Hardened White Box Implementation 2

Abstract

A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.

Claims

1-16. (canceled)

17. A processor device having an executable white-box-masked implementation of a cryptographic algorithm implemented thereon, which is configured to generate an output text from an input text while employing a secret key K, wherein the implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T by means of an invertible function f, wherein a) as a mapping f, a combination (f=(c1, c2, . . . )*A) is provided of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . , wherein through the mapping f output values w are generated; b) the affine mapping A is configured to be applied to output values s of the computation step S and additionally to one or several obfuscation values y which are statistically independent of the output values s of the computation step S, according to a=A(S[x], y)=A(s, y); c) the one or several invertible mappings c1, c2, . . . are configured to map output values a of the affine mapping A to output values w of the mapping f, according to w=(c1, c2, . . . )(A(s,y)); d) invertible mappings c1, c2, . . . are constructed by a construction method, wherein: d1) the output values a of the affine mapping A are represented as a concatenation of output-value parts a=a1|a2 . . . and the output values w of the mapping f are represented as a concatenation of output-value parts w=w1|w2 . . . , wherein output-value parts a1, a2, . . . and w1, w2, . . . respectively have the same entry width Bc1, Bc2, . . . as the invertible mappings c1, c2, . . . ; d2) an input value x=xi is set; d3) the affine mapping A is applied with fixed input value xi on s=S [xi] and all possible obfuscation values y, whereby for each output-value part a=a1, a2, . . . a corresponding set Mxi=Mxi1, Mxi2, . . . is formed, wherein each set Mxi1, Mxi2 . . . contains one or several different values of the corresponding output-value part a1, a2, . . . ; and the invertible mappings c1, c2, . . . are applied to the thus generated output-value parts a1, a2, . . . in order to generate output-value parts w=w1, w2, . . . , whereby for each output-value part w=w1, w2, . . . a corresponding set Lxi=Lxi1, Lxi2, . . . is formed, wherein each set Lxi1, Lxi2, . . . contains one or several different values of the corresponding output-value part w1, w2, . . . ; d4) step d3) is carried out for all possible input values x=xi, i=1, 2, . . . according to step d2), so that pluralities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, Mx21, Mx22, . . . and Lxi, i=1, 2, . . . =Lx11, Lx12, Lx21, Lx22, . . . are formed; d5) sets M1={Mx11, Mx21, Mx31 . . . }, M2={Mx12, Mx22, Mx32 . . . } . . . and L1={Lx11, Lx21, Lx31 . . . }, L2={Lx12, Lx22, Lx32 . . . } . . . are formed; and d6) the one or several invertible mappings c1, c2, . . . are selected or formed such that the set M1 and the set L1 are mapped by the mapping c1, the set M2 and the set L2 are mapped by the mapping c2, . . . .

18. The processor device according to claim 17, wherein one or several invertible mappings ci are further selected or formed such that there holds Mx1i=Lx1i, Mx2i=Lx2i.

19. The processor device according to claim 17, wherein in b1) the affine mapping A is further so designed that every bit in the output values a of the affine mapping A depends on at least one bit of the obfuscation values y, by which is attained that the output values a of the affine mapping A are statistically balanced.

20. The processor device according to claim 19, wherein the affine mapping A comprises a linear mapping which is formed by a matrix MA, which is organized in columns and rows, wherein the output values s of the computation step S and the statistically independent obfuscation values y are associated with separate columns in the matrix MA; wherein preferably further in each row of the matrix MA in at least one of the columns having statistically independent values y a non-zero value is contained.

21. The processor device according to claim 17, wherein for carrying out the implementation of the white-box-masked computation step T there has been supplied a look-up table STab[x] representing the computation step S, or a look-up table STab[x,y] representing the computation step S and the obfuscation values y.

22. The processor device according to claim 17, wherein the white-box-masked computation step T is represented by a white-box-masked look-up table TTab [x, y] in which values f(s, y) are recorded including the result of the application of one or several invertible mappings c1, c2, . . . to A(s, y).

23. The processor device according to claim 17, wherein the implementation additionally comprises a further invertible function g to be applied to input values x of the computation step S, or to input values x of the computation step S and to obfuscation values y according to g.sup.1(x) or g.sup.1(x, y).

24. The processor device according to claim 17, wherein there is provided as an algorithm a block cipher having several rounds, and as a computation step S: one or several SBox operations or one or several inverse SBox operations, respectively of one round; or a combination of one or several SBox operations or one or several inverse SBox operations, respectively of one round, with one or several further operations of the round.

25. The processor device according to claim 24 with algorithm DES, wherein there is/are provided as an input value x either one or several expanded right entry bits ri (r1|r2| . . . ) of a round, or a linkage (x=r1 XOR k1 XOR k2| . . . ) of one or several expanded right entry bits ri of a round with one or several key bits ki; or/and one or several left entry bits li of the round go into the obfuscation values y.

26. The processor device according to claim 24 having algorithm DES, wherein the obfuscation values y are computed by means of a function V from one or several left entry bits li of the round or/and from one or several expanded right entry bits ri of the round, wherein V is electively a linear mapping or a hash function.

27. The processor device according to claim 26, wherein the algorithm has several rounds and the function V is newly chosen for every round.

28. The processor device according to any of claim 24, having algorithm DES, wherein the further operations comprise one or several of the following: permutation P; expansion E; addition of left and right entry bits l, r or left and expanded right entry bits l, r.

29. The processor device according to claim 24 having algorithm AES, wherein there is provided as an input value x an input value or part of an input value of an AddRoundKey operation or a SubBytes operation or an inverse SubBytes operation of an AES round.

30. The processor device according to claim 24 having algorithm AES, wherein the further operations comprise one or several of the following: MixColumn operation or one or several substeps of the MixColumn operation or inverse MixColumn operation or one or several substeps of the inverse MixColumn operation.

31. The processor device according to claim 17, wherein the obfuscation values y are computed respectively by means of a function V from bits of the input text, wherein V is electively a linear mapping or a hash function.

32. The processor device according to claim 31, wherein the algorithm has several rounds and the function V is newly chosen for every round.

33. The processor device according to claim 17, wherein the computation step S has been implemented on the processor device as a white-box-masked computation step T in that: (i) the computation step S has been carried out to generate output values s, and (ii) the invertible function f has been applied to the generated output values s of the computation step S and the obfuscation values y, and a thereby achieved result T has been implemented on the processor device.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0048] Hereinafter the invention will be explained more closely on the basis of exemplary embodiments and with reference to the drawings, in which are shown:

[0049] FIG. 1 a DES round in standard representation, according to the prior art, suitably as the basis of the invention;

[0050] FIG. 2 a DES round in an alternative representation, having S-box operations S embedded in operations T, and specifically suitably as the basis of the invention;

[0051] FIG. 3 a detail representation of an individual operation T in the DES round of FIG. 2;

[0052] FIG. 4 a first part of a white-box masking of a DES round according to FIG. 1, or according to FIG. 2 and FIG. 3, carried out by applying an affine mapping A, according to embodiments of the invention.

[0053] FIG. 5 a function f split up into an affine mapping A and two invertible mappings c1 and c2 for white-box masking a DES round according to FIG. 1, or according to FIG. 2 and FIG. 3, to S-box-output values s (x1), s (x2), s (x3), . . . achieved for different input values x1, x2, x3, according to embodiments of the invention;

[0054] FIG. 6 in schematized representation, a method for filtering out suitable and unsuitable invertible mappings c1, c2 in a function f split up according to FIG. 5, according to embodiments of the invention.

DETAILED DESCRIPTION OF EMBODIMENT EXAMPLES

[0055] FIG. 1 shows a DES round according to the prior art. By means of FIG. 1 it is indicated that a computation step S, as is the basis of the invention, can be for example a S-box operation or the totality of the eight S-boxes of a DES round. At the entry of a DES round, 64 bit entry data are divided into 32 bit left side L=1j, j=0, . . . , 31 and 32 bit right side R=rj, j=0, . . . , 31. The bits of the right side R are expanded by means of an expansion operation to 48 bit expanded entry data E=rj, j=0, . . . , 47 of the right side. The 48 bit expanded entry data E having 48 bit key data K=kj, j=0, . . . 47 are linked by means of an XOR operation to input values xj=rj XOR kj, j=0, . . . , 47 for eight S-boxes S. Each of the eight S-boxes S=S1, . . . S8 processes six bits input values xj to respectively four bits output values sj. The four-bit-wide output values sj of the eight S-boxes S=S1, . . . S8 are fed to a permutation operation P. The output values of the permutation P are XORed with bits of the left side and fed to the next DES round. For standard DES, the DES round ends here.

[0056] According to the invention, and as represented in FIG. 4, a first part of a white-box masking is applied to the DES S-box Si (dashed encircled region in FIG. 1) by applying an affine mapping A which comprises a linear mapping MA or in a special case is also formed by a linear mapping MA. For the first part of the white-box masking, the output values sj of the S-boxes are fed to a matrix MA by which the linear mapping is represented in the affine mapping A according to a=A(S[x])=MA(S[x]). Further, in addition to the output values sj of the S-boxes, statistically independent values y are fed to the matrix MA, for example two or more bits lj, j=0, . . . , 31 of the left side 64 bit entry data at the entry of the DES round. To attain, according to an especially advantageous embodiment of the invention, the special hardening of the white-box masking already in this first masking step, the matrix MA is so configured that in addition to the S-Box output values sj, incoming values y are statistically independent of the S-Box output values sj, and that each bit in the output values a of the matrix MA depends on at least one bit from the obfuscation values y. Alternatively other embodiments of the matrix MA are possible.

[0057] Hereinafter there is set forth by means of FIG. 2 and FIG. 3 an alternative particularly suitable representation of a DES round for implementing the invention, in which the operations specific to a DES round S-box operation S and permutation P are summarized in a combined operation T or T-box operation. In so doing, the first part of the white-box masking will be applied with the mapping A, or concretely with the matrix MA, to the combined operation T, in which the S-Box operation is contained (see FIG. 4).

[0058] FIG. 2 shows a DES round in an alternative representation, specifically suitably for the application of a white-box masking according to the invention. At the entry of the DES round, first as in FIG. 1, 64 bit entry data are divided into 32 bit left side L=1j, j=0, . . . , 31 and 32 bit right side R=rj, j=0, . . . 31, and the bits of the right side are expanded to 48 bit E(Rj). For the alternative representation of FIG. 2, two or more bits of the 32 bit L=1j, j=0, . . . , 31 of the left side of the round entry data are employed as obfuscation width y. In this way, upon executing the DES round, the DES-specific eight S-box operations are executed by the fact that a multiplicity of eight or ten combined operations T=T0, . . . T7 or T0, . . . T9 is carried out, in which the S-Box operations S=S1, . . . S8 are comprised.

[0059] FIG. 3 shows the detailed structure of an individual combined operation T=Ti, i=0, . . . 7 (or 0, . . . 9 where applicable) of FIG. 2. (Optionally additionally present padding with zero bits and shifts are omitted in FIG. 3 in favor of better clarity.) In the combined operations T=Ti of FIG. 2 and FIG. 3, as opposed to the S-boxes S of the DES representation of FIG. 1, the keys kj and the DES-typical permutation P are already taken into account in the operation T. The S-box with the key kj taken into account is represented in FIG. 3 by the operation box Si (XORkij), the permutation by P. Further, before the computation step S, thus before the S-box operations S1, . . . , S8, eight (or ten) overall tables T0, . . . T7 (or T0, . . . T9) are generated, in which respectively six-bit entry values xj=rj, j=0, . . . 47 (now not XORed with k, because the key bits kj are already contained in S) for the eight S-boxes S and two-bit obfuscation values lj, j=0, . . . 31 are contained and for ten overall tables Ti further bits obfuscation values lj, j=0, . . . 31 are contained. Here, the two (or more) bit obfuscation values lj are not processed by the S-boxes. The respectively six bit entry values xj=rj XOR kj are respectively processed by an S-box. Therefore the overall tables Ti deliver output values which contain exit values sj of the S-boxes as well as obfuscation values lj.

[0060] As represented in FIG. 4, the first part of the white-box masking of the implementation is carried out by feeding the output values of the combined operations (overall tables) Ti to the matrix MA according to the invention by which the affine mapping A according to the invention is represented. Here, the exit values S(x) of the computation step S, bits of the entry value x, i.e. bits rj of the right side, as well as the statistically independent values y, i.e. the bits employed as obfuscation values lj of the left side of the DES round entry value, are fed to the matrix MA. A separate fetching of the statistically independent values y=lj is not required here, because they are already contained in the combined operation T. For this reason the DES representation of FIG. 2 is particularly well suitable for implementing the invention. The result of the masking are partially white-box-masked operations. These partially white-box masked operations are subsequently still masked with invertible mappings c1, c2, . . . to (completely) white-box masked operations Ti, i=0, . . . 9 or i=0, . . . 7 (cf. FIG. 5, 6) and thereupon implemented in the processor device.

[0061] In the embodiment of FIG. 4, the affine mapping A contained in the mapping f employed in the white-box masking is configured as a matrix MA, having coefficients aij, i=0, . . . l1, j=0, . . . n+m1.

[0062] The matrix MA is multiplied by the entry vector (s,y), which contains S-box exit values s=S[x] (x are e.g. bits r of the right side) and obfuscation values y (e.g. bits of the left side) to generate an exit vector a. The sum formula in FIG. 4 illustrates this aspect for an individual row i having the coefficients aij (j=0, n+m1) of the matrix MA, and a thereby generated individual record i of the exit vector a. In the entry vector (s,y), the S-box exit values s are contained in the upper n records and the obfuscation values y in the lower m records. In the matrix MA are correspondingly contained on the left the n coefficients aij, j=0, . . . n1 of MA to be multiplied with the S-box exit values s=s0, . . . sn1. On the right in the matrix MA are contained the m coefficients aij, j=n, . . . n+m1 of MA to be multiplied with the obfuscation values y=y0, . . . ym1.

[0063] The matrix MA is constructed according to a particularly advantageous embodiment such that the effect is achieved that the right sum of the sum equation for i (note: individual bits of a are designated with i, further below sequences of one or several bits i with ai)

.sub.j0.sup.m-1a.sub.i,n+jy.sub.j

disappears for no row index i, i=0, . . . l1. This effect is attained by the fact that in every row i, at least one of the coefficients ai, n+j, j=0, . . . m1, which are to be multiplied with the obfuscation values y=yj, j=0, . . . m1, is non-zero. Through the effect it is ensured that in no row i, i=0, . . . l1 the obfuscation values y in the output vector a disappear, thus in every row i in the record i of the output vector a at least one obfuscation value yj is contained. This in turn has the further-reaching effect that the output values a of the affine mapping A are statistically balanced.

[0064] FIG. 5 shows a function f for white-box masking a DES round according to FIG. 1, or according to FIG. 2 and FIG. 3, according to embodiments of the invention. The function f is split up into an eight-bit wide affine mapping A and two respectively four bit wide invertible mappings c1 and c2. The function f is applied to six bit wide S-box output values s(x) and two bit wide obfuscation values y. In the image of FIG. 4, the width of the S-box exit values thus is n=6 and the width of the obfuscation values m=2: According to FIG. 5, different input values x=x1, x2, x3, . . . respectively are successively stipulated and the masking f=c(A(s(x),y)) carried out with every input value x=x1, x2, x3, . . . .

[0065] First, an input value x to be processed by S-boxes of the DES round is set. FIG. 5 shows three such set input values x, namely x1, x2 and x3, for three executions of a DES round masking.

[0066] A DES S-box operation is applied to the input value x so that six bit s(x) are generated, i.e. six bit s(x1) or s(x2) or s(x3) etc. In addition, two bit statistically independent obfuscation values y are supplied.

[0067] For the respective x=x1, x2, x3, . . . thus altogether eight bit data are supplied, namely six bit S-box-output values s(x) and two bit obfuscation values y as an input values for the affine mapping A (e.g. matrix MA).

[0068] The affine mapping A is applied to the six bit output values s(x) of the computation step S and the two bit statistically independent obfuscation values y, according to a=A(S[x], y)=A(s, y).

[0069] Through the two invertible mappings c1, c2, output values a of the affine mapping A are mapped to output values w of the mapping f, according to (w1, w2)=(c1, c2)((a1, a2) (s(x),y))=(c1, c2)(A (S[x],y)).

[0070] The output values a of the affine mapping A are in this connection represented as a concatenation of each four bit wide output-value parts a=a1|a2. The output values w of the mapping f are represented as a concatenation of output-value parts w=w1|w2. The output-value parts a1, a2, and w1, w2, respectively have the same entry width Bc1, Bc2 as the invertible mappings c1, c2. In the embodiment example of FIG. 5, a1, a2, w1, w2, c1 and c2 respectively are four bit wide. Here it should be noted that output-value parts are designated with ai which are one or several bit wide, and individual bits are designated with i. Correspondingly, output-value parts are designated with wi which are one or several bit wide, and individual bits are designated with i.

[0071] The invertible mappings c1, c2 are constructed by the following construction method.

[0072] The affine mapping A is applied with fixed input value x1 (upper image half) to s=S [x1] and all possible obfuscation values y (the running through of the possible obfuscation values is represented in more detail in FIG. 6) by which for each output-value part a=a1, a2 a corresponding set Mx11, Mx12 is formed. Each set Mx11, Mx12, contains one or several different values of the corresponding output-value part a1, a2. The sets Mx11, Mx12 are also designated as paths.

[0073] Thereafter the affine mapping A is applied with fixed input value x2 (lower image half) to s=S[x2] and all possible obfuscation values y (cf. also FIG. 6) are applied. As a result of this, a corresponding set Mx21, Mx22 is formed for each output-value part a=a1, a2. Each set Mx21, Mx22, contains one or several different values of the corresponding output-value part a1, a2.

[0074] The invertible mappings c1, c2 are applied to the thus generated output-value parts a1, a2 to generate output-value parts w=w1, w2.

[0075] As a result of this, a corresponding set Lx11, Lx12 or Lx21, Lx22 is formed for each output-value part w=w1, w2. In doing so, each set Lx11, Lx12 or Lx21, Lx22 contains one or several different values of the corresponding output-value part w1, w2.

[0076] For all further possible input values x3, . . . the method is likewise applied.

[0077] Further the following sets are formed:

M1={Mx11, Mx21, Mx31 . . . } (paths of the pre-image set of c1),
M2={Mx12, Mx22, Mx32 . . . } (paths of the pre-image set of c2),
L1={Lx11, Lx21, Lx31 . . . } (for correct c1 paths of the image set of c1),
L2={Lx12, Lx22, Lx32 . . . } (for correct c2 paths of the image set of c2).

[0078] The invertible mappings c1, c2 are selected or formed such that the set M1 is mapped to the set L1 and the set M2 is mapped to the set L2. The mappings c1 and c2 are thus path preserving because pre-image set and image set contain the same paths.

[0079] FIG. 6 shows, in the form of a pseudo program code, the construction methods represented in FIG. 5, and in particular the running through of the possible values of the obfuscation value vector y. In FIG. 6, compared with FIG. 5, the bit width of the obfuscation-value vector y is generalized from two to m. Thus, obfuscation values y=(y0, . . . ym1) are employed. For the construction method, input values xi, i=1, 2, 3, . . . are incremented with the help of the index i, a program loop i is run through for each value of the index i, the possible obfuscation values y run through within the i program loop, and sets formed analogously as described on the basis of FIG. 5. The exit of the affine mapping A is again represented as a concatenation of a=a1|a2| . . . .

[0080] First, a n bit wide input value vector x=x1 is stipulated. The input-value vector x1 is processed, e.g. according to FIG. 1 or FIG. 3, by DES S-boxes to S-box output values s(x1).

[0081] Further, a first possible value y1 for the m bit wide obfuscation value vector y1=(y10 . . . y1m1) is stipulated. The S-box-output values s(x1) and the obfuscation values y1=(y10, . . . y1m1) are fed to the affine mapping A, according to a (x1, y1)=A(s(x1),y1)=a1 (s(x1), y1)|a2 (s(x1), y1), . . . .

[0082] Now a second possible value y2 for the m bit wide obfuscation-value vector y2=(y20, . . . y2m1) is stipulated. The S-box output values s(x1) and the obfuscation values, now y2=(y20 . . . y2m1), are fed to the affine mapping A, according to a (x1, y2)=A (s(x1), y2)=a1 (s(x1), y2)|a2 (s(x1), y2), . . . .

[0083] This method is carried out, with fixed x1, for all further possible values of the obfuscation-value vector y=y3, =(y30, . . . y3m1) . . . .

[0084] With the generated results a1( ), a2 ( ), . . . , with fixed x1, of the affine mapping A, mapping sets M of the affine mapping A are generated according to Mx11={a1(s(x1),y1), a1(s(x1),y2), . . . }, Mx12={a2(s(x1),y1), a2(s(x1),y2), . . . }, Mx13= . . . , etc.

[0085] The invertible mappings c1, c2, . . . are applied to the thus generated output values of the affine mapping A. The mappings c1, c2, . . . are therefore likewise applied with fixed x1 for all possible values obfuscation values y=y1, y2, y3, . . . . With y1, an operation c1, c2, . . . is applied to a1(s(x1),y1), a2(s(x1), y1) . . . and w1 (x1, y1), w2 (x1, y1) . . . generated. With y2, an operation c1, c2, . . . applied to a1(s(x1),y2), a2(s(x1), y2) . . . and w1 (x1, y2), w2 (x1, y2) . . . generated.

[0086] With the output values w of the invertible mappings c1, c2, . . . , mapping sets L of the invertible mappings c are generated for x1 according to

Lx11={c1(a1(s(x1),y1),c1(a1(s(x1),y2), . . . },

Lx12={c2(a2(s(x1),y1),c2(a2(s(x1),y2), . . . },

Lx13= . . . , etc.

[0087] After all values of the obfuscation value vector y have been run through, the index for the input value vector x is incremented by one to two (i->i+1=2) so that now x to x2 is stipulated. The input value x2 is processed by the S-box operation to s(x2).

[0088] Now all possible obfuscation values y1, y2 are run through for x2. In this way, mapping sets of the affine mapping A are generated for x2, analogously as previously for x1, according to Mx21={a1(sx2,y1), a1(sx2,y2), . . . }, Mx22={a2(sx2,y1), a2(sx2,y2), . . . }, Mx23= . . . , etc.

[0089] In corresponding manner, mapping sets L of the invertible mappings C are formed for x2 according to

Lx21=c1(a1(s(x2),y1),c1(a1(s(x2),y2), . . . },

Lx22=c2(a2(s(x2),y1),c2(a2(s(x2),y2), . . . },

Lx23= . . . , etc.

[0090] The same method is carried out for all further possible values of x, thus x=x3, . . . , by incrementing the index i=3, . . . and respectively running through all possible y.

[0091] The mapping sets M of the affine mapping A and the mapping sets L of the invertible mappings c1, c2, . . . are summarized as follows.

M1={Mx11,Mx21,Mx31 . . . },M2={Mx12,Mx22,Mx32 . . . }, . . .

L1={Lx11,Lx21,Lx31 . . . },L2={Lx12,Lx22,Lx32 . . . }

[0092] Now it is checked whether the invertible mappings c1, c2, . . . meet the condition that they are path-preserving. It is checked for each function ci that the paths Mx1i, Mx2i, Mx3i . . . of the set Mi correspond to the paths Lx1i, Lx2i, Lx3i . . . of the set Li. If this is the case, ci meets the construction instruction. If the image set of a function ci disintegrates into other paths than the corresponding pre-image set, the construction instruction is thus not met and the function ci must be discarded.

[0093] When the processor device is put into operation and thereby the cryptographic algorithm is executed, e.g. within a software application, then the white-box-masked operations Ti are executed. By executing the white-box-masked operations Ti, in particular the DES-specific S-box operations are executed in hardened white-box-masked form. Because neither the S-boxes S nor the combined S-boxes T are implemented in the processor device in direct form, but merely the S-box operations white-box-masked to T according to the invention, attacks on the processor device are prevented or at least considerably impeded.

Glossary

[0094] S: computation step, in particular DES SBOX or eight DES S-boxes, in particular for standard representation of DES [0095] T: operation comprising computation step S, for alternative DES representation [0096] T: white-box-obfuscated computation step S, having S embedded in T where applicable [0097] x: input value in computation step S (or T) [0098] y: obfuscation value [0099] r: expanded right side of the input of a round [0100] k: key [0101] s: output value of S (e.g. S-box) [0102] w: output value of T(masked S) [0103] If S=DES S-box or eight DES S-boxes: [0104] x=r XOR k for standard representation of DES [0105] x=r for alternative representation of DES [0106] l=bits from left side of the bits at the DES round-entry(32 bit) [0107] r=bits from right side of the bits at the DES round-entry (32 bit) [0108] r=bits from expanded right side r at the DES round-entry (48 bit)

CITED PRIOR ART

[0109] [1] A Tutorial on White-box AES, James A. Muir, Cryptology ePrint Archive, Report 2013/104, eprint.iacr.org/2013/104 [0110] [2] DE 102014016548.5 (submitted on 10 Nov. 2014) [0111] [3] Differential Computation Analysis: Hiding your White-Box Designs is Not Enough, J. W. Bos, Ch. Hubain, W. Michiels, and Ph. Teuwen, eprint.iacr.org/2015/753, retrieved on 31 Jul. 2015

Hardened White Box Implementation 2

Assignee

Inventors

Cpc classification

Classification Explorer

G09C1/06

PHYSICS

Classification Explorer

G09C1/00

PHYSICS

Classification Explorer

G06F21/12

PHYSICS

Classification Explorer

H04L9/0618

ELECTRICITY

Classification Explorer

H04L2209/08

ELECTRICITY

Classification Explorer

H04L2209/16

ELECTRICITY

Classification Explorer

H04L2209/043

ELECTRICITY

Classification Explorer

H04L9/0822

ELECTRICITY

Classification Explorer

H04L9/0631

ELECTRICITY

Classification Explorer

H04L9/002

ELECTRICITY

Classification Explorer

G06F9/4403

PHYSICS

Classification Explorer

H04L9/0625

ELECTRICITY

International classification

Classification Explorer

G09C1/06

PHYSICS

Classification Explorer

G06F21/12

PHYSICS

Classification Explorer

G06F9/44

PHYSICS

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

H04L9/00

ELECTRICITY

Classification Explorer

H04L9/06

ELECTRICITY

Abstract

Claims

Description