Cryptography is increasingly deployed in applications running on open devices in which the software is extremely vulnerable to attacks, since the attacker has complete control over the execution platform and the software implementation itself. This creates a challenge for cryptography: designing implementations of cryptographic algorithms that are secure, not only in the black-box model, but also in this attack context that is referred to as the white-box adversary model. Moreover, emerging applications such as mobile payment, mobile contract signing or blockchain-based technologies have created a need for white-box implementations of public-key cryptography, and especially of signature algorithms. However, while many attempts were made to construct white-box implementations of block-ciphers, almost no white-box implementations have been published for what concerns asymmetric schemes. We present here the first white-box implementation technique of HFE signature primitives, for a specific set of internal polynomials. For instance our implementations of the signature primitive range from about 94 MB for security level \( \lambda = 80\) to 752 MB for \(\lambda = 128\) for variations of the \(C^{* \hat{+}-}\) primitive, and similar ranges for \(pC^{*-}\) . To motivate the study of the security of the techniques we use, we also propose a challenge implementation and the white-box compiler used to produce this implementation.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

White-Box Implementation Techniques for the HFE Family

  • Pierre Galissant,
  • Louis Goubin

摘要

Cryptography is increasingly deployed in applications running on open devices in which the software is extremely vulnerable to attacks, since the attacker has complete control over the execution platform and the software implementation itself. This creates a challenge for cryptography: designing implementations of cryptographic algorithms that are secure, not only in the black-box model, but also in this attack context that is referred to as the white-box adversary model. Moreover, emerging applications such as mobile payment, mobile contract signing or blockchain-based technologies have created a need for white-box implementations of public-key cryptography, and especially of signature algorithms. However, while many attempts were made to construct white-box implementations of block-ciphers, almost no white-box implementations have been published for what concerns asymmetric schemes. We present here the first white-box implementation technique of HFE signature primitives, for a specific set of internal polynomials. For instance our implementations of the signature primitive range from about 94 MB for security level \( \lambda = 80\) to 752 MB for \(\lambda = 128\) for variations of the \(C^{* \hat{+}-}\) primitive, and similar ranges for \(pC^{*-}\) . To motivate the study of the security of the techniques we use, we also propose a challenge implementation and the white-box compiler used to produce this implementation.