output masking; wherein: in the key update method further a new masked table TabS.sub.Kneu is generated by means of the key change data in the processor device, in particular in the key update device, said new masked table being adapted to newly compute the key-dependent computing step S for the new derived key value Sub.sub.Kneu by means of the new masked table TabS.sub.Kneu.

2. The processor device according to claim 1, wherein the key change data have lower memory requirements than the masked table.

3. The processor device according to claim 1, wherein the algorithm comprises several rounds j=1, . . . , n, as the derived key value SubK a round key part of a round key kj of a round j is provided that is processed by the masked key-dependent computing step T, and as the new derived key value SubKneu a round key part of a round key of a different round l, in particular of a round j+1 subsequent to the round, is provided that is processed by the masked key-dependent computing step T, so that by means of the key change data from the masked table TabS.sub.K of the round there is derived the new masked table TabS.sub.Kneu of a different round, in particular the subsequent round.

4. The processor device according to claim 3, comprising a multiplicity of n, in particular 10 (AES) or 16 (DES), rounds, wherein for part of the rounds the respective new masked table TabS.sub.Kneu is derived employing key change data from the respective masked table TabS.sub.K of a different round, in particular of a round preceding the round.

5. The processor device according to 1, wherein the processor device is adapted, at runtime, while the algorithm is executed on the processor device, to supply for the computing step S two or several tables which are masked with two or several different input maskings and/or output maskings to form masked tables Tab1S.sub.SubK, Tab2S.sub.subK, Tab3S.sub.SubK, . . . , wherein the new masked table TabS.sub.Kneu is generated from one of the masked tables Tab1S.sub.SubK, Tab2S.sub.SubK, Tab3S.sub.SubK, . . . .

6. The processor device according to claim 5, wherein the algorithm comprises several rounds, and at least some or all of the new masked tables TabS.sub.Kneu of different rounds are generated from different ones of the masked tables Tab1S.sub.SubK, Tab2S.sub.SubK, Tab3S.sub.SubK, . . . .

7. The processor device according to claim 1, further comprising a transaction application implemented in the processor device, which is adapted to request a transaction employing the implementation of the algorithm implemented.

8. A method for changing the secret key K in a processor device according to claim 1, from an old key Ka to a new key Kn, wherein the change of the key K from the old key Ka to the new key Kn is performed by generating new tables TabS.sub.SubKn for all tables provided in the implementation, referred to as old TabS.sub.SubKa, and replacing the old tables TabS.sub.SubKa by the new tables TabS.sub.SubKn, wherein the new tables TabS.sub.SubKn are generated from the old tables TabS.sub.SubKa by means of key change data (SWD), wherein the key change data (SWD) are computed employing key values SubKa derived from the old key Ka, key values SubKn derived from the new key Kn and the employed input masking and/or output masking.

9. The method according to claim 8, wherein the change of the secret key from the old key Ka to the new key Kn, in particular the generating of the new tables TabS.sub.SubKn, is performed at the request of the application.

10. The method according to claim 9, wherein the application is configured as an application for performing a transaction, in particular a payment transaction, in particular a cloud payment transaction, and wherein the change of the secret key from an old key Ka to a new key Kn is performed upon each performance of a transaction.

11. The method according to claim 8, wherein the change of the secret key from an old key Ka to a new key Kn is performed after a performance of a transaction with the old key Ka, so that the new table TabS.sub.SubKn with the new key is implemented for the subsequent transaction.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) In the following the invention will be explained in more detail on the basis of embodiment examples and with reference to the drawings, in which there are shown:

(2) FIG. 1 a DES round in standard representation of the prior art, according to the prior art;

(3) FIG. 2 a DES round in an alternative representation, with S-box operations S embedded in operations T, and particularly suitable as the basis of the invention;

(4) FIG. 3 a detailed representation of a single operation T in the DES round of FIG. 2;

(5) FIG. 4 a white-box masking of a DES round according to FIG. 2 and FIG. 3, according to embodiments of the invention;

(6) FIG. 5 two performances of a payment transaction under the direction of a transaction application, according to a first embodiment of the invention;

(7) FIG. 6 two performances of a payment transaction under the direction of a payment application, according to a second embodiment of the invention.

DETAILED DESCRIPTION OF EMBODIMENT EXAMPLES

(8) FIG. 1 shows a DES round of the prior art. The DES round comprises in particular also SBOX operations S1, . . . , S8, by which input values x=e XOR k are processed, wherein k=Kj are key values derived from the secret key K, namely round keys kj of the DES round under consideration.

(9) FIG. 2 shows a DES round in an alternative representation, with S-box operations S embedded in operations or so-called T-boxes T, T=T0, . . . T9 (or T0, . . . T7), and particularly suitable as the basis of the invention. The round j processes a 48-bit round key kj. The round key kj is divided into 6-bit round key portion SubK. One round key portion SubK is processed by one of the T-boxes T=T0, . . . T7 in each case. Two further T-boxes process keyless values. More specifically, for Ti of the round j SubK=kj6i . . . kj6i+5, wherein i=0, . . . 7, i.e. in the T6 of the fifth round the 6 bits k (j=5, i=36) to k (j=5, i=41) are received, etc.

(10) FIG. 3 shows a detailed representation of a single operation Ti in the DES round of FIG. 2 (wherein i is a value from 0, . . . 9 or from 0, . . . 7). Ti is implemented as a key-dependent computing step comprising the SBOX operation. Here, the key-dependent computing step Ti depends on 6 bits of the round key kj, hereinafter referred to as SubK. The key-dependent computing step Ti is implemented for the respective DES round as a key-dependent table TabS.sub.SubK.

(11) FIG. 4 shows a white box masking of a DES round according to FIG. 2 and FIG. 3, in accordance with embodiments of the invention. The output of each key-dependent computing operation Ti is masked with an invertible function f, which, according to FIG. 4, is formed for example by a linear mapping A which in turn is represented by a matrix MA, to form a masked key-dependent computing operation Ti. In FIG. 4 thus there applies to the masking operation f=A=MA. Here, the output bits of the computing operation Ti are designated by s0 . . . sn1, y0, . . . ym1.

(12) The DES comprises 16 rounds. In each of the 16 DES rounds new round keys kj are known to be derived and employed. Conventionally, for the embodiment of FIGS. 2-4, 16 separately supplied key-dependent computing operations Ti would have to be supplied for the masked key-dependent computing operations Ti, comprising SBOX operations Si, of the 16 rounds of the DES.

(13) According to the invention, the masked key-dependent computing operations Ti of a DES round can be derived from the respectively preceding DES round by means of key change data. In this case, only the masked key-dependent computing operations Ti and thus the key-dependent tables TabS.sub.SubK for a single round need to be stored. The key-dependent tables TabS.sub.SubK of the further rounds are successively computed by means of key change data proceeding from the stored key-dependent table TabS.sub.SubK. Instead of from the directly preceding DES round, the round keys of a DES round can be derived by means of the suitably computed key change data from any other DES round, which is not necessarily the preceding round.

(14) Further, by means of the technique of the key change data according to the invention, a key change from an old key Ka to a new key Kn can be performed on the complete DES algorithm in a comparatively easy manner. For this purpose, the key-dependent tables TabS.sub.SubKa for all 16 DES rounds, which initially depend on round keys SubKa which are formed proceeding from the old DES key Ka, are replaced by new key-dependent tables TabS.sub.SubKn depending on round keys SubKn which are formed proceeding from the new DES key Kn.

(15) Subsequently key changes by means of key change data are shown with reference to two examples.

Example 1

(16) To the input of the computing step S a derived key value k is assigned, f and g1 are linear functions.

(17) Sk: Computing step, with derived key value=k

(18) x: Input value

(19) k: Key value incorporated in computing step S

(20) SBOX: SBOX table call in table SBOX

(21) Sk(x)=SBOX(k XOR x)

(22) Linear obfuscation of input and output of the table SBOX with linear mappings g1 and f

(23) TabS.sub.SubK(x)=f SBOX(k XOR g1(x))

(24) Key change data: SWD=g (kneu XOR k) are XORed upon input.

(25) This yields:

(26) TabS.sub.SubKneu(x)=f SBOX(kneu XOR g1(x))=f SBOX(k XOR g1(g(k XOR kneu)) XOR g1(x))=f SBOX(k XOR g1(g(k XOR kneu) XOR x)=f SBOX(k XOR g1(SWD XOR x))

Example 2

(27) To the output of the computing step S a derived key value k is assigned, f and g1 are linear functions.

(28) Sk: Computing step, if key value=k

(29) x: Input value

(30) k: Key value incorporated in computing step S

(31) SBOX: SBOX table call

(32) Sk(x)=k XOR SBOX(x)

(33) Linear obfuscation of input and output with linear mappings g1 and f

(34) TabS.sub.SubK(x)=Sk(y)=f(k XOR SBOX(g1 x)), with y=g1 x

(35) Key change data: SWD=f (kneu XOR k) are XORed upon output.

(36) This yields:

(37) TabS.sub.SubKneu(x)=Skneu(y)=SWD XOR f (k XOR SBOX(g1 x))=

(38) f (kneu XOR k) XOR f (k XOR SBOX(g1 x))=

(39) f (kneu XOR k XOR k XOR SBOX (g1 x))=

(40) f (kneu XOR SBOX (g1 x)).

(41) In the examples 1 and 2 the simplest case, that g1 and f are linear mappings, was initially proceeded from. If g1 and f are non-linear, additional auxiliary data are required for computing Skneu(y). In other constructions of Sk(x), more specifically when both of the input and the output of the computing step (of the SBOX) are concerned by a key change, it is required to modify both input and output when changing the key value k.

(42) FIG. 5 shows, according to a first embodiment of the invention, a schematic representation of two performances TR1, TR2 of a payment transaction under the direction of a transaction application Pay-App that uses a DES according to the invention. The DES is initially implemented with a key K0, with a table TabS.sub.SubK masked with a masked table. As soon as the application Pay-App initiates a transaction TR1, an update of the key K0 to a new key K1 is initiated. Subsequently the transaction TR1 is performed with the new key K1. Here, a DES is performed with the new key K1, with a table call in the masked table TabS.sub.SubK1. The DES is now implemented with a key K1, with a masked table TabS.sub.SubK1. As soon as the application Pay-App initiates a subsequent transaction TR2, an update of the key K1 to a new key K2 is initiated. Subsequently the transaction TR2 is performed with the new key K2. Here, a DES is performed with the new key K2, with a table call in the masked table TabS.sub.SubK2.

(43) FIG. 6 shows a schematic representation of two performances of a payment transaction TR1, TR2 under the direction of a transaction application, according to a second embodiment of the invention. The transaction is likewise effected under the direction of a transaction application Pay-App that uses a DES according to the invention. The DES is initially implemented with a key K0, with a table TabS.sub.SubK0 masked with a masked table. As soon as the application Pay-App initiates a transaction TR1, the transaction TR1 is performed with the implemented key K0. Subsequently, an update of the key K0 to a new key K1 is initiated, in some cases without the possibility of intervention by the user. As soon as the application Pay-App initiates a subsequent transaction TR2, the transaction TR2 is performed with the new key K1 updated subsequently to the previous transaction. Here, a DES is performed with the new key K1, with a table call in the masked table TabS.sub.SubK1. Subsequently, an update of the key K1 to a new key K2 is initiated. A subsequent third transaction TR3 would now comprise a table call to a masked table TabS.sub.SubK2 based on the key K2. Between the individual transactions TR1, TR2, . . . extended periods of time can elapse in which the processor device or the device in which the processor device is installed, can also be turned off.

CITED PRIOR ART

(44) [1] A Tutorial on White-box AES, James A. Muir, Cryptology ePrint Archive, Report 2013/104, eprint.iacr.org/2013/104 [2] DE 10 2014 016 548.5 (filed on Oct. 11, 2014) [3] Differential Computation Analysis: Hiding your White-Box Designs is Not Enough, J. W. Bos, Ch. Hubain, W. Michiels, and Ph. Teuwen, eprint.iacr.org/2015/753, retrieved on Jul. 31, 2015 [4] A White-Box DES Implementation for DRM Applications, S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot, pre-proceedings for ACM DRM-2002, Oct. 15, 2002, https://crypto.stanford.edu/DRM2002/whitebox.pdf [5] WO 2010 146139 A9