TY - GEN
T1 - White-Box Implementation of the KMAC Message Authentication Code
AU - Lu, Jiqiang
AU - Zhao, Zhigang
AU - Guo, Huaqun
N1 - Publisher Copyright:
© Springer Nature Switzerland AG, 2019.
PY - 2019
Y1 - 2019
N2 - In 2016, US NIST released the KMAC message authentication code, which is actually a keyed variant of the new-generation hash function standard SHA-3. Following the increasing use of SHA-3, it is highly anticipated that KMAC will also be increasingly widely used in various security applications. Due to the distinctions between sponge hash functions and Merkle-Damgård hash functions, white-box implementations of KMAC and HMAC are rather different. In this paper, we present an efficient white-box implementation of KMAC with strong resistance against both key extraction and code lifting attacks, which can still work with an updated user key. It has a storage complexity of about 107.7 MB, and has a running time of about 1.5 ms on a DELL Precision T5610 workstation, about 375 times slower than the original KMAC implementation without white-box protection. There are implementation variants with different trade-offs between security and performance. This is the first published white-box implementation of KMAC to the best of our knowledge, and our implementation methods can be applied to similar sponge constructions.
AB - In 2016, US NIST released the KMAC message authentication code, which is actually a keyed variant of the new-generation hash function standard SHA-3. Following the increasing use of SHA-3, it is highly anticipated that KMAC will also be increasingly widely used in various security applications. Due to the distinctions between sponge hash functions and Merkle-Damgård hash functions, white-box implementations of KMAC and HMAC are rather different. In this paper, we present an efficient white-box implementation of KMAC with strong resistance against both key extraction and code lifting attacks, which can still work with an updated user key. It has a storage complexity of about 107.7 MB, and has a running time of about 1.5 ms on a DELL Precision T5610 workstation, about 375 times slower than the original KMAC implementation without white-box protection. There are implementation variants with different trade-offs between security and performance. This is the first published white-box implementation of KMAC to the best of our knowledge, and our implementation methods can be applied to similar sponge constructions.
KW - Hash function
KW - KMAC
KW - Message authentication code (MAC)
KW - SHA-3
KW - Sponge construction
KW - White-box cryptography
UR - https://www.scopus.com/pages/publications/85076682737
U2 - 10.1007/978-3-030-34339-2_14
DO - 10.1007/978-3-030-34339-2_14
M3 - 会议稿件
AN - SCOPUS:85076682737
SN - 9783030343385
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 248
EP - 270
BT - Information Security Practice and Experience - 15th International Conference, ISPEC 2019, Proceedings
A2 - Heng, Swee-Huay
A2 - Lopez, Javier
PB - Springer
T2 - 15th International Conference on Information Security Practice and Experience, ISPEC 2019
Y2 - 26 November 2019 through 28 November 2019
ER -