Improved integral cryptanalysis of SPNbox in digital rights management systems

Abstract

As an access control technology of digital material, digital rights management systems have a profound effect on the copyright protection of digital content. To address the threat of key exposure, applying white-box ciphers is effective to provide a security guarantee for digital rights management systems. SPNbox, proposed at Asiacrypt’16 is such a white-box cipher that fulfils comprehensive resistance against key exposure for digital rights management systems, including black-box security on the server-side and white-box security on the client-side. So far, the previous integral cryptanalysis of SPNbox employs a general 2-round distinguisher without considering the details of SPNbox. The properties of SPNbox are carefully explored and a novel 2-round integral distinguisher is introduced. On this basis, we propose new competitive 3-round key recovery attacks with lower complexities. Particularly, the improved attack on 3-round SPNbox-32 only requires 232 chosen plaintexts, whereas the current best attack necessitates 262 chosen plaintexts. In addition, integral attacks on 4- and 5-round SPNbox-8 are presented for the first time. Thus, the security margin of SPNbox-8 is narrowed by two rounds. These results indicate that the capability of SPNbox resisting integral cryptanalysis is inferior to the designers' claim.