Advertisement

Another Look on Bucketing Attack to Defeat White-Box Implementations

  • Mohamed Zeyad
  • Houssem MaghrebiEmail author
  • Davide Alessio
  • Boris Batteux
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11421)

Abstract

White-box cryptography was first introduced by Chow et al. in 2002 as a software technique for implementing cryptographic algorithms in a secure way that protects secret keys in a compromised environment. Ever since, Chow et al.’s design has been subject to mainly two categories of attacks published by the cryptographic community. The first category encompasses the so-called differential and algebraic cryptanalysis. Basically, these attacks counteract the obfuscation process by inverting the applied encoding functions after which the used secret key can easily be recovered. The second category comprises the software counterpart of the well-known physical attacks often applied to thwart hardware cryptographic implementations on embedded devices. In this paper, we turn a cryptanalysis technique, called statistical bucketing attack, into a computational analysis one allowing an efficient key recovery from software execution traces. Moreover, we extend this cryptanalysis technique, originally designed to break DES white-box implementations, to target AES white-box implementations. To illustrate the effectiveness of our proposal, we apply our attack on several publicly available white-box implementations with different level of protections. Based on the obtained results, we argue that our attack is not only an alternative but also a more efficient technique compared to the existing computational attacks, especially when some side-channel countermeasures are involved as a protection.

Keywords

White-box cryptography Cryptanalysis Statistical bucketing Computational analysis AES DES Masking 

Supplementary material

References

  1. 1.
  2. 2.
  3. 3.
    Source code of the Bucketing Computational Analysis for AES and DES. https://github.com/Bucketing/BCA-attack
  4. 4.
  5. 5.
    Allibert, J., Feix, B., Gagnerot, G., Kane, I., Thiebeauld, H., Razafindralambo, T.: Chicken or the egg - computational data attacks or physical attacks. Cryptology ePrint Archive, Report 2015/1086 (2015). https://eprint.iacr.org/2015/1086
  6. 6.
    Banik, S., Bogdanov, A., Isobe, T., Jepsen, M.B.: Analysis of software countermeasures for whitebox encryption. IACR Cryptology ePrint Archive 2017:183 (2017)Google Scholar
  7. 7.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30564-4_16CrossRefGoogle Scholar
  8. 8.
    Biryukov, A., Udovenko, A.: Attacks and countermeasures for white-box designs. Cryptology ePrint Archive, Report 2018/049 (2018). https://eprint.iacr.org/2018/049
  9. 9.
    Bogdanov, A., Rivain, M., Vejre, P.S., Wang, J.: Higher-order DCA against standard side-channel countermeasures. Cryptology ePrint Archive, Report 2018/869 (2018). https://eprint.iacr.org/2018/869
  10. 10.
    Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2016, vol. 1717, pp. 215–236. Springer, Heidelberg (2016)Google Scholar
  11. 11.
    Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. Cryptology ePrint Archive, Report 2006/468 (2006). https://eprint.iacr.org/2006/468
  12. 12.
    Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-44993-5_1CrossRefGoogle Scholar
  13. 13.
    Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36492-7_17CrossRefzbMATHGoogle Scholar
  14. 14.
    De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35999-6_3CrossRefGoogle Scholar
  15. 15.
    De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17401-8_21CrossRefGoogle Scholar
  16. 16.
    Ding, B., König, A.C.: Fast set intersection in memory. Proc. VLDB Endow. 4(4), 255–266 (2011)CrossRefGoogle Scholar
  17. 17.
    Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77360-3_18CrossRefGoogle Scholar
  18. 18.
    Goubin, L., Paillier, P., Rivain, M., Wang, J.: How to reveal the secrets of an obscure white-box implementation. Cryptology ePrint Archive, Report 2018/098 (2018). https://eprint.iacr.org/2018/098
  19. 19.
    Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24209-0_19CrossRefGoogle Scholar
  20. 20.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  21. 21.
    Lee, S., Kim, T., Kang, Y.: A masked white-box cryptographic implementation for protecting against differential computation analysis. IEEE Trans. Inf. Forensics Secur. 13(10), 2602–2615 (2018)CrossRefGoogle Scholar
  22. 22.
    Lepoint, T., Rivain, M.: Another nail in the coffin of white-box AES implementations. Cryptology ePrint Archive, Report 2013/455 (2013). https://eprint.iacr.org/2013/455
  23. 23.
    Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43414-7_14CrossRefGoogle Scholar
  24. 24.
    Link, H.E., Neumann, W.D.: Clarifying obfuscation: improving the security of white-box DES. In: International Conference on Information Technology: Coding and Computing (ITCC 2005), vol. II, vol. 1, pp. 679–684, April 2005Google Scholar
  25. 25.
    Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_27CrossRefGoogle Scholar
  26. 26.
    Mulder, Y.D., Roelse, P., Preneel, B.: Revisiting the BGE attack on a white-box AES implementation. Cryptology ePrint Archive, Report 2013/450 (2013). https://eprint.iacr.org/2013/450
  27. 27.
    Sanfelix, E., Mune, C., de Haas, J.: Unboxing the white-box practical attacks against obfuscated ciphers. Black Hat (2015)Google Scholar
  28. 28.
    Wyseur, B.: Software security: white-box cryptography. Ph.D. thesis, K.U.L., March 2009. https://www.esat.kuleuven.be/cosic/publications/thesis-152.pdf
  29. 29.
    Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77360-3_17CrossRefGoogle Scholar
  30. 30.
    Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: 2009 2nd International Conference on Computer Science and its Applications, pp. 1–6, December 2009Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Mohamed Zeyad
    • 3
  • Houssem Maghrebi
    • 1
    Email author
  • Davide Alessio
    • 1
  • Boris Batteux
    • 2
  1. 1.UL Identity Management & SecurityLa CiotatFrance
  2. 2.EshardMarseilleFrance
  3. 3.Trusted LabsMeudonFrance

Personalised recommendations