Paper 2013/450
Revisiting the BGE Attack on a White-Box AES Implementation
Yoni De Mulder, Peter Roelse, and Bart Preneel
Abstract
White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracting its embedded AES key with a work factor of $2^{30}$. In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. This paper presents several improvements to the other phases of the BGE attack. The paper shows that the overall work factor of the BGE attack is reduced to $2^{22}$ when all improvements are implemented. In 2010, Karroumi presented a white-box AES implementation that is designed to withstand the BGE attack. This paper shows that the implementations of Karroumi and Chow \emph{et al.} are the same. As a result, Karroumi's white-box AES implementation is vulnerable to the attack it was designed to resist.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- White-box cryptographydual cipherAEScryptanalysis
- Contact author(s)
- yoni demulder @ esat kuleuven be
- History
- 2013-07-22: received
- Short URL
- https://ia.cr/2013/450
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/450, author = {Yoni De Mulder and Peter Roelse and Bart Preneel}, title = {Revisiting the {BGE} Attack on a White-Box {AES} Implementation}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/450}, year = {2013}, url = {https://eprint.iacr.org/2013/450} }