Improved integral cryptanalysis of SPNbox in digital rights management systems

As an access control technology of digital material, digital rights management systems have a profound effect on the copyright protection of digital content. To address the threat of key exposure, applying white‐box ciphers is effective to provide a security guarantee for digital rights management systems. SPNbox, proposed at Asiacrypt’16 is such a white‐box cipher that fulfils comprehensive resistance against key exposure for digital rights management systems, including black‐box security on the server‐side and white‐box security on the client‐side. So far, the previous integral cryptanalysis of SPNbox employs a general 2‐round distinguisher without considering the details of SPNbox. The properties of SPNbox are carefully explored and a novel 2‐round integral distinguisher is introduced. On this basis, we propose new competitive 3‐round key recovery attacks with lower complexities. Particularly, the improved attack on 3‐round SPNbox‐32 only requires 2 32 chosen plaintexts, whereas the current best attack necessitates 2 62 chosen plaintexts. In addition, integral attacks on 4‐ and 5‐round SPNbox‐8 are presented for the first time. Thus, the security margin of SPNbox‐8 is narrowed by two rounds. These results indicate that the capability of SPNbox resisting integral cryptanalysis is inferior to the designers' claim.