Article (Scientific journals)
How to reveal the secrets of an obscure white-box implementation
Goubin, Louis; Paillier, Pascal; RIVAIN, Matthieu et al.
2019In Journal of Cryptographic Engineering, 10 (1), p. 49--66
Peer Reviewed verified by ORBi
 

Files


Full Text
jcen2019.pdf
Publisher postprint (984.72 kB)
Request a copy

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
white-box cryptography; WhibOx contest; linear decoding analysis; reverse engineering
Abstract :
[en] White-box cryptography protects key extraction from software implementations of cryptographic primitives. It is widely deployed in DRM and mobile payment applications in which a malicious attacker might control the entire execution environment. So far, no provably secure white- box implementation of AES has been put forward, and all the published practical constructions are vulnerable to differential computation analysis (DCA) and differential fault analysis (DFA). As a consequence, the industry relies on home-made obscure white-box implementations based on secret designs. It is therefore of interest to investigate the achievable resistance of an AES implementation to thwart a white-box adversary in this paradigm. To this purpose, the ECRYPT CSA project has organized the WhibOx contest as the catch the flag challenge of CHES 2017. Researchers and engineers were invited to participate either as designers by submitting the source code of an AES-128 white-box implementation with a freely chosen key, or as breakers by trying to extract the hard-coded keys in the submitted challenges. The participants were not expected to disclose their identities or the underlying designing/attacking techniques. In the end, 94 submitted challenges were all broken and only 13 of them held more than 1 day. The strongest (in terms of surviving time) implementation, submitted by Biryukov and Udovenko, survived for 28 days (which is more than twice as much as the second strongest implementation), and it was broken by a single team, i.e., the authors of the present paper, with reverse engineering and algebraic analysis. In this paper, we give a detailed description of the different steps of our cryptanalysis. We then generalize it to an attack methodology to break further obscure white-box implementations. In particular, we formalize and generalize the linear decoding analysis that we use to extract the key from the encoded intermediate variables of the target challenge.
Disciplines :
Computer science
Author, co-author :
Goubin, Louis;  Université Paris-Saclay, UVSQ, CNRS > Laboratoire de Mathématiques de Versailles
Paillier, Pascal;  CryptoExperts
RIVAIN, Matthieu;  CryptoExperts
WANG, Junwei ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) ; CryptoExperts ; Université Paris 8
External co-authors :
yes
Language :
English
Title :
How to reveal the secrets of an obscure white-box implementation
Publication date :
02 April 2019
Journal title :
Journal of Cryptographic Engineering
ISSN :
2190-8508
eISSN :
2190-8516
Publisher :
Springer, New York, United States - New York
Volume :
10
Issue :
1
Pages :
49--66
Peer reviewed :
Peer Reviewed verified by ORBi
Focus Area :
Security, Reliability and Trust
European Projects :
H2020 - 643161 - ECRYPT-NET - European Integrated Research Training Network on Advanced Cryptographic Technologies for the Internet of Things and the Cloud
Name of the research project :
ECRYPT-NET
Funders :
European Union's Horizon 2020
CE - Commission Européenne
Available on ORBilu :
since 17 September 2020

Statistics


Number of views
60 (6 by Unilu)
Number of downloads
0 (0 by Unilu)

Scopus citations®
 
16
Scopus citations®
without self-citations
15
OpenCitations
 
7
OpenAlex citations
 
29
WoS citations
 
5

Bibliography


Similar publications



Contact ORBilu