Paper 2020/342

Security Assessment of White-Box Design Submissions of the CHES 2017 CTF Challenge

Estuardo Alpirez Bock and Alexander Treff

Abstract

In 2017, the first CHES Capture the Flag Challenge was organized in an effort to promote good design candidates for white-box cryptography. In particular, the challenge assessed the security of the designs with regard to key extraction attacks. A total of 94 candidate programs were submitted, and all of them were broken eventually. Even though most candidates were broken within a few hours, some candidates remained robust against key extraction attacks for several days, and even weeks. In this paper, we perform a qualitative analysis on all candidates submitted to the CHES 2017 Capture the Flag Challenge. We test the robustness of each challenge against different types of attacks, such as automated attacks, extensions thereof and reverse engineering attacks. We are able to classify each challenge depending on their robustness against these attacks, highlighting how challenges vulnerable to automated attacks can be broken in a very short amount of time, while more robust challenges demand for big reverse engineering efforts and therefore for more time from the adversaries. Besides classifying the robustness of each challenge, we also give data regarding their size and efficiency and explain how some of the more robust challenges could actually provide acceptable levels of security for some real-life applications.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Constructive Side-Channel Analysis and Secure Design (Cosade) 2020
Keywords
White-box cryptographyCapture the flagDifferential computation analysisDifferential fault analysis
Contact author(s)
estuardo alpirezbock @ gmail com
alexander treff @ student uni-luebeck de
History
2020-03-24: revised
2020-03-22: received
See all versions
Short URL
https://ia.cr/2020/342
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/342,
      author = {Estuardo Alpirez Bock and Alexander Treff},
      title = {Security Assessment of White-Box Design Submissions of the CHES 2017 CTF Challenge},
      howpublished = {Cryptology ePrint Archive, Paper 2020/342},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/342}},
      url = {https://eprint.iacr.org/2020/342}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.