chow

package
v0.0.0-...-b7fcb3c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2016 License: BSD-3-Clause Imports: 7 Imported by: 3

README

Chow's White-box AES Construction

Broadly, Chow's construction works by taking a normal AES key and converting the encryption algorithm into a series of table lookups. The table lookups are then randomized such that this randomness eventually cancels out and gives a correct AES encryption of a plaintext, without leaking the key. We can also modify the white-box key such that the function isn't exactly ct = AES(pt), but a masked or encoded function like ct' = Q(AES(P(pt))), where Q and P are randomly chosen affine transformations.

We start by generating a white-boxed key:

opts := common.IndependentMasks{common.RandomMask, common.RandomMask} // Random input and output masks.
constr, input, output := chow.GenerateEncryptionKeys(key, seed, opts) // key is the AES key, seed is the seed for the RNG.

which we can use to encrypt data, just like a normal cipher:

  constr.Encrypt(dst, src)

Chow's white-boxes are asymmetric, meaning you have to choose whether to generate encryption or decryption keys because encryption keys can't be used for decryption and vice versa. Above we showed encryption; decryption is similar:

opts := common.IndependentMasks{common.RandomMask, common.RandomMask}
constr, input, output := chow.GenerateDecryptionKeys(key, seed, opts)
...
constr.Decrypt(dst, src)

There are two types of mask: common.RandomMask and common.IdentityMask. RandomMask is a random linear transformation and IdentityMask is the identity transformation.

There are three types of ways to attach masks to the white-box: common.IndependentMasks, common.SameMasks, and common.MatchingMasks. IndependentMasks specifies and chooses the input and output masks independently of each other. SameMasks chooses a mask of the specified type and puts the same one on the input and output. MatchingMasks chooses a random mask for the input and puts the inverse mask on the output.

"White-Box Cryptography and an AES Implementation" by Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot, http://link.springer.com/chapter/10.1007%2F3-540-36492-7_17?LI=true

"A Tutorial on White-Box AES" by James A. Muir, https://eprint.iacr.org/2013/104.pdf

Documentation

Overview

Package chow implements Chow et al.'s white-box AES construction. There is an attack on this construction implemented in the cryptanalysis/chow package. See README.md for more detailed infomration.

"White-Box Cryptography and an AES Implementation" by Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot, http://link.springer.com/chapter/10.1007%2F3-540-36492-7_17?LI=true

"A Tutorial on White-Box AES" by James A. Muir, https://eprint.iacr.org/2013/104.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Construction 

type Construction struct {
	InputMask      [16]table.Block // [round]
	InputXORTables common.NibbleXORTables

	TBoxTyiTable [9][16]table.Word      // [round][position]
	HighXORTable [9][32][3]table.Nibble // [round][nibble-wise position][gate number]

	MBInverseTable [9][16]table.Word      // [round][position]
	LowXORTable    [9][32][3]table.Nibble // [round][nibble-wise position][gate number]

	TBoxOutputMask  [16]table.Block // [position]
	OutputXORTables common.NibbleXORTables
}

func GenerateDecryptionKeys 

func GenerateDecryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix)

GenerateDecryptionKeys creates a white-boxed version of AES with given key for decryption, with any non-determinism generated by seed. Opts specifies what type of input and output masks we put on the construction and should be in common.{IndependentMasks, SameMasks, MatchingMasks}.

func GenerateEncryptionKeys 

func GenerateEncryptionKeys(key, seed []byte, opts common.KeyGenerationOpts) (out Construction, inputMask, outputMask matrix.Matrix)

GenerateEncryptionKeys creates a white-boxed version of AES with given key for encryption, with any non-determinism generated by seed. Opts specifies what type of input and output masks we put on the construction and should be in common.{IndependentMasks, SameMasks, MatchingMasks}.

func Parse 

func Parse(in []byte) (constr Construction, err error)

Parse parses a byte array into a white-box construction. It returns an error if the byte array isn't long enough.

func (Construction) BlockSize 

func (constr Construction) BlockSize() int

BlockSize returns the block size of AES. (Necessary to implement cipher.Block.)

func (Construction) Decrypt 

func (constr Construction) Decrypt(dst, src []byte)

Decrypt decrypts the first block in src into dst. Dst and src may point at the same memory.

func (Construction) Encrypt 

func (constr Construction) Encrypt(dst, src []byte)

Encrypt encrypts the first block in src into dst. Dst and src may point at the same memory.

func (*Construction) ExpandWord 

func (constr *Construction) ExpandWord(tboxtyi []table.Word, word []byte) [4][4]byte

ExpandWord expands one word of the state matrix with the T-Boxes composed with Tyi Tables.

func (*Construction) Serialize 

func (constr *Construction) Serialize() []byte

Serialize serializes a white-box construction into a byte slice.

func (*Construction) SquashWords 

func (constr *Construction) SquashWords(xorTable [][3]table.Nibble, words [4][4]byte, dst []byte)

SquashWords squashes an expanded word back into one word with 3 pairwise XORs (calc'd one nibble at a time): 

(((a ^ b) ^ c) ^ d)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.