Two Attacks on a White-Box AES Implementation View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2014-05-21

AUTHORS

Tancrède Lepoint , Matthieu Rivain , Yoni De Mulder , Peter Roelse , Bart Preneel

ABSTRACT

White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracts extracting its embedded AES key with a work factor of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{30}$$\end{document}. In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. The present paper includes three contributions. First we describe several improvements of the BGE attack. We show that the overall work factor of the BGE attack is reduced to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{22}$$\end{document} when all improvements are implemented. This paper also presents a new attack on the initial white-box implementation of Chow et al. This attack exploits collisions occurring on internal variables of the implementation and it achieves a work factor of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{22}$$\end{document}. Eventually, we address the white-box AES implementation presented by Karroumi in 2010 which aims to withstand the BGE attack. We show that the implementations of Karroumi and Chow et al. are the same, making them both vulnerable to the same attacks. More... »

PAGES

265-285

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-662-43414-7_14

DOI

http://dx.doi.org/10.1007/978-3-662-43414-7_14

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1019819186


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "\u00c9cole Normale Sup\u00e9rieure, Paris, France", 
          "id": "http://www.grid.ac/institutes/grid.5607.4", 
          "name": [
            "CryptoExperts, Paris, France", 
            "\u00c9cole Normale Sup\u00e9rieure, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lepoint", 
        "givenName": "Tancr\u00e8de", 
        "id": "sg:person.016132517751.03", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016132517751.03"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "CryptoExperts, Paris, France", 
          "id": "http://www.grid.ac/institutes/grid.470554.7", 
          "name": [
            "CryptoExperts, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rivain", 
        "givenName": "Matthieu", 
        "id": "sg:person.010262215407.97", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010262215407.97"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "KU Leuven and iMinds, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "KU Leuven and iMinds, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "De Mulder", 
        "givenName": "Yoni", 
        "id": "sg:person.014375742011.82", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014375742011.82"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Irdeto B.V., Hoofddorp, The Netherlands", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "Irdeto B.V., Hoofddorp, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Roelse", 
        "givenName": "Peter", 
        "id": "sg:person.07631674727.92", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07631674727.92"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "KU Leuven and iMinds, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "KU Leuven and iMinds, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Preneel", 
        "givenName": "Bart", 
        "id": "sg:person.011115044357.39", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2014-05-21", 
    "datePublishedReg": "2014-05-21", 
    "description": "White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracts extracting its embedded AES key with a work factor of \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^{30}$$\\end{document}. In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. The present paper includes three contributions. First we describe several improvements of the BGE attack. We show that the overall work factor of the BGE attack is reduced to \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^{22}$$\\end{document} when all improvements are implemented. This paper also presents a new attack on the initial white-box implementation of Chow et al. This attack exploits collisions occurring on internal variables of the implementation and it achieves a work factor of \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^{22}$$\\end{document}. Eventually, we address the white-box AES implementation presented by Karroumi in 2010 which aims to withstand the BGE attack. We show that the implementations of Karroumi and Chow et al. are the same, making them both vulnerable to the same attacks.", 
    "editor": [
      {
        "familyName": "Lange", 
        "givenName": "Tanja", 
        "type": "Person"
      }, 
      {
        "familyName": "Lauter", 
        "givenName": "Kristin", 
        "type": "Person"
      }, 
      {
        "familyName": "Lison\u011bk", 
        "givenName": "Petr", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-662-43414-7_14", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-662-43413-0", 
        "978-3-662-43414-7"
      ], 
      "name": "Selected Areas in Cryptography -- SAC 2013", 
      "type": "Book"
    }, 
    "keywords": [
      "internal variables", 
      "billet", 
      "present paper", 
      "time-consuming phase", 
      "AES implementation", 
      "most time-consuming phase", 
      "al", 
      "implementation", 
      "improvement", 
      "et al", 
      "phase", 
      "environment", 
      "AES", 
      "key", 
      "attacks", 
      "collisions", 
      "Gilbert", 
      "Chow et al", 
      "secret key", 
      "factors", 
      "full access", 
      "contribution", 
      "variables", 
      "white-box cryptography", 
      "Eisen", 
      "AES key", 
      "execution environment", 
      "efficient attack", 
      "cryptography", 
      "Johnson", 
      "cipher", 
      "adversary", 
      "access", 
      "same attack", 
      "white-box implementations", 
      "new attacks", 
      "work factors", 
      "paper", 
      "chow", 
      "van Oorschot", 
      "Tolhuizen", 
      "white-box AES implementation"
    ], 
    "name": "Two Attacks on a White-Box AES Implementation", 
    "pagination": "265-285", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1019819186"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-662-43414-7_14"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-662-43414-7_14", 
      "https://app.dimensions.ai/details/publication/pub.1019819186"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:15", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_409.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-662-43414-7_14"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-43414-7_14'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-43414-7_14'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-43414-7_14'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-43414-7_14'


 

This table displays all metadata directly associated to this object as RDF triples.

148 TRIPLES      22 PREDICATES      66 URIs      59 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-662-43414-7_14 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N175c0d9d8c204a1fb67d0f220bd0cce8
4 schema:datePublished 2014-05-21
5 schema:datePublishedReg 2014-05-21
6 schema:description White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracts extracting its embedded AES key with a work factor of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{30}$$\end{document}. In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. The present paper includes three contributions. First we describe several improvements of the BGE attack. We show that the overall work factor of the BGE attack is reduced to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{22}$$\end{document} when all improvements are implemented. This paper also presents a new attack on the initial white-box implementation of Chow et al. This attack exploits collisions occurring on internal variables of the implementation and it achieves a work factor of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{22}$$\end{document}. Eventually, we address the white-box AES implementation presented by Karroumi in 2010 which aims to withstand the BGE attack. We show that the implementations of Karroumi and Chow et al. are the same, making them both vulnerable to the same attacks.
7 schema:editor Nfae8344e1bb64a6f80faa4b56f98de1d
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf Nb6e1eb80773b4284a2ed02fa53982e73
11 schema:keywords AES
12 AES implementation
13 AES key
14 Chow et al
15 Eisen
16 Gilbert
17 Johnson
18 Tolhuizen
19 access
20 adversary
21 al
22 attacks
23 billet
24 chow
25 cipher
26 collisions
27 contribution
28 cryptography
29 efficient attack
30 environment
31 et al
32 execution environment
33 factors
34 full access
35 implementation
36 improvement
37 internal variables
38 key
39 most time-consuming phase
40 new attacks
41 paper
42 phase
43 present paper
44 same attack
45 secret key
46 time-consuming phase
47 van Oorschot
48 variables
49 white-box AES implementation
50 white-box cryptography
51 white-box implementations
52 work factors
53 schema:name Two Attacks on a White-Box AES Implementation
54 schema:pagination 265-285
55 schema:productId N46baa740a4854cf6a97aa61b11f0c11c
56 Nbf5b67a165eb419989f2f32376288163
57 schema:publisher N32c607ea62084e40b011c304de2a3cae
58 schema:sameAs https://app.dimensions.ai/details/publication/pub.1019819186
59 https://doi.org/10.1007/978-3-662-43414-7_14
60 schema:sdDatePublished 2022-09-02T16:15
61 schema:sdLicense https://scigraph.springernature.com/explorer/license/
62 schema:sdPublisher N09393fd292134d97ad0271546c58d83e
63 schema:url https://doi.org/10.1007/978-3-662-43414-7_14
64 sgo:license sg:explorer/license/
65 sgo:sdDataset chapters
66 rdf:type schema:Chapter
67 N058db29a91af450b85133c811c16ffd2 schema:familyName Lisoněk
68 schema:givenName Petr
69 rdf:type schema:Person
70 N09393fd292134d97ad0271546c58d83e schema:name Springer Nature - SN SciGraph project
71 rdf:type schema:Organization
72 N175c0d9d8c204a1fb67d0f220bd0cce8 rdf:first sg:person.016132517751.03
73 rdf:rest Nea5f87c6c5314f5397440435167070ec
74 N32c607ea62084e40b011c304de2a3cae schema:name Springer Nature
75 rdf:type schema:Organisation
76 N44367e1c41134281b2f7671b65e1b4b0 rdf:first sg:person.011115044357.39
77 rdf:rest rdf:nil
78 N469192fc0f324ea3abe0bebfe07ded39 rdf:first Nf31bb846f7c14425a09f1f23a0865d5b
79 rdf:rest N72ddbfe1c23e42b5a2bb04f8dacc3525
80 N46baa740a4854cf6a97aa61b11f0c11c schema:name doi
81 schema:value 10.1007/978-3-662-43414-7_14
82 rdf:type schema:PropertyValue
83 N72ddbfe1c23e42b5a2bb04f8dacc3525 rdf:first N058db29a91af450b85133c811c16ffd2
84 rdf:rest rdf:nil
85 N892c2331f9544f36a45e1617d84e0b16 schema:familyName Lange
86 schema:givenName Tanja
87 rdf:type schema:Person
88 N94b8fc91179b4ab3864bf7fe0fa7cfb4 rdf:first sg:person.07631674727.92
89 rdf:rest N44367e1c41134281b2f7671b65e1b4b0
90 Na5748ec120fe479990a373ca8dbf84d1 rdf:first sg:person.014375742011.82
91 rdf:rest N94b8fc91179b4ab3864bf7fe0fa7cfb4
92 Nb6e1eb80773b4284a2ed02fa53982e73 schema:isbn 978-3-662-43413-0
93 978-3-662-43414-7
94 schema:name Selected Areas in Cryptography -- SAC 2013
95 rdf:type schema:Book
96 Nbf5b67a165eb419989f2f32376288163 schema:name dimensions_id
97 schema:value pub.1019819186
98 rdf:type schema:PropertyValue
99 Nea5f87c6c5314f5397440435167070ec rdf:first sg:person.010262215407.97
100 rdf:rest Na5748ec120fe479990a373ca8dbf84d1
101 Nf31bb846f7c14425a09f1f23a0865d5b schema:familyName Lauter
102 schema:givenName Kristin
103 rdf:type schema:Person
104 Nfae8344e1bb64a6f80faa4b56f98de1d rdf:first N892c2331f9544f36a45e1617d84e0b16
105 rdf:rest N469192fc0f324ea3abe0bebfe07ded39
106 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
107 schema:name Information and Computing Sciences
108 rdf:type schema:DefinedTerm
109 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
110 schema:name Data Format
111 rdf:type schema:DefinedTerm
112 sg:person.010262215407.97 schema:affiliation grid-institutes:grid.470554.7
113 schema:familyName Rivain
114 schema:givenName Matthieu
115 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010262215407.97
116 rdf:type schema:Person
117 sg:person.011115044357.39 schema:affiliation grid-institutes:None
118 schema:familyName Preneel
119 schema:givenName Bart
120 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39
121 rdf:type schema:Person
122 sg:person.014375742011.82 schema:affiliation grid-institutes:None
123 schema:familyName De Mulder
124 schema:givenName Yoni
125 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014375742011.82
126 rdf:type schema:Person
127 sg:person.016132517751.03 schema:affiliation grid-institutes:grid.5607.4
128 schema:familyName Lepoint
129 schema:givenName Tancrède
130 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016132517751.03
131 rdf:type schema:Person
132 sg:person.07631674727.92 schema:affiliation grid-institutes:None
133 schema:familyName Roelse
134 schema:givenName Peter
135 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07631674727.92
136 rdf:type schema:Person
137 grid-institutes:None schema:alternateName Irdeto B.V., Hoofddorp, The Netherlands
138 KU Leuven and iMinds, Heverlee, Belgium
139 schema:name Irdeto B.V., Hoofddorp, The Netherlands
140 KU Leuven and iMinds, Heverlee, Belgium
141 rdf:type schema:Organization
142 grid-institutes:grid.470554.7 schema:alternateName CryptoExperts, Paris, France
143 schema:name CryptoExperts, Paris, France
144 rdf:type schema:Organization
145 grid-institutes:grid.5607.4 schema:alternateName École Normale Supérieure, Paris, France
146 schema:name CryptoExperts, Paris, France
147 École Normale Supérieure, Paris, France
148 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...