{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T07:50:22Z","timestamp":1769586622116,"version":"3.49.0"},"reference-count":33,"publisher":"Oxford University Press (OUP)","issue":"5","license":[{"start":{"date-parts":[[2023,9,19]],"date-time":"2023-09-19T00:00:00Z","timestamp":1695081600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972018"],"award-info":[{"award-number":["61972018"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Guangxi Key Laboratory of Cryptography and Information Security","award":["GCIS202102"],"award-info":[{"award-number":["GCIS202102"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,6,22]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>The SM4 block cipher is a Chinese national standard and an ISO international standard. Since white-box cryptography has many real-life applications nowadays, a few white-box implementations of SM4 has been proposed, among which a type of constructions is dominated, which uses a linear or affine diagonal block encoding to protect the original three 32-bit branches entering a round function and uses its inverse as the input encoding to the S-box layer. In this paper, we analyse the security of this type of constructions against Lepoint et al.\u2019s collision-based attack method. Our experiment under a small fraction of (encodings, round key) combinations shows that the rank of the concerned linear system is much less than the number of the involved unknowns, meaning these white-box SM4 implementations should resist Lepoint et al.\u2019s method, but we leave it as an open problem whether there are such encodings that the rank of the corresponding linear system is slightly less than the number of the involved unknowns, in which scenario Lepoint et al.\u2019s method may be used to recover a round key for the case with linear encodings and to remove most white-box operations until mainly some Boolean masks for the case with affine encodings.<\/jats:p>","DOI":"10.1093\/comjnl\/bxad091","type":"journal-article","created":{"date-parts":[[2023,9,22]],"date-time":"2023-09-22T16:43:47Z","timestamp":1695401027000},"page":"1663-1673","source":"Crossref","is-referenced-by-count":3,"title":["Cryptanalysis Of A Type Of White-Box Implementations Of The SM4 Block Cipher"],"prefix":"10.1093","volume":"67","author":[{"given":"Jiqiang","family":"Lu","sequence":"first","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University , Beijing 100083 , China"},{"name":"Guangxi Key Laboratory of Cryptography and Information Security , Guilin 541004 , China"},{"name":"Hangzhou Innovation Institute, Beihang University , Hangzhou 310053 , China"}]},{"given":"Jingyu","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University , Beijing 100083 , China"}]},{"given":"Zexuan","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University , Beijing 100083 , China"}]},{"given":"Yanan","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Beihang University , Beijing 100083 , China"}]}],"member":"286","published-online":{"date-parts":[[2023,9,19]]},"reference":[{"key":"2024062312365405700_ref1","first-page":"250","article-title":"White-box cryptography and an AES implementation","volume-title":"Proceedings of SAC 2002","author":"Chow","year":"2003"},{"key":"2024062312365405700_ref2","volume-title":"Specification for the Advanced Encryption Standard (AES)","author":"FIPS PUB 197","year":"2001"},{"key":"2024062312365405700_ref3","first-page":"227","article-title":"Cryptanalysis of a white box AES implementation","volume-title":"Proceedings of SAC 2004","author":"Billet","year":"2004"},{"key":"2024062312365405700_ref4","first-page":"265","article-title":"Two attacks on a white-box AES implementation","volume-title":"Proceedings of SAC 2013","author":"Lepoint","year":"2014"},{"key":"2024062312365405700_ref5","first-page":"68","article-title":"Improved cryptanalysis of an AES implementation","volume-title":"Proceedings of The 33rd WIC Symposium on Information Theory in the Benelux","author":"Tolhuizen","year":"2012"},{"key":"2024062312365405700_ref6","first-page":"468","article-title":"White box cryptography: another attempt","author":"Bringer","year":"2006","journal-title":"IACR Cryptology ePrint Archive"},{"key":"2024062312365405700_ref7","first-page":"1","article-title":"A secure implementation of white-box AES","volume-title":"Proceedings of CSA 2009","author":"Xiao","year":"2009"},{"key":"2024062312365405700_ref8","first-page":"278","article-title":"Protecting white-box AES with dual ciphers","volume-title":"Proceedings of ICISC 2010","author":"Karroumi","year":"2011"},{"key":"2024062312365405700_ref9","first-page":"423","article-title":"A new attempt of white-box AES implementation","volume-title":"Proceedings of SPAC 2014","author":"Luo","year":"2014"},{"key":"2024062312365405700_ref10","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1109\/JCN.2016.000043","article-title":"White-box AES implementation revisited","volume":"18","author":"Baek","year":"2016","journal-title":"J. Commun. Netw."},{"key":"2024062312365405700_ref11","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1049\/iet-ifs.2017.0046","article-title":"Protect white-box AES to resist table composition attacks","volume":"12","author":"Bai","year":"2018","journal-title":"IET Inf. Secur."},{"key":"2024062312365405700_ref12","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1007\/978-3-642-17401-8_21","article-title":"Cryptanalysis of a perturbated white-box AES implementation","volume-title":"Proceedings of INDOCRYPT 2010","author":"De Mulder","year":"2010"},{"key":"2024062312365405700_ref13","first-page":"34","article-title":"Cryptanalysis of the Xiao-Lai white-box AES implementation","volume-title":"Proceedings of SAC 2012","author":"De Mulder","year":"2013"},{"key":"2024062312365405700_ref14","doi-asserted-by":"crossref","first-page":"121","DOI":"10.46586\/tches.v2018.i3.121-149","article-title":"On recovering affine encodings in white-box implementations","volume":"2018","author":"Derbez","year":"2018","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"2024062312365405700_ref15","article-title":"(to appear) Collision-based attacks on white-box implementations of the AES block cipher","volume-title":"Proceedings of SAC 2022","author":"Lu"},{"key":"2024062312365405700_ref16","volume-title":"The SMS4 cryptographic algorithm used in WLAN products (in Chinese)","author":"SMS4","year":"2006"},{"key":"2024062312365405700_ref17","volume-title":"Information Security Technology \u2014 SM4 Block Cipher Algorithm","author":"GB\/T 32907-2016","year":"2016"},{"key":"2024062312365405700_ref18","volume-title":"Information technology \u2014 Security techniques \u2014 Encryption algorithms \u2014 Part 3: Block ciphers \u2014 Amendment 1: SM4","author":"ISO\/IEC 18033-3:2010\/AMD1:2021","year":"2021"},{"key":"2024062312365405700_ref19","first-page":"24","article-title":"White-box cryptography and a SMS4 implementation","volume-title":"Proceedings of the 2009 Annual Conference of the Chinese Association of Cryptologic Research","author":"Xiao","year":"2009"},{"key":"2024062312365405700_ref20","doi-asserted-by":"crossref","first-page":"2238","DOI":"10.3724\/SP.J.1001.2013.04356","article-title":"Efficient attack to white-box SMS4 implementation","volume":"24","author":"Lin","year":"2013","journal-title":"J. Softw."},{"key":"2024062312365405700_ref21","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4613-9314-6","volume-title":"Differential cryptanalysis of the Data Encryption Standard","author":"Biham","year":"1993"},{"key":"2024062312365405700_ref22","doi-asserted-by":"crossref","first-page":"11928","DOI":"10.3390\/s150511928","article-title":"A lightweight white-box symmetric encryption algorithm against node capture for WSNs","volume":"15","author":"Shi","year":"2015","journal-title":"Sensors"},{"key":"2024062312365405700_ref23","doi-asserted-by":"crossref","first-page":"160","DOI":"10.1007\/3-540-36178-2_10","article-title":"In how many ways can you write Rijndael","volume-title":"Proceedings of ASIACRYPT 2002","author":"Barkan","year":"2002"},{"key":"2024062312365405700_ref24","volume-title":"White-box cryptography algorithm design and implementation of SMS4","author":"Shang","year":"2016"},{"key":"2024062312365405700_ref25","doi-asserted-by":"crossref","first-page":"996","DOI":"10.1002\/sec.1394","article-title":"A secure white-box SM4 implementation","volume":"9","author":"Bai","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"2024062312365405700_ref26","first-page":"651","article-title":"Cryptanalysis of two white-box SM4 implementations","volume":"2018","author":"Pan","year":"2018","journal-title":"J. Cryptologic Res."},{"key":"2024062312365405700_ref27","doi-asserted-by":"crossref","first-page":"1783","DOI":"10.1093\/comjnl\/bxy068","article-title":"Security evaluation and improvement of a white-box SMS4 implementation based on affine equivalence algorithm","volume":"61","author":"Lin","year":"2018","journal-title":"Comput. J."},{"key":"2024062312365405700_ref28","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1007\/3-540-39200-9_3","article-title":"A toolbox for cryptanalysis: linear and affine equivalence algorithms","volume-title":"Proceedings of EUROCRYPT 2003","author":"Biryukov","year":"2003"},{"key":"2024062312365405700_ref29","first-page":"358","article-title":"A new method for white-box implementation of SM4 algorithm","volume":"2020","author":"Yao","year":"2020","journal-title":"J. Cryptologic Res."},{"key":"2024062312365405700_ref30","volume-title":"Security analysis of lightweight white-box cryptography","author":"Wang","year":"2021"},{"key":"2024062312365405700_ref31","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1049\/ise2.12045","article-title":"Cryptanalysis of a white-box SM4 implementation based on collision attack","volume":"16","author":"Wang","year":"2022","journal-title":"IET Inf. Secur."},{"key":"2024062312365405700_ref32","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4615-2694-0_23","article-title":"Higher order derivatives and differential cryptanalysis","volume-title":"Communications and Cryptography: Two Sides of One Tapestry","author":"Lai","year":"1994"},{"key":"2024062312365405700_ref33","first-page":"54","article-title":"Cryptanalysis of two white-box implementations of the SM4 block cipher","volume-title":"Proceedings of ISC 2021","author":"Lu","year":"2021"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/5\/1663\/58307874\/bxad091.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/5\/1663\/58307874\/bxad091.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,23]],"date-time":"2024-06-23T12:37:40Z","timestamp":1719146260000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/67\/5\/1663\/7277137"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,19]]},"references-count":33,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2023,9,19]]},"published-print":{"date-parts":[[2024,6,22]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxad091","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,5]]},"published":{"date-parts":[[2023,9,19]]}}}