A secure white‐box SM4 implementation

White-box cryptography aims at implementing a cipher to protect its key from being extracted in a white-box attack context, where an attacker has full control over dynamic execution of the cryptographic software. So far, most white-box implementations exploit lookup-table-based techniques and have been broken because of a weakness that the embedded large linear encodings are cancelled out by compositions of lookup tables. In this paper, we propose a new lookup-table-based white-box implementation for the Chinese block cipher standard SM4 that can protect the large linear encodings from being cancelled out. Our implementation, which can resist a series of white-box attacks, requires 32.5MB of memory to store the lookup tables and is about nine times as fast as the previous Xiao–Lai white-box SM4 implementation. Copyright © 2015 John Wiley & Sons, Ltd.