US2020313850A1PendingUtilityA1

Method and apparatus for implementing a white-box cipher

51
Assignee: IRDETO CANADA CORPPriority: Mar 29, 2019Filed: Mar 29, 2019Published: Oct 1, 2020
Est. expiryMar 29, 2039(~12.7 yrs left)· nominal 20-yr term from priority
H04L 9/003G06F 16/9027H04L 2209/16G06F 16/9017H04L 63/1441H04L 9/0631H04L 9/0861
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
         1 . A method for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application, the method comprising:
 creating an implementation of a block cipher by:
 applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, including XOR, linear transformation and S-box; 
 decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; 
 in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; 
 applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; 
 applying further threshold implementations to different steps of the cipher to generate lookup tables; and 
   applying the block cipher to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.   
     
     
         2 . The method of  claim 1 , wherein the original finite field representation comprises an 8-bit element. 
     
     
         3 . The method of  claim 1 , wherein the composite field representation comprises two 4-bit elements. 
     
     
         4 . The method of  claim 1 , wherein the isomorphism is constructed from elements in GF(2 8 ) to the composite field GF (2 4 ) 2  for the S-box and the threshold implementation is applied to mask the inputs and outputs of the cipher. 
     
     
         5 . The method of  claim 1 , wherein the initial threshold implementation generates masks and extends outputs of the lookup tables to thereby obfuscate the S-box. 
     
     
         6 . The method of  claim 5 , wherein each mask is dependent on an earlier mask in an inverted tree structure. 
     
     
         7 . An apparatus for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application, the apparatus comprising:
 at least one hardware processor; and   at least one memory operatively coupled to the processor and storing instucitons thereon that, when executed by the at least one hardware processor, cause the at least one hardware processor to:   create an implementation of a block cipher by:
 applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, including XOR, linear transformation and S-box; 
 decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; 
 in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; 
 applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; 
 applying further threshold implementations to different steps of the cipher to generate lookup tables; and 
   applying the block cipher to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.   
     
     
         8 . The apparatus of  claim 7 , wherein the original finite field representation comprises an 8-bit element. 
     
     
         9 . The apparatus of  claim 7 , wherein the composite field representation comprises two 4-bit elements. 
     
     
         10 . The apparatus of  claim 7 , wherein the isomorphism is constructed from elements in GF(2 8 ) to the composite field GF (2 4 ) 2  for the S-box and the threshold implementation is applied to mask the inputs and outputs of the cipher. 
     
     
         11 . The apparatus of  claim 7 , wherein the initial threshold implementation generates masks and extends outputs of the lookup tables to thereby obfuscate the S-box. 
     
     
         12 . The apparatus of  claim 11 , wherein each mask is dependent on an earlier mask in an inverted tree structure. 
     
     
         13 . Non-transitory computer-readable media having instructions stored thereon which, when executed by a processor of a computing platform, cause the computing platform to carry out a method for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application, the method comprising:
 creating an implementation of a block cipher by:
 applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, including XOR, linear transformation and S-box; 
 decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; 
 in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; 
 applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; 
 applying further threshold implementations to different steps of the cipher to generate lookup tables; and 
   applying the block cipher to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.   
     
     
         14 . The method of  claim 13 , wherein the original finite field representation comprises an 8-bit element. 
     
     
         15 . The method of  claim 13 , wherein the composite field representation comprises two 4-bit elements. 
     
     
         16 . The method of  claim 13 , wherein the isomorphism is constructed from elements in GF(2 8 ) to the composite field GF (2 4 ) 2  for the S-box and the threshold implementation is applied to mask the inputs and outputs of the cipher. 
     
     
         17 . The method of  claim 13 , wherein the initial threshold implementation generates masks and extends outputs of the lookup tables to thereby obfuscate the S-box. 
     
     
         18 . The method of  claim 17 , wherein each mask is dependent on an earlier mask in an inverted tree structure.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.