Two Attacks on a White-Box AES Implementation

  • Tancrède Lepoint
  • Matthieu Rivain
  • Yoni De Mulder
  • Peter Roelse
  • Bart Preneel
Conference paper

DOI: 10.1007/978-3-662-43414-7_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8282)
Cite this paper as:
Lepoint T., Rivain M., De Mulder Y., Roelse P., Preneel B. (2014) Two Attacks on a White-Box AES Implementation. In: Lange T., Lauter K., Lisoněk P. (eds) Selected Areas in Cryptography -- SAC 2013. SAC 2013. Lecture Notes in Computer Science, vol 8282. Springer, Berlin, Heidelberg

Abstract

White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracts extracting its embedded AES key with a work factor of \(2^{30}\). In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. The present paper includes three contributions. First we describe several improvements of the BGE attack. We show that the overall work factor of the BGE attack is reduced to \(2^{22}\) when all improvements are implemented. This paper also presents a new attack on the initial white-box implementation of Chow et al. This attack exploits collisions occurring on internal variables of the implementation and it achieves a work factor of \(2^{22}\). Eventually, we address the white-box AES implementation presented by Karroumi in 2010 which aims to withstand the BGE attack. We show that the implementations of Karroumi and Chow et al. are the same, making them both vulnerable to the same attacks.

Keywords

White-box cryptography AES implementation Dual cipher Cryptanalysis 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Tancrède Lepoint
    • 1
    • 2
  • Matthieu Rivain
    • 1
  • Yoni De Mulder
    • 3
  • Peter Roelse
    • 4
  • Bart Preneel
    • 3
  1. 1.CryptoExpertsParisFrance
  2. 2.École Normale SupérieureParisFrance
  3. 3.KU Leuven and iMindsHeverleeBelgium
  4. 4.Irdeto B.V.HoofddorpThe Netherlands

Personalised recommendations