KR101971001B1 - A method of generating random number based on block cipher with whitebox encryption and apparatus thereof - Google Patents

A method of generating random number based on block cipher with whitebox encryption and apparatus thereof Download PDF

Info

Publication number
KR101971001B1
KR101971001B1 KR1020170115050A KR20170115050A KR101971001B1 KR 101971001 B1 KR101971001 B1 KR 101971001B1 KR 1020170115050 A KR1020170115050 A KR 1020170115050A KR 20170115050 A KR20170115050 A KR 20170115050A KR 101971001 B1 KR101971001 B1 KR 101971001B1
Authority
KR
South Korea
Prior art keywords
operating state
random number
operation state
block cipher
state
Prior art date
Application number
KR1020170115050A
Other languages
Korean (ko)
Other versions
KR20190028066A (en
Inventor
유동창
염용진
강주성
김예원
박호중
Original Assignee
국민대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 국민대학교산학협력단 filed Critical 국민대학교산학협력단
Priority to KR1020170115050A priority Critical patent/KR101971001B1/en
Priority to PCT/KR2018/010518 priority patent/WO2019050343A1/en
Publication of KR20190028066A publication Critical patent/KR20190028066A/en
Application granted granted Critical
Publication of KR101971001B1 publication Critical patent/KR101971001B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a technique for generating a random number based on a block cipher. The random number generation block cipher based on a block cipher applied with a white-box cipher is used to encode a variable used as a plain text in a cipher to generate a partially encoded internal state Updating an operating state through a first process of an internal update function that applies a lookup table generated based on a key included in an operating state to an externally encoded variable, and performing an XOR operation on the updated operating state and the input data And outputting the next operation state as a result calculated through the second process of the internal update function.

Description

FIELD OF THE INVENTION The present invention relates to a method and apparatus for generating a random number based on a block cipher with a white box cipher,

The present invention relates to a random number generation technique, and more particularly, to a block password based random number generation method and apparatus using a white box cryptosystem which can protect an input used for generating a random number from an external attacker.

The use of random numbers is an essential element in the construction of cryptographic systems. If the random number generator can generate an ideal random number, the cryptosystem can be perfect. If the random number generator is vulnerable, the security system is more likely to be at risk. Randomness, unpredictability, and irreproducibility of the properties of random numbers can directly affect the security of cryptographic systems.

A deterministic random number generator means a device or algorithm for generating a random number by inputting to a deterministic algorithm. Here, a deterministic algorithm means an algorithm with the feature that the same output is always generated for the same input. The deterministic random number generator typically includes a block cipher-based random number generator, a hash function-based random number generator, and an HMAC-based random number generator. The block cipher based random number generator is a random number generator (CTR_DRBG) using the counter mode of the block cipher. The hash function-based random number generator is a random number generator (Hash_DRBG) using a hash function. The HMAC-based random number generator is a random number generator (HMAC_DRBG) using the HMAC algorithm.

FIG. 1 is a diagram for explaining an operation process of a block cipher-based random number generator.

In FIG. 1, the block cipher-based random number generator is composed of an initialization function, an output generation function, and an external update function. The initialization function determines the initial value of the operating state by using an entropy input or the like, and the output generating function outputs the random number by using the operating state and updates the operating state using the function. The external update function adds a new entropy (ENTROPY) to the operating state to prevent predictive attacks.

Here, the operating state means data used for random number generation. The initial state is determined by the initialization function and the value can be updated by the external update function and the output generation function. Entropy (ENTROPY) is a numerical representation of the amount of information the data has, which means disorder or randomness. The higher the entropy, the closer to random numbers.

The operational state of the block cipher-based random number generator includes a key, a variable (V), and a reseed_counter. The key and variable (V) in the operating state are input as keys and plaintext respectively for the underlying block cipher algorithm. Therefore, the length of the key is equal to the key length of the base block cipher algorithm, and the length of the variable (V) is equal to the block length of the base block cipher algorithm. The reseed_counter in the operating state is an integer used for comparison with the update period of the operating state, and indicates the number of times the output generating function is called.

Since the output of the random number generator is determined by the operating state, the operating state must be kept secret. Key length and block length can have various values according to the base block cipher algorithm.

White-box encryption technology is based on a white-box cryptographic mechanism that prevents an attacker from easily guessing a cryptographic key even if its internal behavior is exposed. This will be described in more detail with reference to FIG.

2 is a diagram for explaining the basic concept of white-box encryption.

In FIG. 2, the white-box encryption technique makes an algorithm a large look-up table and hides the encryption key in an obfuscation state with a software-implemented encryption algorithm, so that even if the attacker analyzes the internal operation, Avoid analogy. More specifically, the white box encryption technique internally performs encoding (Mi) and decoding (Mi) -1 on a separate table so that the intermediate value is not exposed, and as a result, The intermediate data and the key of the round operation can be safely hidden from the attacker.

Conventional white-box encryption technology has a disadvantage in that it requires a large amount of computation because the size of the table becomes excessively large in order to realize high security.

Korean Patent No. 10-1240243 (Feb. 23, 2013) discloses an encryption apparatus and method according to the CTR mode of AES. The encryption apparatus and method are divided into a target data block having a size of 128 bits by receiving a plaintext, The initialization vector is divided into four 4-byte states, and a first cipher text is generated by XORing the encrypted result using the first block of the divided target data block and the initialization vector And stores the states in which values are not changed in the calculation process of each round among the four divided states in the cache and refers to each block and cache for a plurality of blocks continuing to the first block, Generates a plurality of ciphertexts by XORing the result, and outputs the generated first ciphertext and a plurality of ciphertexts as an encryption result.

Korean Patent Laid-Open No. 10-2016-0012121 (2016.02.02) relates to a system and method for dynamic tuning of feedback control for a random number generator, comprising: a first circuit for generating values of a random sequence, The first circuit having an adjustable input that changes the entropy of the numbers of the random sequence; A second circuit receiving the values of the random sequence from the first circuit and generating an output indicative of the degree of entropy of the values of the random sequence; And a third circuit for adjusting the adjustable input of the first circuit in response to the output of the second circuit.

Korean Patent No. 10-1240243 (Feb. Korean Patent Publication No. 10-2016-0012121 (2016.02.02)

An embodiment of the present invention is to provide a method and apparatus for generating a random number based on a block cipher applied with a white box cipher which can protect an input used for generating a random number from an external attacker.

An embodiment of the present invention is to provide a method and apparatus for generating a random number based on a block cipher applied with a white box cryptosystem, which can improve efficiency by protecting only a part of an operating state with a white box cryptosystem.

Among the embodiments, a method of generating a random number based on a block cipher applied with a white box cryptosystem comprises the steps of: (a) outer encoding a variable used as a plain text in a block cipher to generate a partially encoded operating state; Updating an operating state through a first process of an internal update function that applies a lookup table generated based on a key included in the operating state to the externally encoded variable; and (c) And outputting the next operation state as a result calculated through the second process of the internal update function for XORing the data.

The step (a) may include performing the outer encoding based on an encoding table in which a plurality of encoding types are defined.

The step (a) may further include the step of dividing the externally encoded variable into sub-variables having n bits (where n is a natural number) bits (m is a natural number) bits.

The step (b) may include calculating the lookup table by performing an ARX (Addition, Rotation, XOR) operation on the key.

The step (b) may include generating the lookup table by n (where n is the number of partial variables) per single round.

The step (b) may include generating the n number of lookup tables through a key schedule using the keys included in the operation state.

The step (b) may perform the first process of the internal update function by applying the n lookup tables in parallel to the n partial variables, respectively.

The step (b) may perform the first process of the internal update function by combining n results concurrently performed for each of the n partial variables into one.

Among the embodiments, the block-cipher-based random number generation apparatus to which the white-box cipher is applied includes an operation state generation unit for outer-encoding a variable used as a plain text in the block cipher to generate a partially encoded operating state, An operation state update unit for updating an operation state through a first process of an internal update function for applying a lookup table generated based on a key included in the state to the externally encoded variable; And an operating state output unit for outputting the next operating state calculated through the second process of the internal updating function to be operated.

The disclosed technique may have the following effects. It is to be understood, however, that the scope of the disclosed technology is not to be construed as limited thereby, as it is not meant to imply that a particular embodiment should include all of the following effects or only the following effects.

A method and apparatus for generating a random number based on a block cipher applied with a white box cryptosystem according to an embodiment of the present invention can protect an input used for generating a random number from an external attacker.

The method and apparatus for generating a random number based on a block cipher with white-box cipher according to an embodiment of the present invention can improve efficiency by protecting only a part of the operation state with a white-box cipher.

FIG. 1 is a diagram for explaining an operation process of a block cipher-based random number generator.
2 is a diagram for explaining the basic concept of white-box encryption.
3 is a block diagram illustrating a configuration of an operation status update apparatus included in a random number generation apparatus to which a white-box password is applied according to an embodiment of the present invention.
FIG. 4 is a flowchart illustrating a process of updating the operating state by applying the white box password to the operating state updating apparatus of FIG.
5 is an exemplary diagram illustrating an internal update function of a standardized block cipher algorithm-based random number generator.
FIG. 6 is a flowchart illustrating an operation state output process performed by the operation state update apparatus included in the random number generation apparatus to which white-box encryption is applied according to an embodiment of the present invention.

The description of the present invention is merely an example for structural or functional explanation, and the scope of the present invention should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the present invention should be understood to include equivalents capable of realizing technical ideas. Also, the purpose or effect of the present invention should not be construed as limiting the scope of the present invention, since it does not mean that a specific embodiment should include all or only such effect.

Meanwhile, the meaning of the terms described in the present application should be understood as follows.

The terms " first ", " second ", and the like are intended to distinguish one element from another, and the scope of the right should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

It is to be understood that the singular " include " or " have " are to be construed as including the stated feature, number, step, operation, It is to be understood that the combination is intended to specify that it does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

In each step, the identification code (e.g., a, b, c, etc.) is used for convenience of explanation, the identification code does not describe the order of each step, Unless otherwise stated, it may occur differently from the stated order. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.

The present invention can be embodied as computer-readable code on a computer-readable recording medium, and the computer-readable recording medium includes all kinds of recording devices for storing data that can be read by a computer system . Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like, and also implemented in the form of a carrier wave (for example, transmission over the Internet) . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner.

All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used predefined terms should be interpreted to be consistent with the meanings in the context of the related art and can not be interpreted as having ideal or overly formal meaning unless explicitly defined in the present application.

3 is a block diagram illustrating a configuration of an operation status update apparatus included in a random number generation apparatus to which a white-box password is applied according to an embodiment of the present invention.

Referring to FIG. 3, an operation status update apparatus (hereinafter referred to as an operation status update apparatus) 300 to which a white box password is applied includes an operation status generation unit 310, an operation status update unit 330, Lt; RTI ID = 0.0 > 350 < / RTI >

 The random number generation device to which the white box password is applied may correspond to a computing device capable of generating a random number, and in one embodiment, may be implemented as a desktop, a tablet PC, a notebook or a smart phone. In one embodiment, the random number generation device to which the white-box cipher is applied may be implemented including the operation state update device 300.

The operating state updating device 300 can update the operating state, which is one of the inputs used for random number generation. The operation state updating apparatus 300 can provide the effect of enhancing the security of the security system by protecting the operation state used for random number generation from the external attacker by applying the white box password.

The operating state generating unit 310 may generate a partially encoded operating state. More specifically, the operation state generation unit 310 may externally encode only the variable V among the key in the operating state and the variable V. The operation state generating unit 310 can reduce the amount of computation required to apply the white-box encryption by protecting only a part of the operation state.

In one embodiment, the operation state generation unit 310 may perform external encoding based on an encoding table in which a plurality of encoding types are defined. For example, the operation state generation unit 310 may perform external encoding by selectively applying a specific encoding type among a plurality of encoding types in the encoding table, and accordingly, various encoding methods So that safety can be further enhanced.

The operation state generation unit 310 may divide the externally encoded variable V into partial variables having n (n is a natural number) and m (m is a natural number) bits. In one embodiment, the operating state generator 310 may block the outer encoded variable V to have the same m-bit size to generate n partial variables.

For example, if the block size of the externally encoded variable V is 40 bits, the variable V may be divided into 5 partial variables of 8 bits each, Counter mode can be operated.

The operation state update unit 330 can update the operation state through the first process of the internal update function that applies the lookup table generated based on the key included in the operation state to the externally encoded variable V have. In one embodiment, the operating state update unit 330 may generate a lookup table using the round key generated by the key schedule using the key included in the operating state.

Here, the internal update function is a function that generates an output state having an operation state and an input data as input, and having an operation value different from the existing state. The first step of the internal update function is a process of generating a new operation state value as a result of operating the counter mode of the block cipher using the key and the variable V included in the operation state. The new operating state value generated through the first process of the internal updating function may correspond to the middle value of the operating state.

Unlike the standardized CTR_DRBG, the variable V used in the first step can be protected by applying the white-box encryption technique. In the second step of the internal update function, the operation state generated through the first process is XORed with the input data to update the operating state finally.

In one embodiment, the operating state update unit 330 may perform an arx (Addition, Rotation, XOR) operation on a key included in the operating state to generate a lookup table. More specifically, the operating state update unit 330 may be configured to include at least one of addition, rotation, and exclusive-OR (XOR) operations that are relatively easy to implement the round function F, Even if the size of the partial variable generated by dividing the variable V of the variable V is 8, the division operation can be performed in 4-bit units.

Here, a round refers to a process that is repeated for encryption and decryption, a round function represents a function necessary for performing encryption and decryption, and an operation state key represents encryption and decryption in a repeated round Lt; / RTI >

In one embodiment, the operating state update unit 330 may generate a lookup table per single round by n (n is the number of partial variables). More specifically, since the operation state update unit 330 operates the counter mode of the block cipher, it can perform white-box encryption for each partial variable in parallel and perform white-box encryption for each partial variable In case of using different n lookup tables, security can be enhanced.

In one embodiment, the operating state update unit 330 may generate n number of lookup tables through the key schedule using the keys included in the operating state. More specifically, the operation state update unit 330 can generate n round keys based on the key schedule based on the keys included in the operation state, and calculates n lookup tables based on n round keys Can be generated.

The key schedule means to generate a round key using a key included in the operating state. The operating state update unit 330 may generate a plurality of round keys by dividing a key included in the operating state through a key schedule, and may generate a plurality of extended keys based on a key included in the operating state, Lt; / RTI >

In one embodiment, the operating state update unit 330 may perform the first process of the internal update function by applying n lookup tables in parallel to n partial variables, respectively. More specifically, since the normalized CTR_DRBG can operate the count mode of the block cipher, the operation state update unit 330 generates n lookup tables and then applies the n number of partial variables in parallel, The value can be updated.

In one embodiment, the operating state update unit 330 may perform the first process of the inner update function by combining n results concurrently performed for n partial variables, respectively, into one. The operating state update unit 330 may generate one variable V by sequentially connecting n results. The length of the variable V included in the operating state is maintained before and after the first process of the internal update function.

The operation state output unit 350 may output the next operation state as a result calculated through the second operation process of the internal state update function for XORing the input data and the operation state updated by the operation state update unit 330. [ The condition for performing the XOR operation based on the operating state and the input data is that the operating state and the length of the input data must be the same. The operation state updating apparatus 300 can change the operation state value through the first process of the internal update function. However, in order to make the predictability of the external attacker difficult, it is necessary to XOR the operation state and the input data to add entropy Entropy) can be added.

The operation state output unit 350 can output an operation state having a new value and the random number generation apparatus to which the white box password is applied can generate a random number using the operation state updated by the operation state update apparatus 300 have. A random number generator with white box cryptography can output a random number using an output generation function.

The output generation function can output a random number through three steps. The first step corresponds to the process of updating the operating state by inputting the input data to the internal update function. The first step is to update the operating state by using the input data. Therefore, even if the previous operation state is known to the external attacker, the operation state used to generate the actual random number can not be known unless the input data is exposed .

In one embodiment, the random number generation device including the operation status update device 300 can generate a random number using an output generation function that does not use input data. If the output generation function does not use the input data, the output generation function can omit the first step since there is no data input separately.

The second step corresponds to the process of generating the actual random number using the internal output generation function. The internal output generation function generates a random number by using the counter mode of the block cipher, so that it is possible to prevent an external attacker from predicting a random number when the operating state used for the random number generation is unknown.

The last step is to use the internal update function once again, so that the next output generation function must have a different operating state. Since the internal update function is a one-way function, the random number generator including the operation state updating apparatus 300 can prevent the backward prediction attack through this process.

FIG. 4 is a flowchart illustrating a process of updating the operating state by applying the white box password to the operating state updating apparatus of FIG.

Referring to FIG. 4, the operation state updating apparatus 300 may generate the partially encoded operation state through the operation state generating unit 310 (step S410). More specifically, the operation state generation unit 310 may externally encode a variable (V) of an operating state used as a plain text in a block cipher to generate a partially encoded operating state.

The operating state updating apparatus 300 may update the operating state by performing a first process of the internal updating function through the operating state updating unit 330 (step S430). More specifically, the operation state update unit 330 may update the operation state by applying a lookup table generated based on the key included in the operation state to the externally encoded variable V. [

The operation state updating apparatus 300 may perform the second process of the internal update function through the operation state output unit 350 to output the next operation state (step S450). More specifically, the operation state output unit 350 can perform an XOR operation on the operation state updated by the operation state update unit 330 and the input data, and output the calculated result as the next operation state.

The random number generating device including the operation state updating device 300 can generate a random number using the operating state updated by the internal update function with the partially encoded operating state as an input. The random number generation device including the operation state update device 300 can use the operation state as an input to generate a random number and can improve the security by applying the white box cipher only to the variable V during the operation state . The random number generation device including the operation state update device 300 can apply the white box password only for the variable V that is part of the operation state in order to reduce the required amount of computation and increase the efficiency, have.

5 is an exemplary diagram illustrating an internal update function of a standardized block cipher algorithm-based random number generator.

Referring to FIG. 5, the internal update function may correspond to an operation state including a key and a variable V, and a function for outputting an operation state by inputting input data. More specifically, the internal update function may perform a counter mode using the key of the operating state and the variable V, and may update the operating state by XORing the result of the counter mode and the input data. The internal update function can be used in the initialization function, the output generation function, and the external update function in the block cipher algorithm based random number generator.

In one embodiment, the operating state update apparatus 300 may correspond to an apparatus performing the same function as the internal update function. More specifically, the random number generator may be implemented using an initialization function, an output generation function, and an external update function, and the initialization function, the output generation function, and the external update function may be implemented as separate independent devices each performing the same function . The initialization function, the output generation function, and the external update function may be implemented by including the internal update function internally, and the independent independent apparatuses performing the same function may be implemented by including the operation state update apparatus 300 internally, respectively .

Since the input data is XORed with the operating state, its length must be equal to the length of the operating state. The length of the operating state is equal to the sum of the length of the key and the length of the variable (V). The operation state updating apparatus 300 can improve the security of the random number generating apparatus by applying the white box password only for the variable V during the operation state and improve the efficiency by controlling the increase of the arithmetic amount due to the application of the white box password have.

FIG. 6 is a flowchart illustrating an operation state output process performed by the operation state update apparatus included in the random number generation apparatus to which white-box encryption is applied according to an embodiment of the present invention.

6, the operating state generating unit 310 of the operating state updating apparatus 300 generates a working state key used as an input in the internal updating function and an external variable Encoded to produce a partially encoded operating state.

Since the white box cipher is applied only to the variable V in the operating state, the random number generating device including the operating state updating device 300 can update only a part of the white box table to improve the efficiency.

The random number generation device including the operation status update device 300 can generate a lookup table using a key during operation. The random number generation device including the operation status update device 300 can protect the encoding included in the lookup table through obfuscation.

The operating state update apparatus 300 may apply a lookup table to the externally encoded variable V to generate an intermediate value of the operating state. The operating state updating device 300 can update the operating state by XORing the middle value of the operating state with the input data.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the following claims It can be understood that

300: operating state updating device

Claims (9)

(a) outer encoding a variable used as a plain text in a block cipher to generate a partially encoded operating state (Internal State);
(b) updating an operating state through a first process of an internal update function that applies a lookup table generated based on a key included in the operating state to the externally encoded variable; And
(c) outputting a next operation state as a result calculated through a second process of the internal update function for performing an XOR operation on the updated operation state and the input data; generating a random number based on a block cipher applied with a white box cipher Way.
The method of claim 1, wherein step (a)
And performing the outer encoding based on an encoding table in which a plurality of encoding types are defined.
3. The method of claim 2, wherein step (a)
Further comprising the step of: dividing the externally encoded variable into a partial variable having n bits (where n is a natural number) bits of m (m is a natural number) bits. .
2. The method of claim 1, wherein step (b)
And performing an ARX (Addition, Rotation, XOR) operation on the key to calculate the lookup table.
4. The method of claim 3, wherein step (b)
And generating the lookup table by n (where n is the number of partial variables) per single round. The method of generating a random number based on a block cipher applied with a white box cryptosystem.
6. The method of claim 5, wherein step (b)
And generating the n number of lookup tables through a key schedule using a key included in the operation state.
6. The method of claim 5, wherein step (b)
And performing a first process of the internal update function by applying the n lookup tables in parallel to the n partial variables, respectively, to thereby generate a random number based on a block cipher applied with a white box cryptosystem .
8. The method of claim 7, wherein step (b)
And performing a first process of the internal update function by combining n results concurrently performed for each of the n partial variables into one, and generating a random number based on a block cipher applied with a white box cryptosystem Way.
An operation state generation unit for outer encoding a variable used as a plain text in the block cipher to generate a partially encoded operating state (Internal State);
An operating state updating unit for updating an operating state through a first process of an internal update function for applying a lookup table generated based on a key included in the operating state to the externally encoded variable; And
And an operation state output unit for outputting a next operation state calculated through a second process of the internal update function for XORing the updated operation state and the input data.

KR1020170115050A 2017-09-08 2017-09-08 A method of generating random number based on block cipher with whitebox encryption and apparatus thereof KR101971001B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020170115050A KR101971001B1 (en) 2017-09-08 2017-09-08 A method of generating random number based on block cipher with whitebox encryption and apparatus thereof
PCT/KR2018/010518 WO2019050343A1 (en) 2017-09-08 2018-09-07 Method and apparatus for generating random number on basis of block cipher to which white-box cryptography is applied

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020170115050A KR101971001B1 (en) 2017-09-08 2017-09-08 A method of generating random number based on block cipher with whitebox encryption and apparatus thereof

Publications (2)

Publication Number Publication Date
KR20190028066A KR20190028066A (en) 2019-03-18
KR101971001B1 true KR101971001B1 (en) 2019-04-22

Family

ID=65635048

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020170115050A KR101971001B1 (en) 2017-09-08 2017-09-08 A method of generating random number based on block cipher with whitebox encryption and apparatus thereof

Country Status (2)

Country Link
KR (1) KR101971001B1 (en)
WO (1) WO2019050343A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102319699B1 (en) * 2019-08-02 2021-11-02 국민대학교산학협력단 White box cryptographic encoding device and method using anti-inversion function

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101004269B1 (en) 2005-08-24 2011-01-03 퀄컴 인코포레이티드 Cryptographically secure pseudo-random number generator
KR101623503B1 (en) 2015-02-04 2016-05-23 국민대학교산학협력단 Apparatus and method for white-box cryptography implementation of LEA block cipher

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101240243B1 (en) 2011-05-26 2013-03-11 고려대학교 산학협력단 Encryption apparatus and method according to CTR mode of AES(advanced encryption standard)
KR20140049448A (en) * 2012-10-16 2014-04-25 삼성전자주식회사 Dram storing randomized data and operating method of the same
KR20140132535A (en) * 2013-05-08 2014-11-18 주식회사 큐램 Method for parallel encoding and system thereof
US9846568B2 (en) 2013-05-23 2017-12-19 Synopsys, Inc. System and method for dynamic tuning feedback control for random number generator

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101004269B1 (en) 2005-08-24 2011-01-03 퀄컴 인코포레이티드 Cryptographically secure pseudo-random number generator
KR101623503B1 (en) 2015-02-04 2016-05-23 국민대학교산학협력단 Apparatus and method for white-box cryptography implementation of LEA block cipher

Also Published As

Publication number Publication date
WO2019050343A1 (en) 2019-03-14
KR20190028066A (en) 2019-03-18

Similar Documents

Publication Publication Date Title
US9515818B2 (en) Multi-block cryptographic operation
US11546135B2 (en) Key sequence generation for cryptographic operations
US10333702B2 (en) Updating key information
JP6406350B2 (en) Cryptographic processing apparatus, cryptographic processing method, and program
JP7031580B2 (en) Cryptographic device, encryption method, decryption device, and decryption method
US20060023875A1 (en) Enhanced stream cipher combining function
KR20080080175A (en) Method and system for usage of block cipher encryption
US9432181B2 (en) Device, method, and program for format-preserving encryption, and device, method, and program for decryption
JP6415542B2 (en) Electronic block cipher suitable for obfuscation
US9565018B2 (en) Protecting cryptographic operations using conjugacy class functions
KR20070057797A (en) Permutation data transformation to enhance security
US8675866B2 (en) Multiplicative splits to protect cipher keys
JP6517436B2 (en) Encryption device and encoding device
US11463235B2 (en) Encryption device, encryption method, program, decryption device, and decryption method
JP2015191106A (en) Encryption processing device, encryption processing method, and program
WO2018154623A1 (en) Encryption device and decoding device
US20200160755A1 (en) Encryption device, encryption method, decryption device, and decryption method
CN105184115A (en) Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation
KR20170097509A (en) Operation method based on white-box cryptography and security apparatus for performing the method
JP5273141B2 (en) Block cipher with adjustment value, cipher generation method and recording medium
Yap et al. On the effective subkey space of some image encryption algorithms using external key
KR102033351B1 (en) Computer-executable lightweight white-box cryptographic method and apparatus thereof
WO2015146430A1 (en) Encryption processing device, and encryption processing method and program
KR101971001B1 (en) A method of generating random number based on block cipher with whitebox encryption and apparatus thereof
CN105281893A (en) Method for introducing dependence of white-box implementation on a set of strings

Legal Events

Date Code Title Description
A201 Request for examination
E701 Decision to grant or registration of patent right
GRNT Written decision to grant