Paper 2018/301

On the Ineffectiveness of Internal Encodings - Revisiting the DCA Attack on White-Box Cryptography

Estuardo Alpirez Bock, Chris Brzuska, Wil Michiels, and Alexander Treff

Abstract

The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software's program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. As for today, all publicly available white-box implementations turned out succeptible to key extraction attacks. In the meanwhile, white-box cryptography is widely deployed in commercial implementations that claim to be secure. Bos, Hubain, Michiels and Teuwen (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information about the execution, such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques that have been introduced by Chow, Eisen, Johnson and van Oorschot (SAC 2002). In this paper, we prove rigorously that such internal encodings are too weak to protect against the DCA attack and thereby explain the experimental success of the DCA attack of Bos et al.

Note: One figure has been updated in order to increase the quality of the paper. Additionally, a shorter version of this paper has been accepted to the ACNS conference and will be published in its proceedings.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Major revision. The 16th International Conference on Applied Cryptography and Network Security
Keywords
white-box cryptographydifferential computational analysissoftware execution tracesmixing bijections
Contact author(s)
estuardo alpirezbock @ gmail com
History
2018-05-17: last of 3 revisions
2018-04-03: received
See all versions
Short URL
https://ia.cr/2018/301
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/301,
      author = {Estuardo Alpirez Bock and Chris Brzuska and Wil Michiels and Alexander Treff},
      title = {On the Ineffectiveness of Internal Encodings - Revisiting the DCA Attack on White-Box Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2018/301},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/301}},
      url = {https://eprint.iacr.org/2018/301}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.