Cryptographic hash functions are used to produce digital “fingerprints” of data and are a component of many cryptosystems. Such hash functions take arbitrary length bit-strings as input and map them to fixed length bit-strings as output. An input is commonly referred to as a message, and its output is commonly referred to as a digest.
An important distinction between hash functions and other cryptographic primitives (e.g. block ciphers) is that hash functions have no key (i.e. they are un-keyed primitives). This means that, given an input message, anyone can compute its digest. There are a number of cryptographic hash functions that have been specified in publicly-available standards. For example, Secure Hash Standard (SHS), FIPS PUB 180-3 (U.S. Department of Commerce), October 2008, the content of which is hereby incorporated by reference in its entirety, specifies five cryptographic hash functions: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512. Given an input to a hash function, it is very easy to compute its output. However, secure cryptographic hash functions must satisfy a mathematical property known as pre-image resistance or “one-way-ness,” which means that, given an output, it is very difficult to compute an input that hashes to that output. Thus, hash functions have an important asymmetry: they are easy to evaluate, but hard to invert.
Well-known applications of cryptographic hash functions include digital signature schemes, message authentication codes, pseudo-random number generation, code-signing schemes, password based authentication, and key derivation functions. Hash functions are also used to recover content keys in digital rights management (“DRM”) schemes. This is the case for the Open Mobile Alliance (“OMA”) DRM, which is deployed on portable electronic devices such as mobile phones. Content providers protect their content (e.g. videos, songs, games, etc.) in the OMA DRM system before delivery to end-users by encrypting it using symmetric keys called content-encryption keys. If a user makes a request to play protected content on their phone, that phone's DRM Agent first checks permissions specified inside a rights object issued for that content. Assuming the request is authorized, the DRM Agent will then do a computation to recover the required content-encryption key from data inside the rights object. The content is then decrypted and played. The cryptographic operations done by the DRM Agent to recover content-encryption-keys are described in Section 7.1.2 of the OMA DRM Specification, v. 2.1, 6 Nov. 2008, the contents of which are incorporated herein by reference in their entirety. This computation includes the use of a key derivation function based on a hash function such as SHA-1 or SHA-256.
Malicious users may attempt to extract content keys by analyzing the software implementing the DRM Agent. In particular, in a white-box environment, where an attacker has full control over the execution environment and the software implementation (unless the computing device is physically secured), the attacker has access to the code, the data structures and the execution environment. An attacker operating in such an environment can observe the output of the hash function by doing memory dumps or by running the DRM Agent in a debugger. If the content-encryption keys recovered by the DRM Agent are exposed, a malicious attacker could access them, and use them to decrypt the content off-line and free it from restrictions imposed by rights objects (i.e. they would be able to circumvent the DRM). Thus, it is important that the cryptographic operations carried out by the DRM Agent be concealed from the user.
It is, therefore, desirable to provide hashing of messages without revealing either the message, digest or any intermediaries between the two of them so that the hashing operation itself is resistant to white-box attacks.