Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Information Security in Latin America

LATINCRYPT 2019: Progress in Cryptology – LATINCRYPT 2019 pp 259–279Cite as

How to Sign with White-Boxed AES

  • Conference paper
  • First Online:

  • 695 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11774))

Abstract

We investigate the possibility to use obfuscated implementations of the Advanced Encryption Standard AES (“white-boxed AES”) to devise secure signature schemes. We show that the intuitive idea to use AES-based message authentication codes to sign, and the white-boxed implementation to verify, fails in general. This underlines that providing a secure white-box implementation is only the first step and that using it securely as a component in cryptographic protocols may be harder than originally thought. We therefore provide secure signature schemes based on white-boxed AES and on random oracles, as well as stateful and stateless constructions without random oracles. All our solutions are shown to be secure for reasonable parameters.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://ctf.newae.com.

  2. 2.

    https://whibox.cr.yp.to/.

  3. 3.

    https://whibox.cyber-crypt.com/.

  4. 4.

    Note that this can also be defined for AES with key size 192 and 256 bits. We stick here, and throughout, to 128-bit keys for sake of simplicity.

  5. 5.

    Asking for collision resistance for 128-bit outputs seems to be moot. It is owned to the limited block size of AES. Still, the example here shows that there are fundamental problems with the general approach and the attack strategy applies also for larger block sizes of, say, 256 bits.

References

  1. Agrawal, S.: New methods for indistinguishability obfuscation: bootstrapping and instantiation. IACR Cryptology ePrint Archive 2018, 633 (2018)

    Google Scholar 

  2. Ananth, P., Jain, A., Khurana, D., Sahai, A.: Indistinguishability obfuscation without multilinear maps: iO from LWE, bilinear maps, and weak pseudorandomness. IACR Cryptology ePrint Archive 2018, 615 (2018)

    Google Scholar 

  3. Banik, S., Bogdanov, A., Isobe, T., Jepsen, M.B.: Analysis of software countermeasures for whitebox encryption. IACR Trans. Symmetric Cryptol. 2017(1), 307–328 (2017)

    Google Scholar 

  4. Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6:1–6:48 (2012)

    Article  MathSciNet  Google Scholar 

  5. Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)

    Article  MathSciNet  Google Scholar 

  6. Bellare, M., Micali, S.: How to sign given any trapdoor permutation. J. ACM 39(1), 214–233 (1992)

    Article  MathSciNet  Google Scholar 

  7. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. ACM (1993)

    Google Scholar 

  8. Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34

    Chapter  Google Scholar 

  9. Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16

    Chapter  Google Scholar 

  10. Alpirez Bock, E., Brzuska, C., Michiels, W., Treff, A.: On the ineffectiveness of internal encodings - revisiting the DCA attack on white-box cryptography. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 103–120. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_6

    Chapter  MATH  Google Scholar 

  11. Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_11

    Chapter  Google Scholar 

  12. Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. Cryptology ePrint Archive, Report 2006/468 (2006). http://eprint.iacr.org/2006/468

  13. Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1

    Chapter  Google Scholar 

  14. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17

    Chapter  MATH  Google Scholar 

  15. Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_14

    Chapter  Google Scholar 

  16. Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_18

    Chapter  Google Scholar 

  17. De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3

    Chapter  Google Scholar 

  18. De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8_21

    Chapter  Google Scholar 

  19. Delerablée, C., Lepoint, T., Paillier, P., Rivain, M.: White-box security notions for symmetric encryption schemes. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 247–264. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_13

    Chapter  Google Scholar 

  20. Derbez, P., Fouque, P., Lambin, B., Minaud, B.: On recovering affine encodings in white-box implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 121–149 (2018)

    Google Scholar 

  21. Fischlin, M., Lehmann, A., Ristenpart, T., Shrimpton, T., Stam, M., Tessaro, S.: Random oracles with(out) programmability. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 303–320. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_18

    Chapter  Google Scholar 

  22. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2013, Berkeley, CA, USA, 26–29 October 2013, pp. 40–49 (2013)

    Google Scholar 

  23. Goubin, L., Paillier, P., Rivain, M., Wang, J.: How to reveal the secrets of an obscure white-box implementation. Cryptology ePrint Archive, Report 2018/098 (2018). http://eprint.iacr.org/2018/098

  24. Jacob, M., Boneh, D., Felten, E.: Attacking an obfuscated cipher by injecting faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_2

    Chapter  Google Scholar 

  25. Joye, M.: On white-box cryptography. In: Elçi, A., Ors, S.B., Preneel, B. (eds.) Security of Information and Networks, pp. 7–12. Trafford Publishing, Bloomington (2008)

    Google Scholar 

  26. Kiltz, E., Mohassel, P., O’Neill, A.: Adaptive trapdoor functions and chosen-ciphertext security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 673–692. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_34

    Chapter  Google Scholar 

  27. Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_14

    Chapter  Google Scholar 

  28. Mastercard: Mastercard mobile payment SDK. Version 2.0, January 2017. https://developer.mastercard.com/

  29. Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_27

    Chapter  Google Scholar 

  30. Muir, J.A.: A tutorial on white-box AES. Cryptology ePrint Archive, Report 2013/104 (2013). http://eprint.iacr.org/2013/104

  31. Peeters, M.: Challenges in white-box cryptography. In: Early Symmetric Crypto 2015 (2015). https://www.cryptolux.org/mediawiki-esc2015/index.php/ESC_2015

  32. Ramchen, K., Waters, B.: Fully secure and fast signing from obfuscation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 659–673. ACM (2014)

    Google Scholar 

  33. Rivain, M., Pailler, P.: White-box cryptography – new challenges and research directions. ECRYPT CSA Report D1.3, September 2016. www.ecrypt.eu.org/csa/documents/

  34. Rivain, M., Wang, J.: Analysis and improvement of differential computation attacks against internally-encoded white-box implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 225–255 (2019)

    Google Scholar 

  35. Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May–03 June 2014, pp. 475–484. ACM (2014)

    Google Scholar 

  36. Sasdrich, P., Moradi, A., Güneysu, T.: White-box cryptography in the gray box. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 185–203. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_10

    Chapter  Google Scholar 

  37. Saxena, A., Wyseur, B., Preneel, B.: Towards security notions for white-box cryptography. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 49–58. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_4

    Chapter  MATH  Google Scholar 

  38. Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29–40. Springer, Heidelberg (2006). https://doi.org/10.1007/11927587_5

    Chapter  Google Scholar 

  39. Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: 2009 2nd International Conference on Computer Science and its Applications, pp. 1–6, December 2009

    Google Scholar 

Download references

Acknowledgments

This work has been [co-]funded by the DFG as part of project P2 within the CRC 1119 CROSSING, and the Danish Independent Research Council under Grant-ID DFF-6108-00169 (FoCC).

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Darmstadt, Germany

    Marc Fischlin

  2. Aarhus University, Aarhus, Denmark

    Helene Haagh

Authors
  1. Marc Fischlin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Helene Haagh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marc Fischlin .

Editor information

Editors and Affiliations

  1. Radboud University Nijmegen, Nijmegen, The Netherlands

    Peter Schwabe

  2. Universidad de Santiago de Chile, Santiago, Chile

    Nicolas Thériault

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fischlin, M., Haagh, H. (2019). How to Sign with White-Boxed AES. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30530-7_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30529-1

  • Online ISBN: 978-3-030-30530-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation