Paper 2019/1405

Revisiting Higher-Order Computational Attacks against White-Box Implementations

Houssem Maghrebi and Davide Alessio

Abstract

White-box cryptography was first introduced by Chow et al. in $2002$ as a software technique for implementing cryptographic algorithms in a secure way that protects secret keys in an untrusted environment. Ever since, Chow et al.'s design has been subject to the well-known Differential Computation Analysis (DCA). To resist DCA, a natural approach that white-box designers investigated is to apply the common side-channel countermeasures such as masking. In this paper, we suggest applying the well-studied leakage detection methods to assess the security of masked white-box implementations. Then, we extend some well-known side-channel attacks (i.e. the bucketing computational analysis, the mutual information analysis, and the collision attack) to the higher-order case to defeat higher-order masked white-box implementations. To illustrate the effectiveness of these attacks, we perform a practical evaluation against a first-order masked white-box implementation. The obtained results have demonstrated the practicability of these attacks in a real-world scenario.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. ICISSP 2020
Keywords
white-box cryptographymaskinghigher-order computational attacksleakage detectionAES
Contact author(s)
houssem mag @ gmail com
davide alessio @ gmail com
History
2019-12-05: received
Short URL
https://ia.cr/2019/1405
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1405,
      author = {Houssem Maghrebi and Davide Alessio},
      title = {Revisiting Higher-Order Computational Attacks against White-Box Implementations},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1405},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1405}},
      url = {https://eprint.iacr.org/2019/1405}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.