Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Attacks and Countermeasures for White-box Designs
Biryukov, Alex; Udovenko, Aleksei
2018In Peyrin, Thomas; Galbraith, Steven (Eds.) Advances in Cryptology – ASIACRYPT 2018
Peer reviewed


Full Text
Author postprint (502.02 kB)

All documents in ORBilu are protected by a user license.

Send to


Keywords :
white-box; obfuscation; cryptanalysis
Abstract :
[en] In traditional symmetric cryptography, the adversary has access only to the inputs and outputs of a cryptographic primitive. In the white-box model the adversary is given full access to the implementation. He can use both static and dynamic analysis as well as fault analysis in order to break the cryptosystem, e.g. to extract the embedded secret key. Implementations secure in such model have many applications in industry. However, creating such implementations turns out to be a very challenging if not an impossible task. Recently, Bos et al. proposed a generic attack on white-box primitives called differential computation analysis (DCA). This attack was applied to many white-box implementations both from academia and industry. The attack comes from the area of side-channel analysis and the most common method protecting against such attacks is masking, which in turn is a form of secret sharing. In this paper we present multiple generic attacks against masked white-box implementations. We use the term “masking” in a very broad sense. As a result, we deduce new constraints that any secure white-box implementation must satisfy. Based on the new constraints, we develop a general method for protecting white-box implementations. We split the protection into two independent components: value hiding and structure hiding. Value hiding must pro- vide protection against passive DCA-style attacks that rely on analysis of computation traces. Structure hiding must provide protection against circuit analysis attacks. In this paper we focus on developing the value hiding component. It includes protection against the DCA attack by Bos et al. and protection against a new attack called algebraic attack. We present a provably secure first-order protection against the new al- gebraic attack. The protection is based on small gadgets implementing secure masked XOR and AND operations. Furthermore, we give a proof of compositional security allowing to freely combine secure gadgets. We derive concrete security bounds for circuits built using our construction.
Disciplines :
Computer science
Author, co-author :
Biryukov, Alex ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Udovenko, Aleksei  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
Language :
Title :
Attacks and Countermeasures for White-box Designs
Publication date :
November 2018
Event name :
24th International Conference on the Theory and Application of Cryptology and Information Security
Event organizer :
International Association for Cryptologic Research
Event place :
Brisbane, Australia
Event date :
from 02-12-2018 to 06-12-2018
Audience :
Main work title :
Advances in Cryptology – ASIACRYPT 2018
Editor :
Peyrin, Thomas
Galbraith, Steven
Publisher :
Springer International Publishing
Collection name :
Lecture Notes in Computer Science, 11273
Pages :
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 11 January 2018


Number of views
739 (20 by Unilu)
Number of downloads
810 (18 by Unilu)



Similar publications

Contact ORBilu