References of "Rivain, Matthieu 2000E868"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailDefeating State-of-the-Art White-Box Countermeasures with Advanced Gray-Box Attacks
Goubin, Louis; Rivain, Matthieu UL; Wang, Junwei UL

in IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 2020(3), 454482

The goal of white-box cryptography is to protect secret keys embedded in a cryptographic software deployed in an untrusted environment. In this article, we revisit state-of-the-art countermeasures ... [more ▼]

The goal of white-box cryptography is to protect secret keys embedded in a cryptographic software deployed in an untrusted environment. In this article, we revisit state-of-the-art countermeasures employed in white-box cryptography, and we discuss possible ways to combine them. Then we analyze the different gray-box attack paths and study their performances in terms of required traces and computation time. Afterward, we propose a new paradigm for the gray-box attack against white-box cryptography, which exploits the data-dependency of the target implementation. We demonstrate that our approach provides substantial complexity improvements over the existing attacks. Finally, we showcase this new technique by breaking the three winning AES-128 white-box implementations from WhibOx 2019 white-box cryptography competition. [less ▲]

Detailed reference viewed: 23 (1 UL)
Full Text
Peer Reviewed
See detailHow to reveal the secrets of an obscure white-box implementation
Goubin, Louis; Paillier, Pascal; Rivain, Matthieu UL et al

in Journal of Cryptographic Engineering (2019), 10(1), 49--66

White-box cryptography protects key extraction from software implementations of cryptographic primitives. It is widely deployed in DRM and mobile payment applications in which a malicious attacker might ... [more ▼]

White-box cryptography protects key extraction from software implementations of cryptographic primitives. It is widely deployed in DRM and mobile payment applications in which a malicious attacker might control the entire execution environment. So far, no provably secure white- box implementation of AES has been put forward, and all the published practical constructions are vulnerable to differential computation analysis (DCA) and differential fault analysis (DFA). As a consequence, the industry relies on home-made obscure white-box implementations based on secret designs. It is therefore of interest to investigate the achievable resistance of an AES implementation to thwart a white-box adversary in this paradigm. To this purpose, the ECRYPT CSA project has organized the WhibOx contest as the catch the flag challenge of CHES 2017. Researchers and engineers were invited to participate either as designers by submitting the source code of an AES-128 white-box implementation with a freely chosen key, or as breakers by trying to extract the hard-coded keys in the submitted challenges. The participants were not expected to disclose their identities or the underlying designing/attacking techniques. In the end, 94 submitted challenges were all broken and only 13 of them held more than 1 day. The strongest (in terms of surviving time) implementation, submitted by Biryukov and Udovenko, survived for 28 days (which is more than twice as much as the second strongest implementation), and it was broken by a single team, i.e., the authors of the present paper, with reverse engineering and algebraic analysis. In this paper, we give a detailed description of the different steps of our cryptanalysis. We then generalize it to an attack methodology to break further obscure white-box implementations. In particular, we formalize and generalize the linear decoding analysis that we use to extract the key from the encoded intermediate variables of the target challenge. [less ▲]

Detailed reference viewed: 28 (2 UL)
Full Text
Peer Reviewed
See detailAnalysis and Improvement of Differential Computation Attacks against Internally-Encoded White-Box Implementations
Rivain, Matthieu UL; Wang, Junwei UL

in IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 2019(2), 225-255

White-box cryptography is the last security barrier for a cryptographic software implementation deployed in an untrusted environment. The principle of internal encodings is a commonly used white-box ... [more ▼]

White-box cryptography is the last security barrier for a cryptographic software implementation deployed in an untrusted environment. The principle of internal encodings is a commonly used white-box technique to protect block cipher implementations. It consists in representing an implementation as a network of look-up tables which are then encoded using randomly generated bijections (the internal encodings). When this approach is implemented based on nibble (i.e. 4-bit wide) encodings, the protected implementation has been shown to be vulnerable to differential computation analysis (DCA). The latter is essentially an adaptation of differential power analysis techniques to computation traces consisting of runtime information, e.g., memory accesses, of the target software. In order to thwart DCA, it has then been suggested to use wider encodings, and in particular byte encodings, at least to protect the outer rounds of the block cipher which are the prime targets of DCA. In this work, we provide an in-depth analysis of when and why DCA works. We pinpoint the properties of the target variables and the encodings that make the attack (in)feasible. In particular, we show that DCA can break encodings wider than 4-bit, such as byte encodings. Additionally, we propose new DCA-like attacks inspired from side-channel analysis techniques. Specifically, we describe a collision attack particularly effective against the internal encoding countermeasure. We also investigate mutual information analysis (MIA) which naturally applies in this context. Compared to the original DCA, these attacks are also passive and they require very limited knowledge of the attacked implementation, but they achieve significant improvements in terms of trace complexity. All the analyses of our work are experimentally backed up with various attack simulation results. We also verified the practicability of our analyses and attack techniques against a publicly available white-box AES implementation protected with byte encodings –which DCA has failed to break before– and against a “masked” white-box AES implementation –which intends to resist DCA. [less ▲]

Detailed reference viewed: 21 (0 UL)
Full Text
See detailOn the physical security of cryptographic implementations
Rivain, Matthieu UL

Doctoral thesis (2009)

In modern cryptography, an encryption system is usually studied in the so-called black-box model. In this model, the cryptosystem is seen as an oracle replying to message encryption (and/or decryption ... [more ▼]

In modern cryptography, an encryption system is usually studied in the so-called black-box model. In this model, the cryptosystem is seen as an oracle replying to message encryption (and/or decryption) queries according to a secret value: the key. The security of the cryptosystem is then defined following a simple game. An adversary questions the oracle about the encryption (and/or decryption) of messages of its choice and, depending on the answers, attempts to recover the value of the secret key (or to encrypt/decrypt a message for which he did not query the oracle). If by following an optimal strategy the adversary only has a negligible chance of winning, the system is considered as secure. Several cryptosystems have been proved secure in the black-box model. However, this model is not always sufficient to ensure the security of a cryptosystem in practice. Let us consider the example of smart cards which are used as platforms for cryptosystems in various applications such as banking, access control, mobile telephony, pay TV, or electronic passport. By the very nature of these applications, a cryptosystem embedded on a smart card is physically accessible to potential attackers. This physical access invalidates the modeling of the cryptosystem as a simple encryption oracle since it allows the adversary to observe and disrupt its physical behavior. New attacks then become possible which are known as physical cryptanalysis. Physical cryptanalysis includes two main families of attacks: side channel attacks and fault attacks. The purpose of side channel attacks is to analyze the different physical leakages of a cryptographic implementation during its computation. Chief among these rank timing, power consumption, and electromagnetic radiation. Observing these so-called side channels provides sensitive information about the cryptographic computation. The secret key value can then be easily recovered by statistical treatment although the cryptosystem is secure in the black-box model. The access to a cryptographic implementation enables more than a simple observation of its physical behavior; it is also possible to disrupt its computation. Working on this assumption, fault attacks consist in corrupting cryptographic computations so that they produce erroneous results. Surprisingly, these results can be used in order to recover information about the secret key. This thesis focuses on physical cryptanalysis as well as on the secure implementation of cryptographic primitives. We examine in the first part side channel attacks from a theoretical viewpoint. Various techniques of attack based on different statistical tools are addressed. We analyze their success rate, we compare their efficiency and we propose some improvements. Our analyses are illustrated by results of simulated attacks as well as practical attacks on smart cards. The second part of this thesis is devoted to one of the most widely used countermeasures to side channel attacks: data masking. Our investigations concentrate on generic masking schemes for block ciphers such as the encryption standards DES and AES. We analyze existing schemes, exhibiting some attacks against certain of them and we propose new designs. The third and last part of this thesis deals with fault attacks. First, we describe a new attack on the DES cipher which exhibits some requirements to its secure implementation. We then provide a case study based on the RSA cryptosystem where we propose a new countermeasure which can also be applied to secure any exponentiation algorithm. We finally address an important issue for practical security: the implementation of coherence checks. [less ▲]

Detailed reference viewed: 142 (5 UL)
Peer Reviewed
See detailAttack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform
Coron, Jean-Sébastien UL; Giraud, Christophe; Prouff, Emmanuel et al

in Advances in Cryptography (2008)

Detailed reference viewed: 90 (0 UL)