## Cryptology ePrint Archive: Report 2019/1405

Revisiting Higher-Order Computational Attacks against White-Box Implementations

Houssem Maghrebi and Davide Alessio

Abstract: White-box cryptography was first introduced by Chow et al. in $2002$ as a software technique for implementing cryptographic algorithms in a secure way that protects secret keys in an untrusted environment. Ever since, Chow et al.'s design has been subject to the well-known Differential Computation Analysis (DCA). To resist DCA, a natural approach that white-box designers investigated is to apply the common side-channel countermeasures such as masking. In this paper, we suggest applying the well-studied leakage detection methods to assess the security of masked white-box implementations. Then, we extend some well-known side-channel attacks (i.e. the bucketing computational analysis, the mutual information analysis, and the collision attack) to the higher-order case to defeat higher-order masked white-box implementations. To illustrate the effectiveness of these attacks, we perform a practical evaluation against a first-order masked white-box implementation. The obtained results have demonstrated the practicability of these attacks in a real-world scenario.

Category / Keywords: white-box cryptography, masking, higher-order computational attacks, leakage detection, AES

Original Publication (with minor differences): ICISSP 2020