KR101971001B1 - A method of generating random number based on block cipher with whitebox encryption and apparatus thereof - Google Patents
A method of generating random number based on block cipher with whitebox encryption and apparatus thereof Download PDFInfo
- Publication number
- KR101971001B1 KR101971001B1 KR1020170115050A KR20170115050A KR101971001B1 KR 101971001 B1 KR101971001 B1 KR 101971001B1 KR 1020170115050 A KR1020170115050 A KR 1020170115050A KR 20170115050 A KR20170115050 A KR 20170115050A KR 101971001 B1 KR101971001 B1 KR 101971001B1
- Authority
- KR
- South Korea
- Prior art keywords
- operating state
- random number
- operation state
- block cipher
- state
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a technique for generating a random number based on a block cipher. The random number generation block cipher based on a block cipher applied with a white-box cipher is used to encode a variable used as a plain text in a cipher to generate a partially encoded internal state Updating an operating state through a first process of an internal update function that applies a lookup table generated based on a key included in an operating state to an externally encoded variable, and performing an XOR operation on the updated operating state and the input data And outputting the next operation state as a result calculated through the second process of the internal update function.
Description
The present invention relates to a random number generation technique, and more particularly, to a block password based random number generation method and apparatus using a white box cryptosystem which can protect an input used for generating a random number from an external attacker.
The use of random numbers is an essential element in the construction of cryptographic systems. If the random number generator can generate an ideal random number, the cryptosystem can be perfect. If the random number generator is vulnerable, the security system is more likely to be at risk. Randomness, unpredictability, and irreproducibility of the properties of random numbers can directly affect the security of cryptographic systems.
A deterministic random number generator means a device or algorithm for generating a random number by inputting to a deterministic algorithm. Here, a deterministic algorithm means an algorithm with the feature that the same output is always generated for the same input. The deterministic random number generator typically includes a block cipher-based random number generator, a hash function-based random number generator, and an HMAC-based random number generator. The block cipher based random number generator is a random number generator (CTR_DRBG) using the counter mode of the block cipher. The hash function-based random number generator is a random number generator (Hash_DRBG) using a hash function. The HMAC-based random number generator is a random number generator (HMAC_DRBG) using the HMAC algorithm.
FIG. 1 is a diagram for explaining an operation process of a block cipher-based random number generator.
In FIG. 1, the block cipher-based random number generator is composed of an initialization function, an output generation function, and an external update function. The initialization function determines the initial value of the operating state by using an entropy input or the like, and the output generating function outputs the random number by using the operating state and updates the operating state using the function. The external update function adds a new entropy (ENTROPY) to the operating state to prevent predictive attacks.
Here, the operating state means data used for random number generation. The initial state is determined by the initialization function and the value can be updated by the external update function and the output generation function. Entropy (ENTROPY) is a numerical representation of the amount of information the data has, which means disorder or randomness. The higher the entropy, the closer to random numbers.
The operational state of the block cipher-based random number generator includes a key, a variable (V), and a reseed_counter. The key and variable (V) in the operating state are input as keys and plaintext respectively for the underlying block cipher algorithm. Therefore, the length of the key is equal to the key length of the base block cipher algorithm, and the length of the variable (V) is equal to the block length of the base block cipher algorithm. The reseed_counter in the operating state is an integer used for comparison with the update period of the operating state, and indicates the number of times the output generating function is called.
Since the output of the random number generator is determined by the operating state, the operating state must be kept secret. Key length and block length can have various values according to the base block cipher algorithm.
White-box encryption technology is based on a white-box cryptographic mechanism that prevents an attacker from easily guessing a cryptographic key even if its internal behavior is exposed. This will be described in more detail with reference to FIG.
2 is a diagram for explaining the basic concept of white-box encryption.
In FIG. 2, the white-box encryption technique makes an algorithm a large look-up table and hides the encryption key in an obfuscation state with a software-implemented encryption algorithm, so that even if the attacker analyzes the internal operation, Avoid analogy. More specifically, the white box encryption technique internally performs encoding (Mi) and decoding (Mi) -1 on a separate table so that the intermediate value is not exposed, and as a result, The intermediate data and the key of the round operation can be safely hidden from the attacker.
Conventional white-box encryption technology has a disadvantage in that it requires a large amount of computation because the size of the table becomes excessively large in order to realize high security.
Korean Patent No. 10-1240243 (Feb. 23, 2013) discloses an encryption apparatus and method according to the CTR mode of AES. The encryption apparatus and method are divided into a target data block having a size of 128 bits by receiving a plaintext, The initialization vector is divided into four 4-byte states, and a first cipher text is generated by XORing the encrypted result using the first block of the divided target data block and the initialization vector And stores the states in which values are not changed in the calculation process of each round among the four divided states in the cache and refers to each block and cache for a plurality of blocks continuing to the first block, Generates a plurality of ciphertexts by XORing the result, and outputs the generated first ciphertext and a plurality of ciphertexts as an encryption result.
Korean Patent Laid-Open No. 10-2016-0012121 (2016.02.02) relates to a system and method for dynamic tuning of feedback control for a random number generator, comprising: a first circuit for generating values of a random sequence, The first circuit having an adjustable input that changes the entropy of the numbers of the random sequence; A second circuit receiving the values of the random sequence from the first circuit and generating an output indicative of the degree of entropy of the values of the random sequence; And a third circuit for adjusting the adjustable input of the first circuit in response to the output of the second circuit.
An embodiment of the present invention is to provide a method and apparatus for generating a random number based on a block cipher applied with a white box cipher which can protect an input used for generating a random number from an external attacker.
An embodiment of the present invention is to provide a method and apparatus for generating a random number based on a block cipher applied with a white box cryptosystem, which can improve efficiency by protecting only a part of an operating state with a white box cryptosystem.
Among the embodiments, a method of generating a random number based on a block cipher applied with a white box cryptosystem comprises the steps of: (a) outer encoding a variable used as a plain text in a block cipher to generate a partially encoded operating state; Updating an operating state through a first process of an internal update function that applies a lookup table generated based on a key included in the operating state to the externally encoded variable; and (c) And outputting the next operation state as a result calculated through the second process of the internal update function for XORing the data.
The step (a) may include performing the outer encoding based on an encoding table in which a plurality of encoding types are defined.
The step (a) may further include the step of dividing the externally encoded variable into sub-variables having n bits (where n is a natural number) bits (m is a natural number) bits.
The step (b) may include calculating the lookup table by performing an ARX (Addition, Rotation, XOR) operation on the key.
The step (b) may include generating the lookup table by n (where n is the number of partial variables) per single round.
The step (b) may include generating the n number of lookup tables through a key schedule using the keys included in the operation state.
The step (b) may perform the first process of the internal update function by applying the n lookup tables in parallel to the n partial variables, respectively.
The step (b) may perform the first process of the internal update function by combining n results concurrently performed for each of the n partial variables into one.
Among the embodiments, the block-cipher-based random number generation apparatus to which the white-box cipher is applied includes an operation state generation unit for outer-encoding a variable used as a plain text in the block cipher to generate a partially encoded operating state, An operation state update unit for updating an operation state through a first process of an internal update function for applying a lookup table generated based on a key included in the state to the externally encoded variable; And an operating state output unit for outputting the next operating state calculated through the second process of the internal updating function to be operated.
The disclosed technique may have the following effects. It is to be understood, however, that the scope of the disclosed technology is not to be construed as limited thereby, as it is not meant to imply that a particular embodiment should include all of the following effects or only the following effects.
A method and apparatus for generating a random number based on a block cipher applied with a white box cryptosystem according to an embodiment of the present invention can protect an input used for generating a random number from an external attacker.
The method and apparatus for generating a random number based on a block cipher with white-box cipher according to an embodiment of the present invention can improve efficiency by protecting only a part of the operation state with a white-box cipher.
FIG. 1 is a diagram for explaining an operation process of a block cipher-based random number generator.
2 is a diagram for explaining the basic concept of white-box encryption.
3 is a block diagram illustrating a configuration of an operation status update apparatus included in a random number generation apparatus to which a white-box password is applied according to an embodiment of the present invention.
FIG. 4 is a flowchart illustrating a process of updating the operating state by applying the white box password to the operating state updating apparatus of FIG.
5 is an exemplary diagram illustrating an internal update function of a standardized block cipher algorithm-based random number generator.
FIG. 6 is a flowchart illustrating an operation state output process performed by the operation state update apparatus included in the random number generation apparatus to which white-box encryption is applied according to an embodiment of the present invention.
The description of the present invention is merely an example for structural or functional explanation, and the scope of the present invention should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the present invention should be understood to include equivalents capable of realizing technical ideas. Also, the purpose or effect of the present invention should not be construed as limiting the scope of the present invention, since it does not mean that a specific embodiment should include all or only such effect.
Meanwhile, the meaning of the terms described in the present application should be understood as follows.
The terms " first ", " second ", and the like are intended to distinguish one element from another, and the scope of the right should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
It is to be understood that the singular " include " or " have " are to be construed as including the stated feature, number, step, operation, It is to be understood that the combination is intended to specify that it does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
In each step, the identification code (e.g., a, b, c, etc.) is used for convenience of explanation, the identification code does not describe the order of each step, Unless otherwise stated, it may occur differently from the stated order. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.
The present invention can be embodied as computer-readable code on a computer-readable recording medium, and the computer-readable recording medium includes all kinds of recording devices for storing data that can be read by a computer system . Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like, and also implemented in the form of a carrier wave (for example, transmission over the Internet) . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner.
All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used predefined terms should be interpreted to be consistent with the meanings in the context of the related art and can not be interpreted as having ideal or overly formal meaning unless explicitly defined in the present application.
3 is a block diagram illustrating a configuration of an operation status update apparatus included in a random number generation apparatus to which a white-box password is applied according to an embodiment of the present invention.
Referring to FIG. 3, an operation status update apparatus (hereinafter referred to as an operation status update apparatus) 300 to which a white box password is applied includes an operation
The random number generation device to which the white box password is applied may correspond to a computing device capable of generating a random number, and in one embodiment, may be implemented as a desktop, a tablet PC, a notebook or a smart phone. In one embodiment, the random number generation device to which the white-box cipher is applied may be implemented including the operation
The operating
The operating
In one embodiment, the operation
The operation
For example, if the block size of the externally encoded variable V is 40 bits, the variable V may be divided into 5 partial variables of 8 bits each, Counter mode can be operated.
The operation
Here, the internal update function is a function that generates an output state having an operation state and an input data as input, and having an operation value different from the existing state. The first step of the internal update function is a process of generating a new operation state value as a result of operating the counter mode of the block cipher using the key and the variable V included in the operation state. The new operating state value generated through the first process of the internal updating function may correspond to the middle value of the operating state.
Unlike the standardized CTR_DRBG, the variable V used in the first step can be protected by applying the white-box encryption technique. In the second step of the internal update function, the operation state generated through the first process is XORed with the input data to update the operating state finally.
In one embodiment, the operating
Here, a round refers to a process that is repeated for encryption and decryption, a round function represents a function necessary for performing encryption and decryption, and an operation state key represents encryption and decryption in a repeated round Lt; / RTI >
In one embodiment, the operating
In one embodiment, the operating
The key schedule means to generate a round key using a key included in the operating state. The operating
In one embodiment, the operating
In one embodiment, the operating
The operation
The operation
The output generation function can output a random number through three steps. The first step corresponds to the process of updating the operating state by inputting the input data to the internal update function. The first step is to update the operating state by using the input data. Therefore, even if the previous operation state is known to the external attacker, the operation state used to generate the actual random number can not be known unless the input data is exposed .
In one embodiment, the random number generation device including the operation
The second step corresponds to the process of generating the actual random number using the internal output generation function. The internal output generation function generates a random number by using the counter mode of the block cipher, so that it is possible to prevent an external attacker from predicting a random number when the operating state used for the random number generation is unknown.
The last step is to use the internal update function once again, so that the next output generation function must have a different operating state. Since the internal update function is a one-way function, the random number generator including the operation
FIG. 4 is a flowchart illustrating a process of updating the operating state by applying the white box password to the operating state updating apparatus of FIG.
Referring to FIG. 4, the operation
The operating
The operation
The random number generating device including the operation
5 is an exemplary diagram illustrating an internal update function of a standardized block cipher algorithm-based random number generator.
Referring to FIG. 5, the internal update function may correspond to an operation state including a key and a variable V, and a function for outputting an operation state by inputting input data. More specifically, the internal update function may perform a counter mode using the key of the operating state and the variable V, and may update the operating state by XORing the result of the counter mode and the input data. The internal update function can be used in the initialization function, the output generation function, and the external update function in the block cipher algorithm based random number generator.
In one embodiment, the operating
Since the input data is XORed with the operating state, its length must be equal to the length of the operating state. The length of the operating state is equal to the sum of the length of the key and the length of the variable (V). The operation
FIG. 6 is a flowchart illustrating an operation state output process performed by the operation state update apparatus included in the random number generation apparatus to which white-box encryption is applied according to an embodiment of the present invention.
6, the operating
Since the white box cipher is applied only to the variable V in the operating state, the random number generating device including the operating
The random number generation device including the operation
The operating
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the following claims It can be understood that
300: operating state updating device
Claims (9)
(b) updating an operating state through a first process of an internal update function that applies a lookup table generated based on a key included in the operating state to the externally encoded variable; And
(c) outputting a next operation state as a result calculated through a second process of the internal update function for performing an XOR operation on the updated operation state and the input data; generating a random number based on a block cipher applied with a white box cipher Way.
And performing the outer encoding based on an encoding table in which a plurality of encoding types are defined.
Further comprising the step of: dividing the externally encoded variable into a partial variable having n bits (where n is a natural number) bits of m (m is a natural number) bits. .
And performing an ARX (Addition, Rotation, XOR) operation on the key to calculate the lookup table.
And generating the lookup table by n (where n is the number of partial variables) per single round. The method of generating a random number based on a block cipher applied with a white box cryptosystem.
And generating the n number of lookup tables through a key schedule using a key included in the operation state.
And performing a first process of the internal update function by applying the n lookup tables in parallel to the n partial variables, respectively, to thereby generate a random number based on a block cipher applied with a white box cryptosystem .
And performing a first process of the internal update function by combining n results concurrently performed for each of the n partial variables into one, and generating a random number based on a block cipher applied with a white box cryptosystem Way.
An operating state updating unit for updating an operating state through a first process of an internal update function for applying a lookup table generated based on a key included in the operating state to the externally encoded variable; And
And an operation state output unit for outputting a next operation state calculated through a second process of the internal update function for XORing the updated operation state and the input data.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020170115050A KR101971001B1 (en) | 2017-09-08 | 2017-09-08 | A method of generating random number based on block cipher with whitebox encryption and apparatus thereof |
PCT/KR2018/010518 WO2019050343A1 (en) | 2017-09-08 | 2018-09-07 | Method and apparatus for generating random number on basis of block cipher to which white-box cryptography is applied |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020170115050A KR101971001B1 (en) | 2017-09-08 | 2017-09-08 | A method of generating random number based on block cipher with whitebox encryption and apparatus thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20190028066A KR20190028066A (en) | 2019-03-18 |
KR101971001B1 true KR101971001B1 (en) | 2019-04-22 |
Family
ID=65635048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020170115050A KR101971001B1 (en) | 2017-09-08 | 2017-09-08 | A method of generating random number based on block cipher with whitebox encryption and apparatus thereof |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101971001B1 (en) |
WO (1) | WO2019050343A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102319699B1 (en) * | 2019-08-02 | 2021-11-02 | 국민대학교산학협력단 | White box cryptographic encoding device and method using anti-inversion function |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101004269B1 (en) | 2005-08-24 | 2011-01-03 | 퀄컴 인코포레이티드 | Cryptographically secure pseudo-random number generator |
KR101623503B1 (en) | 2015-02-04 | 2016-05-23 | 국민대학교산학협력단 | Apparatus and method for white-box cryptography implementation of LEA block cipher |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101240243B1 (en) | 2011-05-26 | 2013-03-11 | 고려대학교 산학협력단 | Encryption apparatus and method according to CTR mode of AES(advanced encryption standard) |
KR20140049448A (en) * | 2012-10-16 | 2014-04-25 | 삼성전자주식회사 | Dram storing randomized data and operating method of the same |
KR20140132535A (en) * | 2013-05-08 | 2014-11-18 | 주식회사 큐램 | Method for parallel encoding and system thereof |
US9846568B2 (en) | 2013-05-23 | 2017-12-19 | Synopsys, Inc. | System and method for dynamic tuning feedback control for random number generator |
-
2017
- 2017-09-08 KR KR1020170115050A patent/KR101971001B1/en active IP Right Grant
-
2018
- 2018-09-07 WO PCT/KR2018/010518 patent/WO2019050343A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101004269B1 (en) | 2005-08-24 | 2011-01-03 | 퀄컴 인코포레이티드 | Cryptographically secure pseudo-random number generator |
KR101623503B1 (en) | 2015-02-04 | 2016-05-23 | 국민대학교산학협력단 | Apparatus and method for white-box cryptography implementation of LEA block cipher |
Also Published As
Publication number | Publication date |
---|---|
WO2019050343A1 (en) | 2019-03-14 |
KR20190028066A (en) | 2019-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9515818B2 (en) | Multi-block cryptographic operation | |
US11546135B2 (en) | Key sequence generation for cryptographic operations | |
US10333702B2 (en) | Updating key information | |
JP6406350B2 (en) | Cryptographic processing apparatus, cryptographic processing method, and program | |
JP7031580B2 (en) | Cryptographic device, encryption method, decryption device, and decryption method | |
US20060023875A1 (en) | Enhanced stream cipher combining function | |
KR20080080175A (en) | Method and system for usage of block cipher encryption | |
US9432181B2 (en) | Device, method, and program for format-preserving encryption, and device, method, and program for decryption | |
JP6415542B2 (en) | Electronic block cipher suitable for obfuscation | |
US9565018B2 (en) | Protecting cryptographic operations using conjugacy class functions | |
KR20070057797A (en) | Permutation data transformation to enhance security | |
US8675866B2 (en) | Multiplicative splits to protect cipher keys | |
JP6517436B2 (en) | Encryption device and encoding device | |
US11463235B2 (en) | Encryption device, encryption method, program, decryption device, and decryption method | |
JP2015191106A (en) | Encryption processing device, encryption processing method, and program | |
WO2018154623A1 (en) | Encryption device and decoding device | |
US20200160755A1 (en) | Encryption device, encryption method, decryption device, and decryption method | |
CN105184115A (en) | Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation | |
KR20170097509A (en) | Operation method based on white-box cryptography and security apparatus for performing the method | |
JP5273141B2 (en) | Block cipher with adjustment value, cipher generation method and recording medium | |
Yap et al. | On the effective subkey space of some image encryption algorithms using external key | |
KR102033351B1 (en) | Computer-executable lightweight white-box cryptographic method and apparatus thereof | |
WO2015146430A1 (en) | Encryption processing device, and encryption processing method and program | |
KR101971001B1 (en) | A method of generating random number based on block cipher with whitebox encryption and apparatus thereof | |
CN105281893A (en) | Method for introducing dependence of white-box implementation on a set of strings |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |