CN114337993B - White box SM4 encryption and decryption method and system applied to edge Internet of things proxy - Google Patents

White box SM4 encryption and decryption method and system applied to edge Internet of things proxy Download PDF

Info

Publication number
CN114337993B
CN114337993B CN202210251798.1A CN202210251798A CN114337993B CN 114337993 B CN114337993 B CN 114337993B CN 202210251798 A CN202210251798 A CN 202210251798A CN 114337993 B CN114337993 B CN 114337993B
Authority
CN
China
Prior art keywords
encryption
decryption
round
algorithm
pseudo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210251798.1A
Other languages
Chinese (zh)
Other versions
CN114337993A (en
Inventor
缪巍巍
曾锃
张瑞
包哲静
金超
韦小刚
张明轩
滕昌志
李世豪
张震
毕思博
赵华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
State Grid Electric Power Research Institute
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Zhejiang University ZJU
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
State Grid Electric Power Research Institute
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU, State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, State Grid Electric Power Research Institute, Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd filed Critical Zhejiang University ZJU
Priority to CN202210251798.1A priority Critical patent/CN114337993B/en
Publication of CN114337993A publication Critical patent/CN114337993A/en
Application granted granted Critical
Publication of CN114337993B publication Critical patent/CN114337993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a white box SM4 encryption and decryption method and system applied to edge Internet of things proxy, comprising the following steps: performing outer coding on input data by using an outer coding and decoding function; performing encryption and decryption calculation on the externally coded input data by using the edge Internet of things agent stored with the improved white box SM4 algorithm to obtain an encryption and decryption calculation result; carrying out external decoding on the encryption and decryption calculation result by utilizing an external coding and decoding function to obtain an encryption and decryption result; the processing procedure of the outer coding and decoding function comprises the following steps: determining random pseudo data to be added according to the number of the set pseudo states; adding random pseudo data into input data to perform affine transformation to complete external coding; and performing inverse affine transformation on the encryption and decryption calculation result to complete external decoding. The advantages are that: by introducing the pseudo state, the diversity and the ambiguity of the white box implementation are greatly improved, the improvement range in the safety is obviously higher, and the protection efficiency is obviously improved.

Description

White box SM4 encryption and decryption method and system applied to edge Internet of things proxy
Technical Field
The invention relates to a white box SM4 encryption and decryption method and system applied to edge Internet of things proxy, and belongs to the technical field of white box cryptography.
Background
The intelligent internet of things system is an important guarantee for safe and stable operation of the comprehensive energy system, and the marginal internet of things agent is used as a convergence access node of the internet of things terminal, so that the information safety of the intelligent internet of things system greatly influences the operation safety of the comprehensive energy system. Along with the construction of the intelligent internet of things system, the internet of things perception range is continuously extended, and along with the increasingly complex environment, the marginal internet of things agent is facing more and more outstanding security problems. Under the background of increasingly severe network security situation at home and abroad, the method has great significance for protecting information in edge internet of things (IOT), especially key information. Although the traditional hard key protection technology based on the security chip has high enough security, the traditional hard key protection technology has the defects of difficult upgrade maintenance, lack of expandability and flexibility, complex end point device management and the like. The soft key protection technology represented by the emerging white-box cryptographic technology can effectively reduce the hardware cost and facilitate upgrading and maintenance while ensuring the information security, so that the method is more suitable for being applied to massive electric power Internet of things sensing layer equipment.
With the rise of white-box attacks represented by reverse engineering, an attacker has the ability to access any internal information and data in a device CPU, a register, and a memory, and a conventional encryption and decryption algorithm implementation method does not have an effective countermeasure, which results in direct leakage of key information through the memory and other ways in a white-box attack environment. White-box cryptography can effectively solve this problem by hiding the key information in the obfuscated matrix and look-up table. The SM4 algorithm is one of the most widely used encryption and decryption algorithms in our country, and there are many different white-box implementations such as the showy scheme, the shangyu scheme, the white-wu scheme, and the WSISE algorithm.
With the continuous research, various attacks implemented on the baits SM4 have been proposed, such as the improved BGE attack designed by Linting. These attacks make use of mathematical methods to recover the key information hidden in the white-box SM4 implementation within a certain time complexity. In existing white-box implementations, a large part of them are not secure enough under these attacks, and the time required to obtain the key is less complex, such as the showy approach. Although some schemes achieve sufficient security, the memory occupation is obviously large, and the practicability on the marginal internet of things proxy with limited storage space is insufficient, such as a white-mart scheme. Therefore, it is highly desirable to design a novel white box SM4 implementation method, which greatly improves the security of the white box SM4 under the attack aiming at implementation of the white box SM4 on the premise of ensuring that the memory usage is small enough.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art, and provide a white box SM4 encryption and decryption method and system applied to edge Internet of things proxy, and by introducing a pseudo state, on the premise of ensuring the correctness of the encryption and decryption result and the enough small memory occupation, the diversity, the ambiguity and the attack resistance of the white box SM4 are greatly improved, so that the safety of the white box SM4 is improved.
In order to solve the technical problem, the invention provides a white box SM4 encryption and decryption method applied to an edge Internet of things proxy, which comprises the following steps:
acquiring input data;
externally encoding the input data by using a predetermined external encoding and decoding function;
performing encryption and decryption calculation on the externally coded input data by using an edge Internet of things agent which is pre-stored with an improved white box SM4 algorithm to obtain an encryption and decryption calculation result;
carrying out external decoding on the encryption and decryption calculation result by utilizing the external coding and decoding function to obtain an encryption and decryption result;
the process of the outer coding and decoding function comprises:
acquiring the preset number of pseudo states to be introduced, and determining random pseudo data to be added according to the number of the pseudo states;
adding random pseudo data into input data to perform affine transformation to complete external coding;
and carrying out inverse affine transformation on the encryption and decryption calculation result, and then deleting redundant random pseudo data to finish external decoding.
Further, the encrypting and decrypting calculation of the externally encoded input data by using the edge internet of things agent in which the improved white box SM4 algorithm is stored in advance to obtain an encrypting and decrypting calculation result includes:
Decomposing each round of encryption and decryption of an SM4 algorithm into three parts, wherein the first part is used for carrying out bitwise XOR operation on the last n-1 input values, the second part is used for carrying out round-adding key, nonlinear transformation and linear transformation operation after the output values of the first part are sequentially expanded, the third part is used for carrying out bitwise XOR operation on the output of the second part and the first input value to obtain the output value of the round, the n input values of the first round are input data after external coding, the first n-1 input values of each round are the last three input values of the previous round, and the fourth input value is the output value of the previous round; and calculating the output value of each round to obtain the output value of the last round, and taking the last three input values of the last round and the output value of the last round as the encryption and decryption calculation result.
Further, the construction of the improved white box SM4 algorithm comprises:
obtaining an SM4 algorithm;
expanding an original key of an SM4 algorithm into a round key, and introducing a pseudo key into the round key to obtain an expanded round key; then the nonlinear transformation in the SM4 algorithm is performed according to the number of the pseudo statesτAnd linear transformationLExpanding to obtain an improved SM4 algorithm;
the first part and the third part of the modified SM4 algorithm are represented in the form of a matrix and the second part is represented in the form of a look-up table, and the modified white-box SM4 algorithm is obtained by obfuscating the matrix and the look-up table using a random invertible affine-transformation as scrambling code.
Further, the expanding the original key of the SM4 algorithm into a round key includes:
the original key of the 128-bit SM4 algorithm is expanded into 1024-bit round keys by 32 rounds of iterative operations using a key expansion algorithm.
Further, the outer-coding the input data by using the predetermined outer-coding and decoding function includes:
and the input data is transmitted to the edge Internet of things agent after being subjected to external coding, encryption and decryption calculation is carried out by utilizing the stored matrix and the lookup table, and the output data is subjected to external decoding to obtain an encryption and decryption result.
Further, the acquiring a preset number of pseudo states to be introduced, and determining random pseudo data to be added according to the number of pseudo states includes:
determining the number of introduced pseudo states according to the memory size of the edge agentnIntermediate results for each 32 bits in the SM4 algorithmX i Adding 8 tonRandom dummy data of bits.
A white-box SM4 encryption and decryption system applied to an edge Internet of things agent comprises:
the acquisition module is used for acquiring input data;
an outer coding module for outer coding the input data by using a predetermined outer coding and decoding function;
The computing module is used for carrying out encryption and decryption computation on the externally coded input data by utilizing the edge Internet of things agent in which the improved white box SM4 algorithm is stored in advance to obtain an encryption and decryption computation result;
the external decoding module is used for carrying out external decoding on the encryption and decryption calculation result by utilizing the external coding and decoding function to obtain an encryption and decryption result;
the process of the outer coding and decoding function comprises:
acquiring the number of preset pseudo states to be introduced, and determining random pseudo data to be added according to the number of the pseudo states;
adding random pseudo data into input data to perform affine transformation to complete external coding;
and carrying out inverse affine transformation on the encryption and decryption calculation result, and then deleting redundant random pseudo data to finish external decoding.
Further, the computing module is configured to, based on the received information,
the device is used for decomposing each round of encryption and decryption of an SM4 algorithm into three parts, wherein the first part is used for carrying out bitwise XOR operation on the last n-1 input values, the second part is used for carrying out round key adding, nonlinear transformation and linear transformation operation after the output values of the first part are sequentially expanded, the third part is used for carrying out bitwise XOR operation on the output of the second part and the first input value to obtain the output value of the round, the n input values of the first round are input data after external coding, the first n-1 input values of each round are the last three input values of the previous round, and the fourth input value is the output value of the previous round; and calculating the output value of each round to obtain the output value of the last round, and taking the last three input values of the last round and the output value of the last round as the encryption and decryption calculation result.
Further, the calculation module comprises a construction unit,
for obtaining the SM4 algorithm; expanding an original key of an SM4 algorithm into a round key, and introducing a pseudo key into the round key to obtain an expanded round key; then the nonlinear transformation in the SM4 algorithm is performed according to the number of the pseudo statesτAnd linear transformationLExpanding to obtain an improved SM4 algorithm; the first part, the third part of the modified SM4 algorithm are represented in the form of a matrix and the second part is represented in the form of a look-up table, and the confusion of the matrix and the look-up table using a random invertible affine transformation as scrambling code results in the modified white-box SM4 algorithm.
Further, the building unit comprises a first extension unit,
for 32 rounds of iteration using the key expansion algorithm, the original key of the 128-bit SM4 algorithm is expanded into a 1024-bit round key.
Further, the outer encoding module may be configured to,
the system is used for transmitting input data to the edge Internet of things agent after external coding, performing encryption and decryption calculation by using a stored matrix and a lookup table, and obtaining an encryption and decryption result after the output data is subjected to external decoding.
Further, the acquiring a preset number of pseudo states to be introduced, and determining random pseudo data to be added according to the number of pseudo states includes:
Determining the number of introduced pseudo states according to the memory size of the edge agentnIntermediate results for each 32 bits in the SM4 algorithmX i Adding 8 tonRandom dummy data of bits.
The invention has the following beneficial effects:
1. by introducing the pseudo state, the diversity and the ambiguity of the white box implementation are greatly improved, and the time complexity for acquiring the key is greatly improved under the attack aiming at the white box SM4 based on the combination of BGE attack and a differential analysis method. Compared with the increase of the memory occupation, the invention has obviously higher promotion range on the safety and obviously promotes the protection efficiency.
2. The number of added dummy states is not unique, and the larger the number, the higher the security, but the memory footprint inevitably increases. The number of introduced pseudo states can be determined after a trade-off between security and memory usage is made according to actual needs. By the mode, the application range of the invention is greatly expanded, and the invention has practical value in different scenes.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
fig. 2 is a schematic diagram of a white box SM4 implementation that introduces a pseudo state per round;
fig. 3 is a flow chart of an encryption/decryption operation performed on an edge agent.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
As shown in fig. 1, a white-box SM4 encryption and decryption method applied to an edge internet of things proxy includes:
acquiring input data;
externally encoding the input data by using a predetermined external encoding and decoding function;
performing encryption and decryption calculation on the externally coded input data by using an edge Internet of things agent which is pre-stored with an improved white box SM4 algorithm to obtain an encryption and decryption calculation result;
carrying out external decoding on the encryption and decryption calculation result by utilizing the external coding and decoding function to obtain an encryption and decryption result;
the process of the outer coding and decoding function comprises:
acquiring the preset number of pseudo states to be introduced, and determining random pseudo data to be added according to the number of the pseudo states;
adding random pseudo data into input data to perform affine transformation to complete external coding;
and carrying out inverse affine transformation on the encryption and decryption calculation result, and then deleting redundant random pseudo data to finish external decoding.
The improved white-box SM4 algorithm comprises the following three steps:
Step A: expanding the original key of the SM4 algorithm into a round key;
determining the number of introduced pseudo states and determining the random pseudo data added in the intermediate result;
and B, step B: introducing pseudo key in round key to carry out nonlinear transformation on original algorithmτAnd linear transformationLThe expansion is carried out, and the introduced data, the expansion mode and the like need to be designed so as to ensure the correctness of the encryption and decryption result;
decomposing each round of SM4 encryption and decryption algorithm into three parts, wherein the first part is used for carrying out bitwise XOR operation on the last three input data, the second part is used for carrying out expanded round-adding key, nonlinear transformation and linear transformation operation on the output of the first part in sequence, and the third part is used for carrying out bitwise XOR operation on the output of the second part and the first input data;
expressing the first part and the third part in a matrix form, expressing the second part in a lookup table form, and adding random reversible affine transformation shown in FIG. 2 as scrambling codes to confuse the scrambling codes;
and C: encryption and decryption operations are performed on the edge internet of things agent by using the stored matrix and the lookup table through the flow shown in fig. 3.
Further, the step a includes:
The key expansion is realized by a key expansion algorithm which adopts a 32-round iteration structure and can convert a 128-bit original key into a 1024-bit round key. In the first round, data is inputK = [K 0, K 1, K 2, K 3]Is the original key and system parametersFKAnd carrying out bitwise XOR calculation to obtain a result. Wherein the first stepiAn input valueK i Is 32 bits in length, andFKhas a length of 128 bits, and is defined in detail in the cipher industry standard GM/T0002-. Each round of key expansion calculation can be represented by equations (1) and (2):
Figure 706005DEST_PATH_IMAGE001
the calculation results in the formula (1)K i+4I.e. the round key required by the encryption and decryption algorithmrk i . After the end of each round of the calculation,K i+1, K i+2, K i+3andK i+4will be output as input data for the next round. In the formula (1), the symbols
Figure 560829DEST_PATH_IMAGE002
Representing bitwise XOR operations, fixed parametersCK i From four fixed valuesck i,j The calculation process of the composition is shown as formulas (3) and (4):
Figure 340566DEST_PATH_IMAGE003
as shown in equation (2), transformT' is composed of two parts, in which the transformation is non-linearτFor four parallel S-box transforms, the following is defined:
Figure 922726DEST_PATH_IMAGE004
in the formula (I), the compound is shown in the specification,xrepresenting a random 32-bit data stream,x i the representation represents a random 8-bit data,xbyx i The components of the composition are as follows,τ(x) Presentation pairxPerforming a non-linear transformationτComputing, representing τIs composed of4 parallel S-box transforms.
And linear transformationLThe calculation procedure of' is shown in equation (7):
Figure 737098DEST_PATH_IMAGE005
in the formula (5), the reaction mixture is,x i is 8 bits in length, functionSbox(. cndot.) is defined in detail in standard GM/T0002-. Symbol < >jIndicating a shift left of a 32-bit data cyclejA bit.
The white-box implementation scheme provided by the invention improves self-security by introducing pseudo states, and the number of introduced pseudo statesnThe numerical values of indexes such as memory occupation, attack resistance and the like which are proposed and realized are directly determined, so that the numerical values need to be determined in advance according to actual needs.nThe larger the proposed implementation, the better the security performance, but at the same time the memory footprint will inevitably increase, certainlynThe value of (c) is subject to a trade-off between the two.
In the SM4 algorithm, the input and output data of each round are divided by 32 bitsX i And (4) showing. Due to the introduction of the pseudo-state,X i need to carry outA i Transform, realize adding extra random 8 a in the back of the datanOperation of bit-dummy data, for transformed dataX i ' means. This process can be represented by formulas (5) and (8).
Figure 559561DEST_PATH_IMAGE006
The added data needs to be determined in advance, the value of the added data does not affect the calculation result, but when the subsequent matrix and the lookup table are generated, the value of some parameters needs to be determined according to the value in order to ensure the correctness of the encryption and decryption result.
Further, the step B includes:
the encryption and decryption process of the SM4 algorithm also adopts a 32-round iteration structure, and encryption and decryption are carried outThe calculation process of the cipher algorithm is basically consistent, but the use sequence of the round keys is opposite. The 128-bit plaintext or ciphertext input may be represented asX = [X 0, X 1, X 2, X 3]Each round of encryption and decryption calculation can be expressed by equations (9) and (10). After the end of each round of the calculation,X i+1X i+2X i+3andX i+4will output as input for the next round.
Figure 764277DEST_PATH_IMAGE007
Whereinrk m Representing the round key generated in step a. When the calculation for the encryption is to be performed,m=i(ii) a When the calculation for decryption is to be performed,m=31-i. Transformation ofTConsisting of two parts, non-linear transformationτHas been defined in equation (6), and is linearly transformedLThe definition of (2) is shown in formula (11).
Figure 963177DEST_PATH_IMAGE008
After 32 rounds of iterative operations are finished, the reverse-order transformation shown in the formula (12) is executed, and finally, an encryption or decryption result is output.
Figure 445105DEST_PATH_IMAGE009
Based on the above encryption and decryption calculation processes, the specific generation manner of the matrix and the lookup table in each round is shown in fig. 2. WhereinP i Q i P i+4' andP i+4'' meanst=32+8×nReversible affine transformation with random bits, which can be equivalent to transposing in a finite fieldGF(2) Is upper and onet×tMatrix of bitsMMultiplication plus onetConstant of bitC. In thatGF(2) In (1), multiplication is equivalent to a bitwise and operation and addition is equivalent to a bitwise xor operation. To ensure that the mapping is bijective, i.e. to ensure the existence of its inverse mapping, the matrix MMust be inGF(2) Is reversible. The choice of affine transformations is significantly increased compared to the case where no pseudo-states are introduced. Transformation ofP i+4P i+4' andP i+4'' except for the constant partCC' andC'' different, the rest are identical, and the constant part satisfies
Figure 438469DEST_PATH_IMAGE010
E i Represents 4+nParallel 8-bit random reversible affine transformations as shown in formula (14)
Figure 130482DEST_PATH_IMAGE011
Wherein
Figure 867493DEST_PATH_IMAGE012
Transformation ofI k For scrambling the input of the second part, the transformation may be equivalent to onetThe square matrix of bits is multiplied. The square matrix is composed of 8 x 8 bit matrixI ij ij=0, 1, …, 3+ n), and in each row or column there is one and only oneI ij Is an 8-bit identity matrix, and the rest are 8 x 8-bit zero matrices. Transformation ofq i Is represented by onetThe constants of the bits being subjected to a bitwise XOR operation, the value of the constants being transformedA i AndA i+4and (4) determining. By introducing transformationsq i The result of each round of calculationP i+4(X i+4') corresponding transformationA i+4Can be in accordance with a predetermined value. The symbol in fig. 2 mayRepresented by formula (15):
Figure 82224DEST_PATH_IMAGE013
function(s)S ij Can be expressed as:
Figure 512068DEST_PATH_IMAGE014
in the second part, the input data is divided in units of 8 bits, and each part is called an input. Due to the introduction of the pseudo state, the number of inputs is increased from original 4 to 4+nOne, but still only 4 of them are needed for the encryption and decryption process, the rest are only added additionally for better obfuscation. For 4+ n8 bits ofrk ik Four of which are round keysrk i The rest are designed pseudo keys. Their specific location is composed ofI k And (6) determining. Incorporating predetermined transformations for obtaining correct encryption/decryption resultsA i Pseudo inputx k Need to satisfy the conditionsS ij (x k )=0。
Due to the introduction of the pseudo-state, the proposed implementation transforms the original linearLIs extended toLp. Transformation ofLpIs equivalent toGF(2) Matrix represented by the formula (17)LpMultiplication.
Figure 691377DEST_PATH_IMAGE015
LpIs onetA square matrix of bits whose constituent elements are 8-bitB 1B 2AndB 3specific values are described in the documents K.P. Bai, and C.K. Wu, "A secure white-box SM4 implementation," in Security and Communication Networks, vol.9, No. 10, pp. 996-.]Has the definition in (1). By passingTo linear transformationLpPseudo-key and transformationA i By careful design, the influence of the introduction of the dummy state on the encryption and decryption result can be completely eliminated, and the correctness of the proposed white-box implementation is ensured.
By applying a pseudo-key to the used pseudo-key in generating the matrix, the look-up table, the outer encoding and decoding functions,X i Introduced pseudo data and linear transformationLpAnd the influence of the introduction of the pseudo state on the encryption and decryption result can be effectively eliminated by designing, so that the calculation becomes more complicated, the safety is improved, and the correctness of white box realization can be ensured.
Based on each round of calculation of the SM4 algorithm, the function implemented by each part in fig. 2 can be determined. Wherein Part 1 is implementedX i+1X i+2AndX i+3performing bit-based XOR calculation on the three; the second part realizes the bitwise XOR calculation of the calculation result and the round key, and then the result is processedTA transformation operation; finally, the third section accomplishes the aboveTThe result of the transformation andX i is calculated by bitwise xor.
The first part and the third part can be stored in the form of a matrix because they are composed of only linear affine transformation and bitwise exclusive-or operation, but the second part contains non-linear S-box transformation and therefore needs to be converted into a look-up table for storage. In order to correctly represent the input-output correspondence of this part, for each possible input value, the look-up table needs to store its corresponding output value. Since the lengths of the input and output data in the second part are alltBit, if the second part of each round is stored as a look-up table, the table contains 2 t AntBit data, the memory occupancy is obviously too large, and the practicability of white-box implementation is seriously affected. Therefore, it needs to be handled. The calculation process of the second part can be simplified to that the input data is firstly carried out by 4+ nA parallel 8-bit non-linear transformationS ij (E ij (.)), and then is processed byI k -1Lpq i AndQ i affine transformation of the composition. The process can be simplified to 4+nEach comprises 28AntThe conversion process of the lookup table of bit data is as follows. Expressing the output after the non-linear transformation asZ = [Z 0, Z 1,…,Z n3+] T The value needs to be affine transformed, i.e. withtArray of bitsMMultiplication plus multiplicationtConstant of bitC. Let the elements of the matrix be 8-bit matricesM ij (i, j=0, 1,…,3+n) Constant of timeC = [C 0, C 1,…,C n3+] T . Therefore, forZ k Of 1 atkThe output of the +1 lookup table is expressed as [ ]M k0; M k1;…;M n k(3+)Z k T And only the first table needs to be additionally added with a constant when the result is outputC. Note that the above calculation processes are all in the finite fieldGF(2) The above process is carried out. By performing bitwise exclusive-or operation on the output of the lookup table, a result consistent with that when only one lookup table is stored can be obtained on the premise of not consuming excessive memory.
The generation of the matrix and the lookup table needs to be carried out in a credible environment; however, once generated, the key information can be stored on the edge internet of things agent, and even if the information of the key information is maliciously stolen by an attacker, the security of the key information can be well protected.
Further, the step C includes:
and storing the matrix and the lookup table generated in the step B on the edge internet of things agent, and then performing encryption and decryption operations as shown in FIG. 3. The input data needs to be externally encoded in a trusted environment first and then transmitted to the edge internet of things agent. The process of outer coding can be represented by equation (18):
Figure 966500DEST_PATH_IMAGE016
Wherein, transformingA i I.e. predetermined operations for adding dummy data in step A, transformingP i And used in step BP i The consistency is kept between the first and the second,X i representing input data that is not outer-coded,P i+3(A i+3(X i+3) Is the calculation result of the ith round. The above-described outer encoding process needs to be performed in a trusted environment to prevent it from being executedP i (A i (.)) is stolen by an attacker. Since the scrambling codes added by adjacent links are closely related, once againP i (A i (.)), an attacker may use this data to simplify the obfuscation of other links, which would greatly weaken the security of the white-box implementation. In addition, under the trusted environment, the safety of the plaintext or ciphertext information can be guaranteed.
And on the edge Internet of things agent, the stored matrix and the lookup table are used for encryption and decryption calculation. As described in step B, each round of calculation of the lookup table includes decoding the input information and encoding the output information, which ensures both correctness of the encryption and decryption results and confusion of the intermediate results of each round, thereby ensuring information security.
Finally, in order to obtain the final encryption and decryption result, the data after the inverse order transformation needs to be decoded externally in a trusted environment, which can be expressed by equation (19):
Figure 62501DEST_PATH_IMAGE017
(19)
Wherein
Figure 397668DEST_PATH_IMAGE018
Y 0 The result of the last round of calculation is shown,Y 1 Y 2 Y 3 the last three input data representing the last round,Y"represents data to be outer decoded, the data is composed ofY i The components are shown in a figure 3 in detail,Y i =P -i35 (A i35-(X i35-))。
through the steps, the encryption and decryption operation on the edge Internet of things agent can be realized on the premise of ensuring the security of the key information.
In order to better evaluate the safety and practicality of the proposed white-box implementation, several quantitative indicators will be applied in the following for comparative analysis of several different white-box SM4 implementations. Where memory footprint is used to gauge practicality and diversity, ambiguity, and time complexity required to obtain the key are used to gauge security.
The white box implementation scheme provided by the invention has the memory occupation of (9.25(4 +)n)2+ 0.1563(4+n) KB). A comparison of memory usage between different white-box SM4 implementations is shown in table 1. In the WSISE algorithm, 64,128 and 256 bits represent the number of bits of internal state expansion. In the present invention, 1,2,3 and 4 dummy states represent the number of dummy states introduced, and it is noted that the values are not limited in theory, and only four common cases are listed here.
Table 1: memory footprint comparison by different white-box SM4 implementations
Figure 798693DEST_PATH_IMAGE019
The white box implementation scheme provided by the invention has the advantages that the memory occupation is small enough, and the practicability can be ensured. To demonstrate the improvement in safety, the white-box diversity and the degree of ambiguity of each part of each round were calculated as shown in table 2. Wherein the function h(t) Is represented inGF(2) Above alltThe number of choices of bit reversible affine transformations is shown in equation (20).
Figure 877507DEST_PATH_IMAGE020
Table 2: diversity and ambiguity of the proposed white-box implementation
Figure 267163DEST_PATH_IMAGE021
By introducing the pseudo-states, the affine transformations used in the proposed implementation have a higher number of input-output bits and therefore also more options. The method greatly improves the diversity and the ambiguity of the implementation, and enables the device to have stronger anti-brute force attack capability. Since the structures of different implementations are different, it is difficult to uniformly compare their diversity with the ambiguity index. Since the scholar scheme is most similar in structure to the present invention, the two are compared here.
Table 3: comparison of the Shao-Lai protocol with the diversity and ambiguity of the present invention
Figure 960181DEST_PATH_IMAGE022
The above calculation results show that the key information is well hidden in the implementation, and an attacker is almost impossible to obtain the information in a brute force cracking mode. Furthermore, although the memory footprint of the present invention is increased, the diversity and ambiguity are significantly improved compared to the schottky approach.
The above-mentioned indexes are only used for analyzing violent attacks, and for attacks specifically implemented for white boxes, the measure of security is as follows. Among the many attack patterns targeting white-box implementation, the improved BGE attack designed for lingting is the most typical, see [ t.t. Lin, and x.j. Lai, "effective attack to white-box SMS4 implementation," in Journal of Software, vol.24, No. 9, pp. 2238-2249, sep.2013 ], which can recover the key implemented by the white-box SM4 within a certain time complexity by combining the BGE attack with methods such as differential analysis. The complexity of the time required for different schemes to steal the key is shown in table 4.
Table 4: comparison of time complexity between different schemes
Figure 910820DEST_PATH_IMAGE023
By comparing tables 1 and 4, it can be clearly seen that compared with other schemes, the time complexity required for stealing the key information of the present invention increases by a much larger extent than the memory occupation, which shows the improvement of defense efficiency.
The time required to obtain the key can be approximated by time complexity. In practical application, the matrix and the lookup table stored in the edge internet of things agent need to be replaced in advance according to the time so as to ensure the safety of the key information. And the longer time complexity means a longer replacement period, and the characteristics of wide application range and large quantity of the edge Internet of things agents are considered, so that the method has extremely important significance in engineering application.
Correspondingly, the invention also provides a white box SM4 encryption and decryption system applied to the edge Internet of things proxy, which comprises:
the acquisition module is used for acquiring input data;
an outer coding module for outer coding the input data by using a predetermined outer coding and decoding function;
the computing module is used for carrying out encryption and decryption computation on the externally coded input data by utilizing the edge internet of things agent which is stored with the improved white box SM4 algorithm in advance to obtain an encryption and decryption computation result;
The external decoding module is used for carrying out external decoding on the encryption and decryption calculation result by utilizing the external coding and decoding function to obtain an encryption and decryption result;
the process of the outer coding and decoding function comprises:
acquiring the number of preset pseudo states to be introduced, and determining random pseudo data to be added according to the number of the pseudo states;
adding random pseudo data into input data to perform affine transformation to complete external coding;
and carrying out inverse affine transformation on the encryption and decryption calculation result, and then deleting redundant random pseudo data to finish external decoding.
The calculation module is used for calculating the time difference of the data,
the device is used for decomposing each round of encryption and decryption of an SM4 algorithm into three parts, wherein the first part is used for carrying out bitwise XOR operation on the last n-1 input values, the second part is used for carrying out round key adding, nonlinear transformation and linear transformation operation after the output values of the first part are sequentially expanded, the third part is used for carrying out bitwise XOR operation on the output of the second part and the first input value to obtain the output value of the round, the n input values of the first round are input data after external coding, the first n-1 input values of each round are the last three input values of the previous round, and the fourth input value is the output value of the previous round; and calculating the output value of each round to obtain the output value of the last round, and taking the last three input values of the last round and the output value of the last round as the encryption and decryption calculation result.
The calculation module comprises a building unit that is,
for obtaining the SM4 algorithm; expanding an original key of an SM4 algorithm into a round key, and introducing a pseudo key into the round key to obtain an expanded round key; then the nonlinear transformation in the SM4 algorithm is performed according to the number of the pseudo statesτAnd linear transformationLExpanding to obtain an improved SM4 algorithm; the first part, the third part of the modified SM4 algorithm are represented in the form of a matrix and the second part is represented in the form of a look-up table, and the confusion of the matrix and the look-up table using a random invertible affine transformation as scrambling code results in the modified white-box SM4 algorithm.
The building unit comprises a first extension unit that,
for 32 rounds of iteration using the key expansion algorithm, the original key of the 128-bit SM4 algorithm is expanded into a 1024-bit round key.
The external coding module is used for coding the external code,
the system is used for transmitting input data to the edge Internet of things agent after external coding, performing encryption and decryption calculation by using a stored matrix and a lookup table, and obtaining an encryption and decryption result after the output data is subjected to external decoding.
The acquiring the preset number of the pseudo states to be introduced and determining the random pseudo data to be added according to the number of the pseudo states includes:
Determining the number of introduced pseudo states according to the memory size of the edge Internet of things agentnFor each 32-bit intermediate result in the SM4 algorithmX i Adding 8 powdernRandom dummy data of bits.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, it is possible to make various improvements and modifications without departing from the technical principle of the present invention, and those improvements and modifications should be considered as the protection scope of the present invention.

Claims (8)

1. A white-box SM4 encryption and decryption method applied to an edge Internet of things agent is characterized by comprising the following steps:
acquiring input data;
externally encoding the input data by using a predetermined external encoding and decoding function;
performing encryption and decryption calculation on the externally coded input data by using an edge Internet of things agent which is pre-stored with an improved white box SM4 algorithm to obtain an encryption and decryption calculation result;
carrying out external decoding on the encryption and decryption calculation result by utilizing the external coding and decoding function to obtain an encryption and decryption result;
the process of the outer coding and decoding function comprises:
acquiring the preset number of pseudo states to be introduced, and determining random pseudo data to be added according to the number of the pseudo states;
adding random pseudo data into input data to perform affine transformation to complete external coding;
performing inverse affine transformation on the encryption and decryption calculation result, and then deleting redundant random pseudo data to complete external decoding;
the method for performing encryption and decryption calculation on the externally encoded input data by using the edge internet of things agent in which the improved white box SM4 algorithm is stored in advance to obtain an encryption and decryption calculation result includes:
decomposing each round of encryption and decryption of an SM4 algorithm into three parts, wherein the first part is used for carrying out bitwise XOR operation on the last n-1 input values, the second part is used for carrying out round-adding key, nonlinear transformation and linear transformation operation after the output values of the first part are sequentially expanded, the third part is used for carrying out bitwise XOR operation on the output of the second part and the first input value to obtain the output value of the round, the n input values of the first round are input data after external coding, the first n-1 input values of each round are the last three input values of the previous round, and the fourth input value is the output value of the previous round; calculating the output value of each round to obtain the output value of the last round, and taking the last three input values of the last round and the output value of the last round as the calculation result of encryption and decryption;
The construction of the improved white-box SM4 algorithm comprises the following steps:
acquiring an SM4 algorithm;
expanding an original key of an SM4 algorithm into a round key, and introducing a pseudo key into the round key to obtain an expanded round key; then non-linear transformation in SM4 algorithm is performed according to the number of pseudo statesτAnd linear transformationLExpanding to obtain an improved SM4 algorithm;
the first part and the third part of the modified SM4 algorithm are represented in the form of a matrix and the second part is represented in the form of a look-up table, and the modified white-box SM4 algorithm is obtained by obfuscating the matrix and the look-up table using a random invertible affine-transformation as scrambling code.
2. The white-box SM4 encryption and decryption method applied to the edge Internet of things agent of claim 1, wherein the expanding the original key of the SM4 algorithm into a round key comprises:
the original key of the 128-bit SM4 algorithm is expanded into a 1024-bit round key using a key expansion algorithm for 32 rounds of iterative operations.
3. The white-box SM4 encryption and decryption method applied to the edge Internet of things agent of claim 1, wherein the outer coding of the input data by using the predetermined outer coding and decoding function comprises:
And the input data is transmitted to the edge Internet of things agent after being subjected to external coding, encryption and decryption calculation is carried out by utilizing the stored matrix and the lookup table, and the output data is subjected to external decoding to obtain an encryption and decryption result.
4. The white-box SM4 encryption and decryption method applied to the edge agent for things according to claim 1, wherein the acquiring a preset number of pseudo states to be introduced and determining random pseudo data to be added according to the number of pseudo states includes:
determining the number of introduced pseudo states according to the memory size of the edge agentnIntermediate results for each 32 bits in the SM4 algorithmX i Adding 8 tonRandom dummy data of bits.
5. A white-box SM4 encryption and decryption system applied to an edge Internet of things proxy is characterized by comprising:
the acquisition module is used for acquiring input data;
an outer coding module for outer coding the input data by using a predetermined outer coding and decoding function;
the computing module is used for carrying out encryption and decryption computation on the externally coded input data by utilizing the edge internet of things agent which is stored with the improved white box SM4 algorithm in advance to obtain an encryption and decryption computation result;
the external decoding module is used for carrying out external decoding on the encryption and decryption calculation result by utilizing the external coding and decoding function to obtain an encryption and decryption result;
The process of the outer coding and decoding function comprises:
acquiring the preset number of pseudo states to be introduced, and determining random pseudo data to be added according to the number of the pseudo states;
adding random pseudo data into input data to perform affine transformation to complete external coding;
performing inverse affine transformation on the encryption and decryption calculation result, and then deleting redundant random pseudo data to complete external decoding;
the calculation module is used for calculating the time difference between the current time and the current time,
the encryption and decryption device is used for decomposing each round of encryption and decryption of an SM4 algorithm into three parts, wherein the first part is used for carrying out bitwise XOR operation on the last n-1 input values, the second part is used for carrying out round key addition, nonlinear transformation and linear transformation operation after the output values of the first part are sequentially expanded, the third part is used for carrying out bitwise XOR operation on the output of the second part and the first input value to obtain the output value of the round, the n input values of the first round are input data after external coding, the first n-1 input values of each round are the last three input values of the previous round, and the fourth input value is the output value of the previous round; calculating the output value of each round to obtain the output value of the last round, and taking the last three input values of the last round and the output value of the last round as the calculation result of encryption and decryption;
The calculation module comprises a building unit that is,
for obtaining the SM4 algorithm; expanding an original key of an SM4 algorithm into a round key, and introducing a pseudo key into the round key to obtain an expanded round key; then the nonlinear transformation in the SM4 algorithm is performed according to the number of the pseudo statesτAnd linear transformationLExpanding to obtain an improved SM4 algorithm; the first part, the third part of the modified SM4 algorithm are represented in the form of a matrix and the second part is represented in the form of a look-up table, and the confusion of the matrix and the look-up table using a random invertible affine transformation as scrambling code results in the modified white-box SM4 algorithm.
6. The white-box SM4 encryption and decryption system applied to the edge agent of things according to claim 5, wherein the construction unit includes a first extension unit,
for 32 rounds of iterative operations using a key expansion algorithm to expand the original key of the 128-bit SM4 algorithm into 1024-bit round keys.
7. The white-box SM4 encryption and decryption system applied to the edge Internet of things agent of claim 5, wherein the outer coding module,
the system is used for transmitting input data to the edge Internet of things agent after external coding, performing encryption and decryption calculation by using a stored matrix and a lookup table, and obtaining an encryption and decryption result after external decoding of output data.
8. The white-box SM4 encryption and decryption system applied to the edge agent of things according to claim 5, wherein the obtaining a preset number of pseudo states to be introduced and determining the random pseudo data to be added according to the number of pseudo states comprises:
determining the number of introduced pseudo states according to the memory size of the edge agentnFor each 32-bit intermediate result in the SM4 algorithmX i Adding 8 tonRandom dummy data of bits.
CN202210251798.1A 2022-03-15 2022-03-15 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy Active CN114337993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210251798.1A CN114337993B (en) 2022-03-15 2022-03-15 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210251798.1A CN114337993B (en) 2022-03-15 2022-03-15 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy

Publications (2)

Publication Number Publication Date
CN114337993A CN114337993A (en) 2022-04-12
CN114337993B true CN114337993B (en) 2022-06-14

Family

ID=81033336

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210251798.1A Active CN114337993B (en) 2022-03-15 2022-03-15 White box SM4 encryption and decryption method and system applied to edge Internet of things proxy

Country Status (1)

Country Link
CN (1) CN114337993B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951273A (en) * 2019-05-08 2019-06-28 郑州信大捷安信息技术股份有限公司 A kind of SM4 algorithm whitepack implementation method and device
CN110278072A (en) * 2019-07-11 2019-09-24 北京电子科技学院 One kind 16 takes turns SM4-128/128 whitepack password implementation method
CN113824548A (en) * 2021-08-05 2021-12-21 国网江苏省电力有限公司信息通信分公司 Nonlinear white box SM4 implementation method applied to edge Internet of things proxy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951273A (en) * 2019-05-08 2019-06-28 郑州信大捷安信息技术股份有限公司 A kind of SM4 algorithm whitepack implementation method and device
CN110278072A (en) * 2019-07-11 2019-09-24 北京电子科技学院 One kind 16 takes turns SM4-128/128 whitepack password implementation method
CN113824548A (en) * 2021-08-05 2021-12-21 国网江苏省电力有限公司信息通信分公司 Nonlinear white box SM4 implementation method applied to edge Internet of things proxy

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A Nonlinear White-Box SM4 Implementation Applied to Edge IoT Agents;Chao Jin et al.;《5th IEEE Conference on Energy Internet and Energy System Integration》;20211025;全文 *
SM4算法的一种新型白盒实现;姚思等;《密码学报》;20200630;第7卷(第3期);全文 *
对两个SM4白盒方案的分析;潘文伦等;《密码学报》;20181231;第5卷(第6期);全文 *

Also Published As

Publication number Publication date
CN114337993A (en) 2022-04-12

Similar Documents

Publication Publication Date Title
Noura et al. A new efficient lightweight and secure image cipher scheme
CN113940028B (en) Method and device for realizing white box password
CN109450632B (en) Key recovery method based on white-box block cipher CLEFIA analysis
CN110071794B (en) AES algorithm-based information encryption method, system and related components
Mousa Data encryption performance based on Blowfish
CN113098675B (en) Binary data encryption system and method based on polynomial complete homomorphism
Bai et al. Protect white‐box AES to resist table composition attacks
Noura et al. Overview of efficient symmetric cryptography: dynamic vs static approaches
Achkoun et al. SPF-CA: A new cellular automata based block cipher using key-dependent S-boxes
Wang et al. Cryptanalysis of a white‐box SM4 implementation based on collision attack
CN116796345A (en) Encryption and decryption method, device, equipment and storage medium
CN113824548B (en) Nonlinear white box SM4 implementation method applied to edge internet of things proxy
CN116980194A (en) Safe and efficient data transmission method and system based on cloud edge end cooperation
CN114337993B (en) White box SM4 encryption and decryption method and system applied to edge Internet of things proxy
EP2363974A1 (en) Variable table masking for cryptographic processes
CN116192364A (en) AES white box encryption method for anti-side channel and related equipment
Sakallı et al. On the construction of 20× 20 and 24× 24 binary matrices with good implementation properties for lightweight block ciphers and hash functions
CN112507357B (en) Multi-stage interface design method based on key generator
CN114598444A (en) Audio encryption method based on SM4 and dynamic S box
CN114629619A (en) Video encryption method based on SM4 and dynamic S box
Alenezi et al. A Study of Z-Transform Based Encryption Algorithm
RU2188513C2 (en) Method for cryptographic conversion of l-bit digital-data input blocks into l-bit output blocks
Li et al. Improved meet‐in‐the‐middle attacks on reduced‐round Joltik‐BC
Jin et al. A lightweight nonlinear white-box sm4 implementation applied to edge iot agents
Shehab et al. An Image Encryption Technique based on DNA Encoding and Round-reduced AES Block Cipher

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant