Improved key-recovery attacks on reduced-round WEM-8
Proposed in CT-RSA’2017, WEM is a family of white-box block ciphers based on the Even-Mansour structure and AES. Due to its elegant structure and impressive performance, WEM is a prominent primitive in white-box cryptography-oriented scenarios like digital rights management (DRM) and mobile payment....
Gespeichert in:
| Veröffentlicht in: | Designs, codes, and cryptography codes, and cryptography, 2022-10, Vol.90 (10), p.2419-2448 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 2448 |
|---|---|
| container_issue | 10 |
| container_start_page | 2419 |
| container_title | Designs, codes, and cryptography |
| container_volume | 90 |
| creator | Liu, Jun Wang, Dachao Hu, Yupu Chen, Jie Wang, Baocang |
| description | Proposed in CT-RSA’2017, WEM is a family of white-box block ciphers based on the Even-Mansour structure and AES. Due to its elegant structure and impressive performance, WEM is a prominent primitive in white-box cryptography-oriented scenarios like digital rights management (DRM) and mobile payment. In this paper, we focus on the black-box key-recovery security of reduced-round WEM-8, one of the main instances in the WEM family, with the aim of gaining an intensive understanding of the security of WEM. Potential weaknesses of WEM-8 are explored, and a new approach to improving the efficiency of integral attacks is introduced, which constructs equations from the constant property, instead of the balance property. Aided by these observations, new competitive key-recovery attacks with lower time/data/memory complexity on reduced-round WEM-8 are proposed. In particular, the improved attack on 4-round WEM-8 requires only
2
8
adaptively chosen ciphertexts, whereas the current best attack has the data complexity of
2
40
chosen plaintexts. The results in this work show the effectiveness of the constant property in enhancing integral attacks and can inspire novel techniques in key-recovery attacks against other (white-box) block ciphers. |
| doi_str_mv | 10.1007/s10623-022-01089-1 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2715808873</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2715808873</sourcerecordid><originalsourceid>FETCH-LOGICAL-c200t-1f335618c46339b44d5f94786b44a2228f7e419f4853a4a00518b73ab999bea03</originalsourceid><addsrcrecordid>eNp9UMtOwzAQtBBIhMIPcIrE2bDrR2wfUVVopSIuII6W4ziIlibFTpD69xiCxI3TjrQzs7NDyCXCNQKom4RQMU6BMQoI2lA8IgVKxamSujomBRgmKeb9KTlLaQMAyIEVRKx2-9h_hqbchgONwWccD6UbBue3qey7MoZm9KGhsR-7pnxZPFB9Tk5a957Cxe-ckee7xdN8SdeP96v57Zp6BjBQbDmXFWovKs5NLUQjWyOUrjJ0jDHdqiDQtEJL7oQDkKhrxV1tjKmDAz4jV5NvjvgxhjTYTT_GLp-0TKHUoLXimcUmlo99SjG0dh_fdi4eLIL9bsdO7dj8vf1px2IW8UmUMrl7DfHP-h_VF1SLZKI</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2715808873</pqid></control><display><type>article</type><title>Improved key-recovery attacks on reduced-round WEM-8</title><source>SpringerLink Journals</source><creator>Liu, Jun ; Wang, Dachao ; Hu, Yupu ; Chen, Jie ; Wang, Baocang</creator><creatorcontrib>Liu, Jun ; Wang, Dachao ; Hu, Yupu ; Chen, Jie ; Wang, Baocang</creatorcontrib><description>Proposed in CT-RSA’2017, WEM is a family of white-box block ciphers based on the Even-Mansour structure and AES. Due to its elegant structure and impressive performance, WEM is a prominent primitive in white-box cryptography-oriented scenarios like digital rights management (DRM) and mobile payment. In this paper, we focus on the black-box key-recovery security of reduced-round WEM-8, one of the main instances in the WEM family, with the aim of gaining an intensive understanding of the security of WEM. Potential weaknesses of WEM-8 are explored, and a new approach to improving the efficiency of integral attacks is introduced, which constructs equations from the constant property, instead of the balance property. Aided by these observations, new competitive key-recovery attacks with lower time/data/memory complexity on reduced-round WEM-8 are proposed. In particular, the improved attack on 4-round WEM-8 requires only
2
8
adaptively chosen ciphertexts, whereas the current best attack has the data complexity of
2
40
chosen plaintexts. The results in this work show the effectiveness of the constant property in enhancing integral attacks and can inspire novel techniques in key-recovery attacks against other (white-box) block ciphers.</description><identifier>ISSN: 0925-1022</identifier><identifier>EISSN: 1573-7586</identifier><identifier>DOI: 10.1007/s10623-022-01089-1</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Algorithms ; Coding and Information Theory ; Complexity ; Computer Science ; Copy protection ; Cryptography ; Cryptology ; Digital rights management ; Discrete Mathematics in Computer Science ; Encryption ; Mobile commerce ; Security</subject><ispartof>Designs, codes, and cryptography, 2022-10, Vol.90 (10), p.2419-2448</ispartof><rights>The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022. Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c200t-1f335618c46339b44d5f94786b44a2228f7e419f4853a4a00518b73ab999bea03</cites><orcidid>0000-0002-4152-8923 ; 0000-0002-2554-4464 ; 0000-0002-7091-9616</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10623-022-01089-1$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10623-022-01089-1$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>Liu, Jun</creatorcontrib><creatorcontrib>Wang, Dachao</creatorcontrib><creatorcontrib>Hu, Yupu</creatorcontrib><creatorcontrib>Chen, Jie</creatorcontrib><creatorcontrib>Wang, Baocang</creatorcontrib><title>Improved key-recovery attacks on reduced-round WEM-8</title><title>Designs, codes, and cryptography</title><addtitle>Des. Codes Cryptogr</addtitle><description>Proposed in CT-RSA’2017, WEM is a family of white-box block ciphers based on the Even-Mansour structure and AES. Due to its elegant structure and impressive performance, WEM is a prominent primitive in white-box cryptography-oriented scenarios like digital rights management (DRM) and mobile payment. In this paper, we focus on the black-box key-recovery security of reduced-round WEM-8, one of the main instances in the WEM family, with the aim of gaining an intensive understanding of the security of WEM. Potential weaknesses of WEM-8 are explored, and a new approach to improving the efficiency of integral attacks is introduced, which constructs equations from the constant property, instead of the balance property. Aided by these observations, new competitive key-recovery attacks with lower time/data/memory complexity on reduced-round WEM-8 are proposed. In particular, the improved attack on 4-round WEM-8 requires only
2
8
adaptively chosen ciphertexts, whereas the current best attack has the data complexity of
2
40
chosen plaintexts. The results in this work show the effectiveness of the constant property in enhancing integral attacks and can inspire novel techniques in key-recovery attacks against other (white-box) block ciphers.</description><subject>Algorithms</subject><subject>Coding and Information Theory</subject><subject>Complexity</subject><subject>Computer Science</subject><subject>Copy protection</subject><subject>Cryptography</subject><subject>Cryptology</subject><subject>Digital rights management</subject><subject>Discrete Mathematics in Computer Science</subject><subject>Encryption</subject><subject>Mobile commerce</subject><subject>Security</subject><issn>0925-1022</issn><issn>1573-7586</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><recordid>eNp9UMtOwzAQtBBIhMIPcIrE2bDrR2wfUVVopSIuII6W4ziIlibFTpD69xiCxI3TjrQzs7NDyCXCNQKom4RQMU6BMQoI2lA8IgVKxamSujomBRgmKeb9KTlLaQMAyIEVRKx2-9h_hqbchgONwWccD6UbBue3qey7MoZm9KGhsR-7pnxZPFB9Tk5a957Cxe-ckee7xdN8SdeP96v57Zp6BjBQbDmXFWovKs5NLUQjWyOUrjJ0jDHdqiDQtEJL7oQDkKhrxV1tjKmDAz4jV5NvjvgxhjTYTT_GLp-0TKHUoLXimcUmlo99SjG0dh_fdi4eLIL9bsdO7dj8vf1px2IW8UmUMrl7DfHP-h_VF1SLZKI</recordid><startdate>20221001</startdate><enddate>20221001</enddate><creator>Liu, Jun</creator><creator>Wang, Dachao</creator><creator>Hu, Yupu</creator><creator>Chen, Jie</creator><creator>Wang, Baocang</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-4152-8923</orcidid><orcidid>https://orcid.org/0000-0002-2554-4464</orcidid><orcidid>https://orcid.org/0000-0002-7091-9616</orcidid></search><sort><creationdate>20221001</creationdate><title>Improved key-recovery attacks on reduced-round WEM-8</title><author>Liu, Jun ; Wang, Dachao ; Hu, Yupu ; Chen, Jie ; Wang, Baocang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c200t-1f335618c46339b44d5f94786b44a2228f7e419f4853a4a00518b73ab999bea03</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Algorithms</topic><topic>Coding and Information Theory</topic><topic>Complexity</topic><topic>Computer Science</topic><topic>Copy protection</topic><topic>Cryptography</topic><topic>Cryptology</topic><topic>Digital rights management</topic><topic>Discrete Mathematics in Computer Science</topic><topic>Encryption</topic><topic>Mobile commerce</topic><topic>Security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Liu, Jun</creatorcontrib><creatorcontrib>Wang, Dachao</creatorcontrib><creatorcontrib>Hu, Yupu</creatorcontrib><creatorcontrib>Chen, Jie</creatorcontrib><creatorcontrib>Wang, Baocang</creatorcontrib><collection>CrossRef</collection><jtitle>Designs, codes, and cryptography</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Liu, Jun</au><au>Wang, Dachao</au><au>Hu, Yupu</au><au>Chen, Jie</au><au>Wang, Baocang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Improved key-recovery attacks on reduced-round WEM-8</atitle><jtitle>Designs, codes, and cryptography</jtitle><stitle>Des. Codes Cryptogr</stitle><date>2022-10-01</date><risdate>2022</risdate><volume>90</volume><issue>10</issue><spage>2419</spage><epage>2448</epage><pages>2419-2448</pages><issn>0925-1022</issn><eissn>1573-7586</eissn><abstract>Proposed in CT-RSA’2017, WEM is a family of white-box block ciphers based on the Even-Mansour structure and AES. Due to its elegant structure and impressive performance, WEM is a prominent primitive in white-box cryptography-oriented scenarios like digital rights management (DRM) and mobile payment. In this paper, we focus on the black-box key-recovery security of reduced-round WEM-8, one of the main instances in the WEM family, with the aim of gaining an intensive understanding of the security of WEM. Potential weaknesses of WEM-8 are explored, and a new approach to improving the efficiency of integral attacks is introduced, which constructs equations from the constant property, instead of the balance property. Aided by these observations, new competitive key-recovery attacks with lower time/data/memory complexity on reduced-round WEM-8 are proposed. In particular, the improved attack on 4-round WEM-8 requires only
2
8
adaptively chosen ciphertexts, whereas the current best attack has the data complexity of
2
40
chosen plaintexts. The results in this work show the effectiveness of the constant property in enhancing integral attacks and can inspire novel techniques in key-recovery attacks against other (white-box) block ciphers.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s10623-022-01089-1</doi><tpages>30</tpages><orcidid>https://orcid.org/0000-0002-4152-8923</orcidid><orcidid>https://orcid.org/0000-0002-2554-4464</orcidid><orcidid>https://orcid.org/0000-0002-7091-9616</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0925-1022 |
| ispartof | Designs, codes, and cryptography, 2022-10, Vol.90 (10), p.2419-2448 |
| issn | 0925-1022 1573-7586 |
| language | eng |
| recordid | cdi_proquest_journals_2715808873 |
| source | SpringerLink Journals |
| subjects | Algorithms Coding and Information Theory Complexity Computer Science Copy protection Cryptography Cryptology Digital rights management Discrete Mathematics in Computer Science Encryption Mobile commerce Security |
| title | Improved key-recovery attacks on reduced-round WEM-8 |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T09%3A40%3A38IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Improved%20key-recovery%20attacks%20on%20reduced-round%20WEM-8&rft.jtitle=Designs,%20codes,%20and%20cryptography&rft.au=Liu,%20Jun&rft.date=2022-10-01&rft.volume=90&rft.issue=10&rft.spage=2419&rft.epage=2448&rft.pages=2419-2448&rft.issn=0925-1022&rft.eissn=1573-7586&rft_id=info:doi/10.1007/s10623-022-01089-1&rft_dat=%3Cproquest_cross%3E2715808873%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2715808873&rft_id=info:pmid/&rfr_iscdi=true |