WAS: improved white-box cryptographic algorithm over AS iteration.

The attacker in white-box model has full access to software implementation of a cryptographic algorithm and full control over its execution environment. In order to solve the issues of high storage cost and inadequate security about most current white-box cryptographic schemes, WAS, an improved white-box cryptographic algorithm over AS iteration is proposed. This scheme utilizes the AS iterative structure to construct a lookup table with a five-layer ASASA structure, and the maximum distance separable matrix is used as a linear layer to achieve complete diffusion in a small number of rounds. Attackers can be prevented from recovering the key under black-box model. The length of nonlinear layer S and affine layer A in lookup table is 16 bits, which effectively avoids decomposition attack against the ASASA structure and makes the algorithm possess anti-key extraction security under the white-box model, while WAS possesses weak white-box (32 KB, 112)-space hardness to satisfy anti-code lifting security. WAS has provable security and better storage cost than existing schemes, with the same anti-key extraction security and anti-code lifting security, only 128 KB of memory space is required in WAS, which is only 14% of SPACE-16 algorithm and 33% of Yoroi-16 algorithm. [ABSTRACT FROM AUTHOR]