In this paper, we describe a new attack against the original implementation of Chow et al. (SAC 2002), which efficiently recovers the AES secret key as well as the private external encodings in complexity $2^{22}$. Compared to the previous attack due to Billet et al. (SAC 2004) of complexity $2^{30}$, our attack is not only more efficient but also simpler to implement. Then, we show that the \emph{last} candidate white-box AES implementation due to Karroumi (ICISC 2010) can be broken by a direct application of either Billet et al. attack or ours. Specifically, we show that for any given secret key, the overall implementation has the \emph{exact same} distribution as the implementation of Chow et al. making them both vulnerable to the same attacks.
By improving the state of the art of white-box cryptanalysis and putting forward new attack techniques, we believe our work brings new insights on the failure of existing white-box implementations, which could be useful for the design of future solutions.
Category / Keywords: White-Box Cryptography, AES Implementation, Cryptanalysis Date: received 22 Jul 2013 Contact author: matthieu rivain at gmail com Available format(s): PDF | BibTeX Citation Version: 20130723:130134 (All versions of this report) Short URL: ia.cr/2013/455 Discussion forum: Show discussion | Start new discussion