System and method for protecting cryptographic assets from a white-box attack

摘要

A digital signature generation (DSG) process which provides resistance against white box attackers is disclosed. This is done by applying specially selected data transformations to the inputs, outputs and internal parameters of the algorithm. In particular, the signatory's private key does not appear in the clear in our protected implementation. Our new white box implementation produces signatures that are compatible with signatures created by conventional implementations; thus our solution facilitates interoperability and can be used as a drop-in replacement for conventional implementations. In particular, we describe transformations to the key (d) and the generator domain parameter (usually denoted G or g) of the digital signature generation processes, such that embodiments of the invention can produce signed messages which appear to a verifier as if the key (d) was used, without actually ever using the key (d). This makes it impossible for an adversary to ever observe the key (d), as it is not actually used. Further embodiments include additional protections to make it even harder for an adversary to deduce the key (d) by observing the process which generates the digital signature.

主权项

1. A method executed by one or more computing devices for protecting a cryptographic private key during cryptographic digital signature generation, the method comprising:
generating, by at least one of the one or more computing devices, a random integer in the interval between 1 and n−1, wherein n corresponds to the cardinality of a group of points on an elliptical curve that are generated within a finite field from a generator point on the elliptical curve and wherein n is greater than or equal to 1; calculating, by at least one of the one or more computing devices, a multiplier based on the random integer, wherein the multiplier is equal to the inverse of the random integer modulo n; determining, by at least one of the one or more computing devices, a transformed generator point by performing elliptical curve multiplication of the generator point and the multiplier; generating, by at least one of the one or more computing devices, a transformed private key based at least in part on the cryptographic private key and the random integer; and generating, by at least one of the one or more computing devices, a digital signature based at least in part on the transformed generator point and the transformed private key, wherein the digital signature is configured to be verified by a verification process which uses a cryptographic public key corresponding to the cryptographic private key.