https://github.com/crocs-muni/whitebox-crypto-aes
Whitebox AES implementation in C++. Chow, Karroumi.
Science Score: 23.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
○codemeta.json file
-
○.zenodo.json file
-
✓DOI references
Found 1 DOI reference(s) in README -
✓Academic publication links
Links to: acm.org -
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (8.1%) to scientific vocabulary
Repository
Whitebox AES implementation in C++. Chow, Karroumi.
Basic Info
- Host: GitHub
- Owner: crocs-muni
- Language: C++
- Default Branch: master
- Homepage: https://is.muni.cz/th/325219/fi_m/
- Size: 765 KB
Statistics
- Stars: 2
- Watchers: 6
- Forks: 2
- Open Issues: 1
- Releases: 0
Metadata Files
README.md
Whitebox-crypto-AES
Whitebox cryptography AES implementation.
This repository contains a C++ implementation of: * Complete whitebox AES-128 scheme introduced by Chow et al [2]. Implements/uses input/output encodings, mixing bijections, external encodings. * Complete whitebox AES-128 scheme introduced by [Karroumi] [3] which uses an idea of dual AES ciphers (using a different generating polynomial for AES cipher) for creating a stronger AES whitebox scheme. * Implementation of the [BGE] Attack on Chow's AES whitebox implementation found by Billet et al [4]. Attack uses whitebox AES generator to create a random instance of whitebox AES scheme with secret key K embedded in the implementation. The attack then recovers the secret key K from the tables representing the given instance. This BGE attack also breaks scheme proposed by Karroumi what I found out while working on my diploma thesis.
The implementation contains: * Whitebox AES code generator in both Chow and Karroumi schemes. It generates a randomized whitebox AES instance with embedded encryption key K which can be used either for encryption or for decryption. Instance can be serialized to a file. * Code for running generated whitebox AES instance for encryption/decryption. * BGE key recovery attack on a generated whitebox AES instance. * Unit tests.
You also might be interested in my Java implementation of the Chow's whitebox AES scheme. In my diploma thesis I suggest modifications and improvements for a new whitebox-suited symmetric-key encryption algorithm based on AES.
[2]: Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. Van Oorschot. White-box cryptography and an AES implementation. In Proceedings of the Ninth Workshop on Selected Areas in Cryptography (SAC 2002, pages 250–270. Springer-Verlag, 2002.
[3]: Mohamed Karroumi. Protecting white-box AES with dual ciphers. In Proceedings of the 13th international conference on Information security and cryptology, ICISC’10, pages 278–291, Berlin, Heidelberg, 2011. Springer-Verlag. ISBN 978-3-642-24208-3.
[4]: Olivier Billet, Henri Gilbert, and Charaf Ech-Chatbi. Cryptanalysis of a white box AES implementation. In Proceedings of the 11th international conference on Selected Areas in Cryptography, SAC’04, pages 227–240, Berlin, Heidelberg, 2005. Springer-Verlag. ISBN 3-540-24327-5, 978-3-540-24327-4. doi: 10.1007/978-3-540-30564-4_16.
Dependencies
- C++0x
- CMake 2.8+
- NTL 6.0.0+
- boost_iostreams 1.55+
- boost_serialization 1.55+
- boostprogramoptions 1.55+
Description: * NTL math library is used for computation in finite fields & algebra. NTL is licensed under GPL thus this implementation also has to be GPL. * Boost library for serialization of the scheme instance & program input parameters parsing. Version 1.55
Building
- Travis is configured for the project so in case of any problems please refer to the travis configuration file.
- Install dependencies. For installing NTL you can use provided scripts
install-ntl.shorinstall-ntl-cached.sh - Use cmake to build
bash cmake . make
License
Code is published under license: GPLv3 [http://www.gnu.org/licenses/gpl-3.0.html]. This license holds from the first commit. I also require to include my copyright header in files if you decide to use my source codes.
Using GPL in short means that if you incorporate this source code to your application, it has to be also published under GPLv3. Also if you make any improvement to my source code and you will use improved version you are obliged to publish improved version as well.
If this license does not fit to you, drop me an email, I am sure we can negotiate somehow.
Contributing
If you want to improve my code by extending it to AES-256 or implementing other whitebox AES schemes do not hesitate to submit a pull request. Please also consider it if you find some bug in the code. I am not actively developing this code at the moment but I will review the pull requests. Thanks!
Owner
- Name: CRoCS
- Login: crocs-muni
- Kind: organization
- Location: Faculty of Informatics, Masaryk University, Brno
- Website: https://crocs.fi.muni.cz
- Repositories: 95
- Profile: https://github.com/crocs-muni
Centre for Research on Cryptography and Security