The present disclosure relates to an encryption device, an encryption method, a decryption device, and a decryption method.
As the related art, for example, S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot “A white-box DES implementation for DRM applications.” DRM 2002 and S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot “White-Box Cryptography and an AES Implementation?” SAC 2002 each describe a method for securely transforming the existing block ciphers even in the white-box model. The methods described in S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot “A white-box DES implementation for DRM applications.” DRM 2002 and S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot “White-Box Cryptography and an AES Implementation?” SAC 2002 relate to the white-box implementation of the existing algorithms (DES and AES), and the technique of transforming an operation into a lookup table having a large size and embedding a secret key into the table to ensure the security of the internal operation visible to the outside.
According to the methods described in S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot “A white-box DES implementation for DRM applications.” DRM 2002 and S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot “White-Box Cryptography and an AES Implementation?” SAC 2002, the value of a secret key is included in a table, and then a keyed table is generated. In order to enhance the security of each table, a secret non-linear function is added before and after the table. Meanwhile, the function IN and the function OUT are added before and after the encryption algorithm E as External Encoding.
A. Biryukov, C. Bouillaguet, D. Khovratovich:“Cryptographic Schemes Based on the SAAS Structure: Black-Box, White-Box, and Public-Key”, ASIACRYPT 2014 describes a method for configuring a table for a problem expected to be difficult to decompose, and configuring a block cipher, which is also secure in the white-box model. Specifically, the method described in A. Biryukov, C. Bouillaguet, D. Khovratovich: “Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key”, ASIACRYPT 2014 configures a table for a white-box by overlaying a secret non-linear function (S layer) and a secret linear function (A layer), and more specifically, configures a table for a white-box by overlaying a three-layered secret linear function (A layer) and a two-layered secret non-linear function (S layer).