latincrypt2019.cryptojedi.org · 2019-10-17 · title: fast white-box implementations of dedicated...

Fast White-Box Implementationsof Dedicated Ciphers onthe ARMv8 Architecture

Felix Carvalho Rodrigues,H. Fujii, A. C. Serpa, G. Sider, R. Dahab, J. Lopez

October 3, 2019

Laboratory of Security and Cryptography,Institute of Computing,University of Campinas (Unicamp)

This research was partially supported by Samsung Eletronica da Amazonia Ltda., throughthe “White Box Cryptography” project, within the scope of the Informatics Law No. 8248/91.

This research was partially supported by Samsung Eletronica da Amazonia Ltda.,through the “White Box Cryptography” project, within the scope of the Informatics Law

No. 8248/91.

1

Index

Introduction

Dedicated Ciphers

SPACE

WEM

SPNbox

Implementation

Optimizing SPNbox

Results

2

Introduction

White-box threat model: direct access to environment

Black-Box:

• Access only toplaintexts andciphertexts

• No leakagefromimplementation

• No access toexecutingenvironment

3

White-box threat model: direct access to environment

Grey-Box (hardware side-channel):

• Some leakagefromimplementationavailable

• Timing analysis,Power analysis

• No (direct)access toexecutingenvironment

3

White-box threat model: direct access to environment

In a White-Box context, an attacker can:

• Access thememory

• Manipulate theexecution

• Analyze binarycode

3

White-box threat model: direct access to environment

(a) Black Box Model (b) Grey Box Model (c) White Box Model

Access to:◦ plaintext◦ ciphertext

Access to:◦ plaintext◦ ciphertext

◦ side channel

0101010111110101010000011101101110101010

Access to:◦ plaintext◦ ciphertext

◦ side channel

◦ executionenvironment

informationinformation

In a White-Box context, an attacker can:

• Access thememory

• Manipulate theexecution

• Analyze binarycode

How to protect against such powerful adversaries?

3

White-Box Cryptography: first attempts

White-Box Cryptography:

• Design and secure the implementations of cryptographicalgorithms running in untrusted environments

First attempt: standard block cipher (e.g., AES):

• Protect implementation through a network of lookup tables

• Several proposed implementations [Chow et al., 2003,Bringer et al., 2006, Xiao and Lai, 2009, Karroumi, 2011]

• Academic proposals mostly broken: [Billet et al., 2005,Goubin et al., 2007, Michiels et al., 2009, De Mulder et al., 2010,Lepoint et al., 2014, De Mulder et al., 2013]

• Some hope? CHES 2019 white-box challenge [WhibOx, 2019]had three implementations which are still unbroken!

4

White-Box Cryptography: first attempts

White-Box Cryptography:

• Design and secure the implementations of cryptographicalgorithms running in untrusted environments

First attempt: standard block cipher (e.g., AES):

• Protect implementation through a network of lookup tables

• Several proposed implementations [Chow et al., 2003,Bringer et al., 2006, Xiao and Lai, 2009, Karroumi, 2011]

• Academic proposals mostly broken: [Billet et al., 2005,Goubin et al., 2007, Michiels et al., 2009, De Mulder et al., 2010,Lepoint et al., 2014, De Mulder et al., 2013]

• Some hope? CHES 2019 white-box challenge [WhibOx, 2019]had three implementations which are still unbroken! BROKEN!

AES seems to be hard to protect in a white-box context...

4

Dedicated Ciphers

Dedicated White-Box Block Ciphers

Idea:

• Design a block cipher from the ground up to be “secure” in awhite-box context

Focus of currently proposed dedicated ciphers:

• Unbreakability• Protection against key extraction• Given access to a white-box implementation, the attacker must not

be able to extract the secret key embedded in the cipher

• Incompressibility

5

Dedicated White-Box Block Ciphers

Idea:

• Design a block cipher from the ground up to be “secure” in awhite-box context

Focus of currently proposed dedicated ciphers:

• Unbreakability• Incompressibility

• Mitigation against code lifting• Given full access to a white-box cipher implementation, the

attacker must not be able to produce a smaller implementation• Given “almost full” access to a white-box cipher implementation,

the attacker must not be able to encrypt or decrypt any messagewith a significant probability

5

Proposals considered in this work

Proposals:

• SPACE [Bogdanov and Isobe, 2015]

• SPNbox [Bogdanov et al., 2016a]

• WEM [Cho et al., 2017].

Parameters:

• nin: determines lookup table input size of ciphers:• SPACE-16 ≡ SPACE instantiated with nin = 16• We consider nin either 8 or 16 in this work

• R: number of rounds of cipher

No complete comparisons were made in relation to each other inprevious works!

6

SPACE Family of Ciphers

• Based on a Feistel Network

• In each round, the state isrotated left

• Number of rounds:• R = 128 for nin = 16• R = 300 for nin = 8

Example: single round of SPACE-167

SPACE-16: Feistel function

In the black-box:

• Extract 16 bits from state andconcatenate with zero vector

• Encrypt with AES and master key

• Discard 16 bits from output and returnthe remaining 112 bits

In the white-box:

• Extract 16 bits from state

• Encrypt with a lookup table of 16-to-112bits

For both: after result add round constant

8

White-box Even-Mansour ciphers

⇒Based on the Even-Mansourscheme:

• Keys are replaced byincompressible S-boxes

• Public permutation isdefined as 5 rounds ofAES with a zeroed key

• The proposed cipher uses12 rounds

9

WEM: S-box generation

To generate each m-to-m S-box:

• Generate long sequence ofpseudo-random bits fromsecret key k

• Generate sequenceT = (0, . . . ,2m)

• Shuffle T using the generatedpseudo-random bits from k

10

SPNbox Family of Ciphers

Algorithm:

• Substitution Layer (Snin ): dividestate into nin-bit blocks and run amini block cipher for each blockwith secret key

• Permutation Layer (θ): multiplystate by a matrix in GF (2nin)

• Affine Layer (σ): add roundconstant

• Repeat for 10 rounds

One round of SPNBox-16’souter cipher

11

SPNbox: small inner cipher

One round of SPNbox-32’sinner cipher • Smaller SPN guarantees the

substitution phase of its biggercounterpart

• Repurposes some AES operations:• SB uses SubBytes operation from

AES• MC uses the MixColumns operation

from AES• AK is a simple key addition

• Number of rounds depends on itssize nin

• In a white-box context, this innerSPN cipher becomes a lookup table

12

Implementation

ARMv8-A Architecture

• 32 SIMD/NEON 128-bit registers(NEON mode):

• each register can be interpreted as16 bytes, 8 halfwords, 4 words or 2doublewords

• Cortex-A75:• Two 8 stage NEON instruction

pipeline• One separate load/store pipeline for

NEON instructions

• Important NEON instructions: tbl/tbx,rev, ext;

13

Pipeline Vs Cache Optimization

Pipelined implementation (4-way):

14

Pipeline Vs Cache Optimization

Horizontal implementation (“all blocks”-way):

15

SPACE and WEM Implementation details

SPACE:

• Benefits from a pipelinedmemory access

• For a single block, only acouple of NEON operations:

• A couple of eor additions• A byte rotation with an ext

• Favors large pipelinedimplementations, less suitablefor H-way

• Pad lookup table for bettermemory alignment

WEM:

• Both horizontal andintercalated strategies havemerit

• For pipelined implementation,we separated the 16-to-16lookup tables as two 16-to-8tables:

• This allows for a lookuptable to fit into a L2 cacheon lower end hardware

• Use hardware cryptoextensions (AES functions)

16

SPNbox Optimizations

• Allows for greater optimization opportunities

• Four main implementations: One block, multiple blocks(transposed), lookup table multiplications and horizontal

• Main point for optimization: its matrix multiplication (θ layer)

17

Single Block: Permutations and Multiplications

• Let Ti(S) = S × i :• Multiplication of state S by a polynomial i

translates to a series of constant-timepolynomial additions and multiplications byx in GF(216):

sshr v2.8h,v0.8h, #15 // v0 is the state

shl v0.8h,v0.8h, #1 // v1 is the mask 0x002B

and v2.8h,v1.8h,v2.8h

eor v0.8h,v0.8h,v2.8h

• The result of R = M16×S can be written as:

R = T1(S)⊕ P1(T3(S))⊕ P2(T4(S))⊕ P3(T5(S))⊕

P4

(T6(S)⊕ P1(T8(S))⊕ P2(TB(S))⊕ P3(T7(S))

)

where

18

Transposing Multiple Blocks

By transposing blocks we can eliminate permutations:

The result Ri , for i from 0 to 7, can be seen as:

Ri = Tai,0(S′0)⊕ Tai,1(S

′1)⊕ Tai,2(S

′2)⊕ Tai,3(S

′3)⊕

Tai,4(S′4)⊕ Tai,5(S

′5)⊕ Tai,6(S

′6)⊕ Tai,7(S

′7),

19

SPNbox8: Constant-Time Vs Lookup Tables

Constant-Time:

• Use tbl operation to performconstant-time lookups

Apply masks 0x40, 0x80, 0xC0 into v1,v2,v3.Then:

tbl v0.16b, {v16.16b -- v19.16b}, v0.16b

tbl v1.16b, {v20.16b -- v23.16b}, v1.16b

tbl v2.16b, {v24.16b -- v27.16b}, v2.16b

tbl v3.16b, {v28.16b -- v31.16b}, v3.16b

Sum (eor) up v0,v1,v2,v3 to obtain final lookup

• Require lots of registers: 16for lookup table alone

• Use horizontal strategy toprevent register spill

• About two times slower thanbest implementation

Lookup θ layer (LUT):

• Similar to lookup tableimplementations of AES,decompose matrix intocolumn multiplications

• Store precomputedmultiplications into lookuptables, composed with γ layer

• Great when the lookup tablesfit into cache

• Can be adjusted based oncache size: permutations canreplace lookups

20

Results

Experimental Setup

CPUs:

Cortex-A57 Exynos7420 Cortex-A57 core clocked at 2100MHz,equipped with 2MiB of L2 cache shared across all A55cores (from a Samsung Galaxy S6)

Cortex-A75 SDM845 Cortex-A75 core clocked at 2803MHz,equipped with 256KiB of L2 cache for each core and2MiB of shared L3 cache (from a Samsung Galaxy S9)

• Used CTR mode of operation

• Average of 215 iterations for messages of 2KiB

• Used C code with NEON intrinsics, compiled with clang

21

Performance on different strategies

For SPNBox8 and 16 (Cortex-A75):

• Different nin leadsto difference inperformance ofstrategies

• LUT clearly betterfor SPNBox8

• 8-way strategyslightly better forSPNbox16

22

Performance comparison

Performance for Cortex A75 and A57:

23

SPNbox16 Analysis

Additional tests for SPNbox16:

• Use ECB to remove possibleinterference from CTR

• Make a version removing impactof cache misses

• Make “partial” ciphers:• ECB-Gamma: only the γ layer• ECB-Theta: both θ and σ

Found difference in measured times when compared to Bogdanov etal. implementation [Bogdanov et al., 2016b].

24

Conclusions

• First comparison of the three ciphers in the same hardware(ARMv8 Cortex-A75, A57, etc)

• While still far from hardware-aided AES implementations,dedicated ciphers can be competitive when considering softwareimplementations

• On a Cortex-A75:• Optimized AES in software ≈ 20 CPB• Best dedicated cipher (SPNBox) ≈ 30 CPB• Worst dedicated cipher (SPACE) ≈ 100 CPB

• Cache matters! Some ciphers presented better results in aCortex-A57 because of the different cache configurations

25

Thank you. Any questions?

Fast White-Box Implementationsof Dedicated Ciphers onthe ARMv8 Architecture

Felix Carvalho Rodrigues,H. Fujii, A. C. Serpa, G. Sider, R. Dahab, J. Lopez

October 3, 2019

Laboratory of Security and Cryptography,Institute of Computing,University of Campinas (Unicamp)

This research was partially supported by Samsung Eletronica da Amazonia Ltda., throughthe “White Box Cryptography” project, within the scope of the Informatics Law No. 8248/91.

26

References i

Billet, O., Gilbert, H., and Ech-Chatbi, C. (2005).Cryptanalysis of a white box aes implementation.In Handschuh, H. and Hasan, M. A., editors, Selected Areas inCryptography, pages 227–240, Berlin, Heidelberg. SpringerBerlin Heidelberg.

Bogdanov, A. and Isobe, T. (2015).White-box cryptography revisited: Space-hard ciphers.In Proceedings of the 22Nd ACM SIGSAC Conference onComputer and Communications Security, CCS ’15, pages1058–1069, New York, NY, USA. ACM.

27

References ii

Bogdanov, A., Isobe, T., and Tischhauser, E. (2016a).Towards practical whitebox cryptography: Optimizingefficiency and space hardness.In Cheon, J. H. and Takagi, T., editors, Advances in Cryptology –ASIACRYPT 2016, pages 126–158, Berlin, Heidelberg. SpringerBerlin Heidelberg.

Bogdanov, A., Isobe, T., and Tischhauser, E. (2016b).Towards practical whitebox cryptography: Optimizingefficiency and space hardness.In Cheon, J. H. and Takagi, T., editors, Advances in Cryptology –ASIACRYPT 2016, pages 126–158, Berlin, Heidelberg. SpringerBerlin Heidelberg.

28

References iii

Bringer, J., Chabanne, H., and Dottax, E. (2006).White box cryptography: Another attempt.Cryptology ePrint Archive, Report 2006/468.https://eprint.iacr.org/2006/468.

Cho, J., Choi, K. Y., Dinur, I., Dunkelman, O., Keller, N., Moon, D.,and Veidberg, A. (2017).Wem: A new family of white-box block ciphers based on theeven-mansour construction.In Handschuh, H., editor, Topics in Cryptology – CT-RSA 2017,pages 293–308, Cham. Springer International Publishing.

29

References iv

Chow, S., Eisen, P., Johnson, H., and Van Oorschot, P. C. (2003).White-box cryptography and an aes implementation.In Nyberg, K. and Heys, H., editors, Selected Areas inCryptography, pages 250–270, Berlin, Heidelberg. SpringerBerlin Heidelberg.

De Mulder, Y., Roelse, P., and Preneel, B. (2013).Cryptanalysis of the xiao – lai white-box aes implementation.

In Knudsen, L. R. and Wu, H., editors, Selected Areas inCryptography, pages 34–49, Berlin, Heidelberg. Springer BerlinHeidelberg.

30

References v

De Mulder, Y., Wyseur, B., and Preneel, B. (2010).Cryptanalysis of a perturbated white-box aesimplementation.In Gong, G. and Gupta, K. C., editors, Progress in Cryptology -INDOCRYPT 2010, pages 292–310, Berlin, Heidelberg. SpringerBerlin Heidelberg.

Goubin, L., Masereel, J.-M., and Quisquater, M. (2007).Cryptanalysis of white box des implementations.In Adams, C., Miri, A., and Wiener, M., editors, Selected Areas inCryptography, pages 278–295, Berlin, Heidelberg. SpringerBerlin Heidelberg.

31

References vi

Karroumi, M. (2011).Protecting white-box aes with dual ciphers.In Rhee, K.-H. and Nyang, D., editors, Information Security andCryptology - ICISC 2010, pages 278–291, Berlin, Heidelberg.Springer Berlin Heidelberg.

Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., and Preneel, B.(2014).Two attacks on a white-box aes implementation.In Lange, T., Lauter, K., and Lisonek, P., editors, Selected Areasin Cryptography – SAC 2013, pages 265–285, Berlin,Heidelberg. Springer Berlin Heidelberg.

32

References vii

Michiels, W., Gorissen, P., and Hollmann, H. D. L. (2009).Cryptanalysis of a generic class of white-boximplementations.In Avanzi, R. M., Keliher, L., and Sica, F., editors, Selected Areasin Cryptography, pages 414–428, Berlin, Heidelberg. SpringerBerlin Heidelberg.

WhibOx (2019).WhibOx Contest Edition 2.https://whibox.cyber-crypt.com/.Accessed: 2019-09-30.

Xiao, Y. and Lai, X. (2009).A secure implementation of white-box aes.In 2009 2nd International Conference on Computer Science andits Applications, pages 1–6.

33