• PDF / 402,000 Bytes
• 16 Pages / 439.37 x 666.142 pts Page_size
• 112 Downloads / 235 Views

DOWNLOAD

REPORT

bstract. Not only have all current scientific white-box AES schemes been mathematically broken, they also face a family of attacks derived from traditional Side Channel Attacks, e.g., Differential Computation Analysis (DCA) introduced by Bos et al. Such attacks are very universal and easy-to-mount – they require neither knowledge of the implementation, nor use of reverse engineering. In this paper, we particularly focus on DCA against white-box AES by Chow et al. which shows lower than 100% success rate as opposed to other schemes studied by Bos et al. We provide an explanation of this phenomenon while unraveling another weakness in the design of white-box AES by Chow et al. Based on our theoretical results, we propose an extension of the original DCA attack which has a higher chance of key recovery and might be adapted for other schemes.

Keywords: White-box AES Linear cryptanalysis

1

· Differential Computation Analysis ·

Introduction

Standard ciphers like AES (Advanced Encryption Standard, [30]) were designed with respect to so-called black-box model. In this model, an adversary is only allowed to observe ciphertexts of chosen plaintexts while she does not gain any other information about the encryption algorithm execution – neither intermediate values, nor timing. I.e., the adversary has an access to an encryption oracle while her goal is to recover the key or employ the oracle for effective decryption. However, real-world hardware implementations like smart cards do leak certain portion of internal information through various side-channels, e.g., power consumption or electromagnetic radiation. This attack scenario is referred to as the gray-box model. Later, there has emerged a need for the most extreme scenario where the adversary has a full control over the execution environment. Such a model is called the white-box model. Note that in this model, the adversary is free to This work was supported by the Grant Agency of CTU in Prague, grant No. SGS19/109/OHK3/2T/13. c Springer Nature Switzerland AG 2020  K. Arai et al. (Eds.): SAI 2020, AISC 1230, pp. 404–419, 2020. https://doi.org/10.1007/978-3-030-52243-8_29

Exploiting Linearity in White-Box AES with DCA

405

observe or alter all intermediate values as well as instructions. It follows that the original cipher’s intermediates—which typically allow for key recovery—must be somehow hidden or masked. In the wild, several techniques and layers of protection are being put in place, ranging from software obfuscation to mathematical approaches. In our paper, we will particularly focus on the mathematical point of view, however, our results will turn out to be highly practical. 1.1

White-Box Cryptography

In 2002, Chow et al. proposed white-box implementations of AES and DES [11,12] (WBAES, WBDES). These implementations aim at protecting the keying material from an adversary who is in possession of the implementation which includes the (masked) key. Even though many years have passed, all scientific white-box AES schemes got eventually broken (to the best of our kno

Recommend Documents

Design of a Differential Power Analysis Resistant Masked AES S-Box

162 24 459KB

Linearity

147 61 1MB

New Results on Impossible Differential Cryptanalysis of Reduced AES

170 66 181KB

Towards the Design of a Stronger AES: AES with Key Dependent Shift Rows (KDSR)

160 95 1006KB

Computation with External Help

184 37 7MB

Bayesian Computation with R

191 104 277KB

Parareal computation of stochastic differential equations with time-scale separation: a numerical convergence study

143 15 690KB

Analysis of Countermeasures Against Access Driven Cache Attacks on AES

160 38 229KB

Enterprise Evolution with Molecular Computation

158 89 58MB

Differential Expression Analysis in Single-Cell Transcriptomics

252 21 372KB

Some Stochastic Gradient Algorithms for Hammerstein Systems with Piecewise Linearity

149 48 621KB

Fluoropyrimidine-related AEs greater in women

187 24 166KB