A processor device as intended by the invention is understood to mean an apparatus or other object having a processor, for example a mobile end device such as a smartphone. Software applications—called apps for short—on mobile end devices, for example smartphones, are increasingly being used to carry out cryptographically secured digital transactions, for example for cashless payments at a near-field communication (NFC) terminal or for the purchase of goods or services from an online retailer. Further, software applications for cryptographic services such as speech encryption or data encryption are increasingly being used on mobile end devices such as smartphones. For carrying out the transaction or the service, the software application implemented on the processor of the smartphone interacts with a terminal or server. Cryptographic partial tasks of the software applications such as encryption, decryption, signature formation or signature verification are carried out through implementations of cryptographic algorithms. Security-critical data employed by the cryptographic algorithm, e.g. personal identification numbers (PINs), passwords, cryptographic keys etc., are securely supplied for the processor device. Traditionally, security-critical data are secured against an attack by unauthorized person through (grey-box) cryptography. For this purpose the data are supplied on a security element of the mobile end device, said security element being stand-alone in terms of hardware technology, for example a subscriber identification module (SIM) card removable from the mobile end device.
An alternative approach, which is applicable in particular also for mobile end devices which have no stand-alone security element, is based on the white-box cryptography. In a white-box implementation of a cryptographic algorithm it is attempted to hide the security-critical data, in particular secret cryptographic keys, in the implementation such that an attacker who has full access to the implementation is unable to extract the security-critical data from the implementation. A white-box implementation of the AES crypto-algorithm (Advanced Encryption Standard) is known, for example, from the publication [1] “A Tutorial on White-box AES” by James A. Muir, Cryptology ePrint Archive, Report 2013/104. Likewise, white-box implementations of cryptographic algorithms or routines are distributed commercially.
An ideal white-box implementation of a crypto-algorithm hides security-critical data like cryptographic keys in such a way that they are not ascertainable by an attack.
In the patent application DE 102014016548.5 of the applicant of the present patent application, a method is described for testing a white-box implementation of a cryptographic algorithm, e.g. AES, said implementation being executable on a processor, with which the inventors have succeeded in ascertaining security-critical data by an attack, which according to the concept of the white-box actually should not be possible. From this point of view, the tested white-box implementations are by definition no longer perfect white box due to its attackability, yet are hereinafter still designated as white-box implementations due to their objective of being perfect.
102014016548.5 more precisely describes a test method for a white-box implementation which generates a cipher text from a plain text by means of a secret key, and is present in the processor in the form of machine commands, wherein the processor comprises at least one register. The method comprises the following steps: (a) feeding one plain text of a plurality of plain texts to the white-box implementation; (b) reading out and storing the contents of the at least one register of the processor stepwise while processing the machine commands of the white-box implementation stepwise, wherein intermediate results can be generated while processing the machine commands of the white-box implementation stepwise; (c) repeating the steps (a) and (b) with a further plain text of the plurality of plain texts N-times; and (d) statistically evaluating the contents of the registers and the plain texts, the intermediate results and/or the cipher texts generated from the plain texts by searching for correlations between the contents of the registers and the plain texts, the intermediate results and/or the cipher texts to establish the secret key.
Surprisingly, the examinations of the inventors have shown that for commercially available implementations of cryptographic algorithms under the name of white-box implementations, the secret key may be derived by means of the method described in 102014016548.5.
In the technical publication [3] “Differential Computation Analysis: Hiding your White-Box Designs is Not Enough”, J. W. Bos, Ch. Hubain, W. Michiels, and Ph. Teuwen, by the company NXP, there is disclosed a similar test method like in the above-mentioned patent application 102014016548.5, with which the secret key could likewise be ascertained from a white-box implementation of a crypto-algorithm with statistical methods.
In the patent application 102014016548.5, further a directive for action is supplied for a method for hardening the white-box implementation of a cryptographic algorithm executable on a processor. To achieve the hardening, the white-box implementation is configured such that upon generating the cipher text at least one lookup table comes into use to statically map input values of the lookup table to output values of the lookup table. The method comprises the step that the lookup table is statistically permutated such that the individual bits of the permutated lookup table substantially do not correlate with the bits of the lookup table. In other words: the lookup table T is statistically permutated by means of an inverted mapping f (there designated as permutation P) such that the individual bits of the permutated lookup table T′(x)=f(T(x)) do not correlate with the bits T(x) for randomly varying input x. This implementation corresponds to the preamble of claim 1.
Two important theoretical design criteria when designing a crypto-algorithm which processes a plaintext with a key into a ciphertext are diffusion and confusion. Perfect diffusion means that every ciphertext bit depends on all plaintext bits and all key bits. Confusion means applying a preferably complex relation between plaintext, ciphertext and key. Diffusion is frequently generated by applying affine mappings, in particular linear mappings. Good confusion is achieved in particular, but not only, by applying non-linear mappings. The function f, with which a computation step such as a white-box operation S[x] is obfuscated, should also meet the design criteria diffusion and confusion. Generally, affine, in particular linear mappings, are comparatively simple to work on. Mappings of a not specifically specified type can be elaborate to process, and non-linear mappings are definitively more elaborate to process than affine, in particular linear, mappings.
The invention is based on the task of stating a processor device having an implementation of a cryptographic algorithm, which is specially hardened building on an implementation as stated in 102014016548.5 or a comparable one, by output values of computation steps (e.g. S-box operations), i.e. intermediate steps in the algorithm, being, in the implementation, as little as possible or not correlated with output values as they would be expected for unprotected implementations, so that no secret information item from the algorithm can be obtained even by means of statistical methods applied to side-channel outputs. In particular, special implementation details should be stated by means of which a specially hardened implementation can be attained.