Cryptanalysis of ARX-based White-box Implementations

[en] At CRYPTO’22, Ranea, Vandersmissen, and Preneel proposed a new way to design white-box implementations of ARX-based ciphers using so-called implicit functions and quadratic-affine encodings. They suggest the Speck block-cipher as an example target. In this work, we describe practical attacks on the construction. For the implementation without one of the external encodings, we describe a simple algebraic key recovery attack. If both external encodings are used (the main scenario suggested by the authors), we propose optimization and inversion attacks, followed by our main result - a multiple-step round decomposition attack and a decomposition-based key recovery attack. Our attacks only use the white-box round functions as oracles and do not rely on their description. We implemented and verified experimentally attacks on white-box instances of Speck-32/64 and Speck-64/128. We conclude that a single ARX-round is too weak to be used as a white-box round.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

BIRYUKOV, Alexei ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Cryptolux

LAMBIN, Baptiste ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Cryptolux

UDOVENKO, Aleksei ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Cryptolux

Co-auteurs externes :

Langue du document :

Anglais

Titre :

Cryptanalysis of ARX-based White-box Implementations

Date de publication/diffusion :

09 juin 2023

Titre du périodique :

IACR Transactions on Cryptographic Hardware and Embedded Systems

eISSN :

2569-2925

Maison d'édition :

Ruhr-University of Bochum, Bochum, Allemagne

Volume/Tome :

2023

Fascicule/Saison :

Pagination :

97-135

Peer reviewed :

Peer reviewed vérifié par ORBi

Focus Area :

Security, Reliability and Trust

URL complémentaire :

https://tches.iacr.org/index.php/TCHES/article/view/10958

Projet FnR :

FNR13641232 - Analysis And Protection Of Lightweight Cryptographic Algorithms, 2019 (01/01/2021-31/12/2023) - Alex Biryukov

Intitulé du projet de recherche :

R-AGR-3748 - C19/IS/13641232/APLICA (01/09/2020 - 30/08/2022) - BIRYUKOV Alexei

Organisme subsidiant :

FNR - Fonds National de la Recherche

N° du Fonds :

C19/IS/13641232

Disponible sur ORBilu :

depuis le 14 juillet 2023

Statistiques

Nombre de vues

259 (dont 3 Unilu)

Nombre de téléchargements

282 (dont 5 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

citations OpenAlex

Bibliographie

[AABM20] Estuardo Alpirez Bock, Alessandro Amadori, Chris Brzuska, and Wil Michiels. On the security goals of white-box cryptography. IACR TCHES, 2020(2):327– 357, 2020. https://tches.iacr.org/index.php/TCHES/article/view/8554. 97
[ABF+ 20] Estuardo Alpirez Bock, Chris Brzuska, Marc Fischlin, Christian Janson, and Wil Michiels. Security reductions for white-box key-storage in mobile payments. In Shiho Moriai and Huaxiong Wang, editors, ASIACRYPT 2020, Part I, volume 12491 of LNCS, pages 221–252. Springer, Heidelberg, December 2020. 97
[BCD06] Julien Bringer, Hervé Chabanne, and Emmanuelle Dottax. White box cryp-tography: Another attempt. IACR Cryptol. ePrint Arch., page 468, 2006. 131
[BCH16] Chung Hun Baek, Jung Hee Cheon, and Hyunsook Hong. White-box aes implementation revisited. Journal of Communications and Networks, 18(3):273– 287, 2016. 97
[BGEC04] Olivier Billet, Henri Gilbert, and Charaf Ech-Chatbi. Cryptanalysis of a white box AES implementation. In Helena Handschuh and Anwar Hasan, editors, SAC 2004, volume 3357 of LNCS, pages 227–240. Springer, Heidelberg, August 2004. 98, 99
[BHMT16] Joppe W. Bos, Charles Hubain, Wil Michiels, and Philippe Teuwen. Differential computation analysis: Hiding your white-box designs is not enough. In Benedikt Gierlichs and Axel Y. Poschmann, editors, CHES 2016, volume 9813 of LNCS, pages 215–236. Springer, Heidelberg, August 2016. 99, 102
[BU18] Alex Biryukov and Aleksei Udovenko. Attacks and countermeasures for white-box designs. In Thomas Peyrin and Steven Galbraith, editors, ASI-ACRYPT 2018, Part II, volume 11273 of LNCS, pages 373–402. Springer, Heidelberg, December 2018. 99, 102
[CD08] Nicolas Courtois and Blandine Debraize. Algebraic description and simultane-ous linear approximations of addition in Snow 2.0. In Liqun Chen, Mark Der-mot Ryan, and Guilin Wang, editors, ICICS 08, volume 5308 of LNCS, pages 328–344. Springer, Heidelberg, October 2008. 99, 108, 109
[CEJv03] Stanley Chow, Philip A. Eisen, Harold Johnson, and Paul C. van Oorschot. White-box cryptography and an AES implementation. In Kaisa Nyberg and Howard M. Heys, editors, SAC 2002, volume 2595 of LNCS, pages 250–270. Springer, Heidelberg, August 2003. 97, 99
[CEJvO03] Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. van Oorschot. A white-box des implementation for drm applications. In Joan Feigenbaum, editor, Digital Rights Management, pages 1–15, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg. 97
[CLO10] David A. Cox, John Little, and Donal O’Shea. Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Alge-bra. Springer Publishing Company, Incorporated, 3rd edition, 2010. 127
[DFLM18] Patrick Derbez, Pierre-Alain Fouque, Baptiste Lambin, and Brice Minaud. On recovering affine encodings in white-box implementations. IACR TCHES, 2018(3):121–149, 2018. https://tches.iacr.org/index.php/TCHES/article/view/7271. 112, 113
[GPRW20] Louis Goubin, Pascal Paillier, Matthieu Rivain, and Junwei Wang. How to reveal the secrets of an obscure white-box implementation. Journal of Cryptographic Engineering, 10(1):49–66, April 2020. 99, 102
[KPG99] Aviad Kipnis, Jacques Patarin, and Louis Goubin. Unbalanced Oil and Vinegar signature schemes. In Jacques Stern, editor, EUROCRYPT’99, volume 1592 of LNCS, pages 206–222. Springer, Heidelberg, May 1999. 111, 126
[LM01] Helger Lipmaa and Shiho Moriai. Efficient algorithms for computing differential properties of addition. In FSE, volume 2355 of LNCS, pages 336–350. Springer, 2001. 107, 108
[LN05] H.E. Link and W.D. Neumann. Clarifying obfuscation: improving the security of white-box des. In International Conference on Information Technology: Coding and Computing (ITCC’05)-Volume II, volume 1, pages 679–684 Vol. 1, 2005. 97
[MGH09] Wil Michiels, Paul Gorissen, and Henk D. L. Hollmann. Cryptanalysis of a generic class of white-box implementations. In Roberto Maria Avanzi, Liam Keliher, and Francesco Sica, editors, SAC 2008, volume 5381 of LNCS, pages 414–428. Springer, Heidelberg, August 2009. 98
[RP20] Adrián Ranea and Bart Preneel. On self-equivalence encodings in white-box implementations. In Orr Dunkelman, Michael J. Jacobson Jr., and Colin O’Flynn, editors, SAC 2020, volume 12804 of LNCS, pages 639–669. Springer, Heidelberg, October 2020. 97, 99
[RVP22] Adrián Ranea, Joachim Vandersmissen, and Bart Preneel. Implicit white-box implementations: White-boxing ARX ciphers. In CRYPTO (1), volume 13507 of Lecture Notes in Computer Science, pages 33–63. Springer, 2022. 98, 99, 100, 101, 102, 105, 110, 111, 121, 122, 124, 125, 126, 127, 129, 131, 132
[Sag22] The Sage Developers. SageMath, the Sage Mathematics Software System (Version 9.7, Release Date: 2022-09-19), 2022. https://www.sagemath.org. 131
[VRP22] Joachim Vandersmissen, Adrián Ranea, and Bart Preneel. A white-box speck implementation using self-equivalence encodings. In ACNS, volume 13269 of Lecture Notes in Computer Science, pages 771–791. Springer, 2022. 98, 128, 129
[XL09] Yaying Xiao and Xuejia Lai. A secure implementation of white-box aes. In 2009 2nd International Conference on Computer Science and its Applications, pages 1–6, 2009. 97