How to reveal the secrets of an obscure white-box implementation View Full Text


Ontology type: schema:ScholarlyArticle     


Article Info

DATE

2019-04-02

AUTHORS

Louis Goubin, Pascal Paillier, Matthieu Rivain, Junwei Wang

ABSTRACT

White-box cryptography (WBC) protects key extraction from software implementations of cryptographic primitives. Many academic works have been done achieving partial results toward WBC, but a complete solution has not been found yet by the cryptography community. As a result, the industry can only on proprietary and non-publicly scrutinized white-box implementations. It is therefore of interest to investigate the obtainable resistance of an AES implementation to thwart a white-box adversary in this paradigm. To this purpose, the ECRYPT CSA project has organized the WhibOx contest as the catch the flag challenge of CHES 2017. Researchers and engineers were invited to participate either as designers by submitting the source code of an AES-128 white-box implementation with a freely chosen key, or as breakers by trying to extract the hard-coded keys in the submissions. The participants were not expected to disclose their identities or the underlying designing/attacking techniques. In the end, 94 submitted challenges were all broken, and only 13 of them held more than one day. The strongest (in terms of surviving time) implementation survived for 28 days (which is more than twice as much as the second one). It was only broken by the authors of the present paper with reverse engineering and algebraic analysis. In this paper, we give a detailed description of the different steps of our cryptanalysis. We then generalize it to an attack methodology to break further obscure white-box implementations. In particular, we formalize and generalize the linear decoding analysis that we use to extract the key from the encoded intermediate variables of the target challenge. More... »

PAGES

1-18

References to SciGraph publications

  • 2003-02-17. White-Box Cryptography and an AES Implementation in SELECTED AREAS IN CRYPTOGRAPHY
  • 2004. Cryptanalysis of a White Box AES Implementation in SELECTED AREAS IN CRYPTOGRAPHY
  • 2017-07-29. Indistinguishability Obfuscation from Trilinear Maps and Block-Wise Local PRGs in ADVANCES IN CRYPTOLOGY – CRYPTO 2017
  • 2017-07-29. Indistinguishability Obfuscation from SXDH on 5-Linear Maps and Locality-5 PRGs in ADVANCES IN CRYPTOLOGY – CRYPTO 2017
  • 2018. Attacks and Countermeasures for White-box Designs in ADVANCES IN CRYPTOLOGY – ASIACRYPT 2018
  • 2011. Secret-Sharing Schemes: A Survey in CODING AND CRYPTOLOGY
  • 2011. Protecting White-Box AES with Dual Ciphers in INFORMATION SECURITY AND CRYPTOLOGY - ICISC 2010
  • 2014. Two Attacks on a White-Box AES Implementation in SELECTED AREAS IN CRYPTOGRAPHY -- SAC 2013
  • 2014. White-Box Security Notions for Symmetric Encryption Schemes in SELECTED AREAS IN CRYPTOGRAPHY -- SAC 2013
  • 2019. Higher-Order DCA against Standard Side-Channel Countermeasures in SHRINKING CITIES IN CHINA
  • 2001. On the (Im)possibility of Obfuscating Programs in ADVANCES IN CRYPTOLOGY — CRYPTO 2001
  • 1999. Differential Power Analysis in ADVANCES IN CRYPTOLOGY — CRYPTO’ 99
  • 2007. Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings in SELECTED AREAS IN CRYPTOGRAPHY
  • 2013. Candidate Multilinear Maps from Ideal Lattices in ADVANCES IN CRYPTOLOGY – EUROCRYPT 2013
  • 2010. Cryptanalysis of a Perturbated White-Box AES Implementation in PROGRESS IN CRYPTOLOGY - INDOCRYPT 2010
  • 2003. Attacking an Obfuscated Cipher by Injecting Faults in DIGITAL RIGHTS MANAGEMENT
  • 2003. Private Circuits: Securing Hardware against Probing Attacks in ADVANCES IN CRYPTOLOGY - CRYPTO 2003
  • 2009. Towards Security Notions for White-Box Cryptography in INFORMATION SECURITY
  • 2013. Cryptanalysis of the Xiao – Lai White-Box AES Implementation in SELECTED AREAS IN CRYPTOGRAPHY
  • 1969-08. Gaussian elimination is not optimal in NUMERISCHE MATHEMATIK
  • 2010. Provably Secure Higher-Order Masking of AES in CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS, CHES 2010
  • 2016. Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough in CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS – CHES 2016
  • 2007. Cryptanalysis of White Box DES Implementations in SELECTED AREAS IN CRYPTOGRAPHY
  • 2016. Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes in ADVANCES IN CRYPTOLOGY – EUROCRYPT 2016
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s13389-019-00207-5

    DOI

    http://dx.doi.org/10.1007/s13389-019-00207-5

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1113199941


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Data Format", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Versailles Saint-Quentin-en-Yvelines University", 
              "id": "https://www.grid.ac/institutes/grid.12832.3a", 
              "name": [
                "Laboratoire de Math\u00e9matiques de Versailles, UVSQ, CNRS, Universit\u00e9 Paris-Saclay, 78035, Versailles, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Goubin", 
            "givenName": "Louis", 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "CryptoExperts (France)", 
              "id": "https://www.grid.ac/institutes/grid.470554.7", 
              "name": [
                "CryptoExperts, 41 Boulevard des Capucines, 75002, Paris, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Paillier", 
            "givenName": "Pascal", 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "CryptoExperts (France)", 
              "id": "https://www.grid.ac/institutes/grid.470554.7", 
              "name": [
                "CryptoExperts, 41 Boulevard des Capucines, 75002, Paris, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Rivain", 
            "givenName": "Matthieu", 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Paris 8 University", 
              "id": "https://www.grid.ac/institutes/grid.15878.33", 
              "name": [
                "CryptoExperts, 41 Boulevard des Capucines, 75002, Paris, France", 
                "University of Luxembourg, 6 Avenue de la Fonte, 4364, Esch-sur-Alzette, Luxembourg", 
                "University Paris 8, 2 rue de la Libert\u00e9, 93526, Saint-Denis, France"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Wang", 
            "givenName": "Junwei", 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/978-3-540-45146-4_27", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1004401764", 
              "https://doi.org/10.1007/978-3-540-45146-4_27"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-48405-1_25", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1005179729", 
              "https://doi.org/10.1007/3-540-48405-1_25"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-77360-3_17", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1007293532", 
              "https://doi.org/10.1007/978-3-540-77360-3_17"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-77360-3_17", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1007293532", 
              "https://doi.org/10.1007/978-3-540-77360-3_17"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1145/2591796.2591825", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1007381018"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-77360-3_18", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014465776", 
              "https://doi.org/10.1007/978-3-540-77360-3_18"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-77360-3_18", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1014465776", 
              "https://doi.org/10.1007/978-3-540-77360-3_18"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-04474-8_4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1015778548", 
              "https://doi.org/10.1007/978-3-642-04474-8_4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-44993-5_2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1015891620", 
              "https://doi.org/10.1007/978-3-540-44993-5_2"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-44993-5_2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1015891620", 
              "https://doi.org/10.1007/978-3-540-44993-5_2"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-43414-7_13", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1018050450", 
              "https://doi.org/10.1007/978-3-662-43414-7_13"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bf02165411", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1018388567", 
              "https://doi.org/10.1007/bf02165411"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-43414-7_14", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1019819186", 
              "https://doi.org/10.1007/978-3-662-43414-7_14"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-53140-2_11", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1021278296", 
              "https://doi.org/10.1007/978-3-662-53140-2_11"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-49890-3_2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1023643402", 
              "https://doi.org/10.1007/978-3-662-49890-3_2"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-15031-9_28", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1027621097", 
              "https://doi.org/10.1007/978-3-642-15031-9_28"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-15031-9_28", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1027621097", 
              "https://doi.org/10.1007/978-3-642-15031-9_28"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-36492-7_17", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1029832219", 
              "https://doi.org/10.1007/3-540-36492-7_17"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-36492-7_17", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1029832219", 
              "https://doi.org/10.1007/3-540-36492-7_17"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-38348-9_1", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1034646992", 
              "https://doi.org/10.1007/978-3-642-38348-9_1"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-20901-7_2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1035725690", 
              "https://doi.org/10.1007/978-3-642-20901-7_2"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-20901-7_2", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1035725690", 
              "https://doi.org/10.1007/978-3-642-20901-7_2"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1103/physreve.69.066133", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1039022482"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1103/physreve.69.066133", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1039022482"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-44647-8_1", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1039594573", 
              "https://doi.org/10.1007/3-540-44647-8_1"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-35999-6_3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1040755097", 
              "https://doi.org/10.1007/978-3-642-35999-6_3"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-17401-8_21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1042908159", 
              "https://doi.org/10.1007/978-3-642-17401-8_21"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-17401-8_21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1042908159", 
              "https://doi.org/10.1007/978-3-642-17401-8_21"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-30564-4_16", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1044080559", 
              "https://doi.org/10.1007/978-3-540-30564-4_16"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-30564-4_16", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1044080559", 
              "https://doi.org/10.1007/978-3-540-30564-4_16"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-24209-0_19", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1050861244", 
              "https://doi.org/10.1007/978-3-642-24209-0_19"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-24209-0_19", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1050861244", 
              "https://doi.org/10.1007/978-3-642-24209-0_19"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-63688-7_20", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1090971725", 
              "https://doi.org/10.1007/978-3-319-63688-7_20"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-63688-7_20", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1090971725", 
              "https://doi.org/10.1007/978-3-319-63688-7_20"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-63688-7_21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1090971726", 
              "https://doi.org/10.1007/978-3-319-63688-7_21"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-63688-7_21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1090971726", 
              "https://doi.org/10.1007/978-3-319-63688-7_21"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/csa.2009.5404239", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1093219396"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/sp.2015.47", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1093288558"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/itcc.2005.100", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1094952075"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "https://doi.org/10.1109/focs.2013.13", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1095643127"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-030-03329-3_13", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1107870561", 
              "https://doi.org/10.1007/978-3-030-03329-3_13"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-030-16350-1_8", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1112814213", 
              "https://doi.org/10.1007/978-3-030-16350-1_8"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2019-04-02", 
        "datePublishedReg": "2019-04-02", 
        "description": "White-box cryptography (WBC) protects key extraction from software implementations of cryptographic primitives. Many academic works have been done achieving partial results toward WBC, but a complete solution has not been found yet by the cryptography community. As a result, the industry can only on proprietary and non-publicly scrutinized white-box implementations. It is therefore of interest to investigate the obtainable resistance of an AES implementation to thwart a white-box adversary in this paradigm. To this purpose, the ECRYPT CSA project has organized the WhibOx contest as the catch the flag challenge of CHES 2017. Researchers and engineers were invited to participate either as designers by submitting the source code of an AES-128 white-box implementation with a freely chosen key, or as breakers by trying to extract the hard-coded keys in the submissions. The participants were not expected to disclose their identities or the underlying designing/attacking techniques. In the end, 94 submitted challenges were all broken, and only 13 of them held more than one day. The strongest (in terms of surviving time) implementation survived for 28 days (which is more than twice as much as the second one). It was only broken by the authors of the present paper with reverse engineering and algebraic analysis. In this paper, we give a detailed description of the different steps of our cryptanalysis. We then generalize it to an attack methodology to break further obscure white-box implementations. In particular, we formalize and generalize the linear decoding analysis that we use to extract the key from the encoded intermediate variables of the target challenge.", 
        "genre": "research_article", 
        "id": "sg:pub.10.1007/s13389-019-00207-5", 
        "inLanguage": [
          "en"
        ], 
        "isAccessibleForFree": false, 
        "isFundedItemOf": [
          {
            "id": "sg:grant.3938497", 
            "type": "MonetaryGrant"
          }
        ], 
        "isPartOf": [
          {
            "id": "sg:journal.1136625", 
            "issn": [
              "2190-8508", 
              "2190-8516"
            ], 
            "name": "Journal of Cryptographic Engineering", 
            "type": "Periodical"
          }
        ], 
        "name": "How to reveal the secrets of an obscure white-box implementation", 
        "pagination": "1-18", 
        "productId": [
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s13389-019-00207-5"
            ]
          }, 
          {
            "name": "readcube_id", 
            "type": "PropertyValue", 
            "value": [
              "59d4dfb0cbc44763002d88b6e7cb3bca7c8f12f9928b161ee9b0328780598d84"
            ]
          }, 
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1113199941"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s13389-019-00207-5", 
          "https://app.dimensions.ai/details/publication/pub.1113199941"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2019-04-15T09:18", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000376_0000000376/records_56173_00000006.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "https://link.springer.com/10.1007%2Fs13389-019-00207-5"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s13389-019-00207-5'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s13389-019-00207-5'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s13389-019-00207-5'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s13389-019-00207-5'


     

    This table displays all metadata directly associated to this object as RDF triples.

    196 TRIPLES      21 PREDICATES      54 URIs      16 LITERALS      5 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s13389-019-00207-5 schema:about anzsrc-for:08
    2 anzsrc-for:0804
    3 schema:author N4cd8c2ec38da4a919b108594350d2e6d
    4 schema:citation sg:pub.10.1007/3-540-36492-7_17
    5 sg:pub.10.1007/3-540-44647-8_1
    6 sg:pub.10.1007/3-540-48405-1_25
    7 sg:pub.10.1007/978-3-030-03329-3_13
    8 sg:pub.10.1007/978-3-030-16350-1_8
    9 sg:pub.10.1007/978-3-319-63688-7_20
    10 sg:pub.10.1007/978-3-319-63688-7_21
    11 sg:pub.10.1007/978-3-540-30564-4_16
    12 sg:pub.10.1007/978-3-540-44993-5_2
    13 sg:pub.10.1007/978-3-540-45146-4_27
    14 sg:pub.10.1007/978-3-540-77360-3_17
    15 sg:pub.10.1007/978-3-540-77360-3_18
    16 sg:pub.10.1007/978-3-642-04474-8_4
    17 sg:pub.10.1007/978-3-642-15031-9_28
    18 sg:pub.10.1007/978-3-642-17401-8_21
    19 sg:pub.10.1007/978-3-642-20901-7_2
    20 sg:pub.10.1007/978-3-642-24209-0_19
    21 sg:pub.10.1007/978-3-642-35999-6_3
    22 sg:pub.10.1007/978-3-642-38348-9_1
    23 sg:pub.10.1007/978-3-662-43414-7_13
    24 sg:pub.10.1007/978-3-662-43414-7_14
    25 sg:pub.10.1007/978-3-662-49890-3_2
    26 sg:pub.10.1007/978-3-662-53140-2_11
    27 sg:pub.10.1007/bf02165411
    28 https://doi.org/10.1103/physreve.69.066133
    29 https://doi.org/10.1109/csa.2009.5404239
    30 https://doi.org/10.1109/focs.2013.13
    31 https://doi.org/10.1109/itcc.2005.100
    32 https://doi.org/10.1109/sp.2015.47
    33 https://doi.org/10.1145/2591796.2591825
    34 schema:datePublished 2019-04-02
    35 schema:datePublishedReg 2019-04-02
    36 schema:description White-box cryptography (WBC) protects key extraction from software implementations of cryptographic primitives. Many academic works have been done achieving partial results toward WBC, but a complete solution has not been found yet by the cryptography community. As a result, the industry can only on proprietary and non-publicly scrutinized white-box implementations. It is therefore of interest to investigate the obtainable resistance of an AES implementation to thwart a white-box adversary in this paradigm. To this purpose, the ECRYPT CSA project has organized the WhibOx contest as the catch the flag challenge of CHES 2017. Researchers and engineers were invited to participate either as designers by submitting the source code of an AES-128 white-box implementation with a freely chosen key, or as breakers by trying to extract the hard-coded keys in the submissions. The participants were not expected to disclose their identities or the underlying designing/attacking techniques. In the end, 94 submitted challenges were all broken, and only 13 of them held more than one day. The strongest (in terms of surviving time) implementation survived for 28 days (which is more than twice as much as the second one). It was only broken by the authors of the present paper with reverse engineering and algebraic analysis. In this paper, we give a detailed description of the different steps of our cryptanalysis. We then generalize it to an attack methodology to break further obscure white-box implementations. In particular, we formalize and generalize the linear decoding analysis that we use to extract the key from the encoded intermediate variables of the target challenge.
    37 schema:genre research_article
    38 schema:inLanguage en
    39 schema:isAccessibleForFree false
    40 schema:isPartOf sg:journal.1136625
    41 schema:name How to reveal the secrets of an obscure white-box implementation
    42 schema:pagination 1-18
    43 schema:productId N035e2f9a06834d23ba4b1682c3348506
    44 N9ff2c523726e41f393e919c6a8bd86d0
    45 N9ff96599a0c24ccf8a8e4529a866e33b
    46 schema:sameAs https://app.dimensions.ai/details/publication/pub.1113199941
    47 https://doi.org/10.1007/s13389-019-00207-5
    48 schema:sdDatePublished 2019-04-15T09:18
    49 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    50 schema:sdPublisher N43e108eb13bf42488f17e9c5124a5959
    51 schema:url https://link.springer.com/10.1007%2Fs13389-019-00207-5
    52 sgo:license sg:explorer/license/
    53 sgo:sdDataset articles
    54 rdf:type schema:ScholarlyArticle
    55 N035e2f9a06834d23ba4b1682c3348506 schema:name doi
    56 schema:value 10.1007/s13389-019-00207-5
    57 rdf:type schema:PropertyValue
    58 N0e20bd4f9d8c42618ccbe87a4b92c044 rdf:first N7a69b7fa583d4635b782cb3c0e286b64
    59 rdf:rest Nd35c0d31209f4414808982aee83076cd
    60 N35af7c598d3f4ff2a7974f76ca95b8d5 schema:affiliation https://www.grid.ac/institutes/grid.470554.7
    61 schema:familyName Rivain
    62 schema:givenName Matthieu
    63 rdf:type schema:Person
    64 N43e108eb13bf42488f17e9c5124a5959 schema:name Springer Nature - SN SciGraph project
    65 rdf:type schema:Organization
    66 N4cd8c2ec38da4a919b108594350d2e6d rdf:first Ne248568722df45048a0c2d1fd42979d9
    67 rdf:rest N0e20bd4f9d8c42618ccbe87a4b92c044
    68 N7a69b7fa583d4635b782cb3c0e286b64 schema:affiliation https://www.grid.ac/institutes/grid.470554.7
    69 schema:familyName Paillier
    70 schema:givenName Pascal
    71 rdf:type schema:Person
    72 N8a12d5303ca04431b1c9e41ef024251c schema:affiliation https://www.grid.ac/institutes/grid.15878.33
    73 schema:familyName Wang
    74 schema:givenName Junwei
    75 rdf:type schema:Person
    76 N9ff2c523726e41f393e919c6a8bd86d0 schema:name readcube_id
    77 schema:value 59d4dfb0cbc44763002d88b6e7cb3bca7c8f12f9928b161ee9b0328780598d84
    78 rdf:type schema:PropertyValue
    79 N9ff96599a0c24ccf8a8e4529a866e33b schema:name dimensions_id
    80 schema:value pub.1113199941
    81 rdf:type schema:PropertyValue
    82 Nd35c0d31209f4414808982aee83076cd rdf:first N35af7c598d3f4ff2a7974f76ca95b8d5
    83 rdf:rest Ne660aa5a12aa4837b83f5f0a4a83f79f
    84 Ne248568722df45048a0c2d1fd42979d9 schema:affiliation https://www.grid.ac/institutes/grid.12832.3a
    85 schema:familyName Goubin
    86 schema:givenName Louis
    87 rdf:type schema:Person
    88 Ne660aa5a12aa4837b83f5f0a4a83f79f rdf:first N8a12d5303ca04431b1c9e41ef024251c
    89 rdf:rest rdf:nil
    90 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    91 schema:name Information and Computing Sciences
    92 rdf:type schema:DefinedTerm
    93 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
    94 schema:name Data Format
    95 rdf:type schema:DefinedTerm
    96 sg:grant.3938497 http://pending.schema.org/fundedItem sg:pub.10.1007/s13389-019-00207-5
    97 rdf:type schema:MonetaryGrant
    98 sg:journal.1136625 schema:issn 2190-8508
    99 2190-8516
    100 schema:name Journal of Cryptographic Engineering
    101 rdf:type schema:Periodical
    102 sg:pub.10.1007/3-540-36492-7_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1029832219
    103 https://doi.org/10.1007/3-540-36492-7_17
    104 rdf:type schema:CreativeWork
    105 sg:pub.10.1007/3-540-44647-8_1 schema:sameAs https://app.dimensions.ai/details/publication/pub.1039594573
    106 https://doi.org/10.1007/3-540-44647-8_1
    107 rdf:type schema:CreativeWork
    108 sg:pub.10.1007/3-540-48405-1_25 schema:sameAs https://app.dimensions.ai/details/publication/pub.1005179729
    109 https://doi.org/10.1007/3-540-48405-1_25
    110 rdf:type schema:CreativeWork
    111 sg:pub.10.1007/978-3-030-03329-3_13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1107870561
    112 https://doi.org/10.1007/978-3-030-03329-3_13
    113 rdf:type schema:CreativeWork
    114 sg:pub.10.1007/978-3-030-16350-1_8 schema:sameAs https://app.dimensions.ai/details/publication/pub.1112814213
    115 https://doi.org/10.1007/978-3-030-16350-1_8
    116 rdf:type schema:CreativeWork
    117 sg:pub.10.1007/978-3-319-63688-7_20 schema:sameAs https://app.dimensions.ai/details/publication/pub.1090971725
    118 https://doi.org/10.1007/978-3-319-63688-7_20
    119 rdf:type schema:CreativeWork
    120 sg:pub.10.1007/978-3-319-63688-7_21 schema:sameAs https://app.dimensions.ai/details/publication/pub.1090971726
    121 https://doi.org/10.1007/978-3-319-63688-7_21
    122 rdf:type schema:CreativeWork
    123 sg:pub.10.1007/978-3-540-30564-4_16 schema:sameAs https://app.dimensions.ai/details/publication/pub.1044080559
    124 https://doi.org/10.1007/978-3-540-30564-4_16
    125 rdf:type schema:CreativeWork
    126 sg:pub.10.1007/978-3-540-44993-5_2 schema:sameAs https://app.dimensions.ai/details/publication/pub.1015891620
    127 https://doi.org/10.1007/978-3-540-44993-5_2
    128 rdf:type schema:CreativeWork
    129 sg:pub.10.1007/978-3-540-45146-4_27 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004401764
    130 https://doi.org/10.1007/978-3-540-45146-4_27
    131 rdf:type schema:CreativeWork
    132 sg:pub.10.1007/978-3-540-77360-3_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007293532
    133 https://doi.org/10.1007/978-3-540-77360-3_17
    134 rdf:type schema:CreativeWork
    135 sg:pub.10.1007/978-3-540-77360-3_18 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014465776
    136 https://doi.org/10.1007/978-3-540-77360-3_18
    137 rdf:type schema:CreativeWork
    138 sg:pub.10.1007/978-3-642-04474-8_4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1015778548
    139 https://doi.org/10.1007/978-3-642-04474-8_4
    140 rdf:type schema:CreativeWork
    141 sg:pub.10.1007/978-3-642-15031-9_28 schema:sameAs https://app.dimensions.ai/details/publication/pub.1027621097
    142 https://doi.org/10.1007/978-3-642-15031-9_28
    143 rdf:type schema:CreativeWork
    144 sg:pub.10.1007/978-3-642-17401-8_21 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042908159
    145 https://doi.org/10.1007/978-3-642-17401-8_21
    146 rdf:type schema:CreativeWork
    147 sg:pub.10.1007/978-3-642-20901-7_2 schema:sameAs https://app.dimensions.ai/details/publication/pub.1035725690
    148 https://doi.org/10.1007/978-3-642-20901-7_2
    149 rdf:type schema:CreativeWork
    150 sg:pub.10.1007/978-3-642-24209-0_19 schema:sameAs https://app.dimensions.ai/details/publication/pub.1050861244
    151 https://doi.org/10.1007/978-3-642-24209-0_19
    152 rdf:type schema:CreativeWork
    153 sg:pub.10.1007/978-3-642-35999-6_3 schema:sameAs https://app.dimensions.ai/details/publication/pub.1040755097
    154 https://doi.org/10.1007/978-3-642-35999-6_3
    155 rdf:type schema:CreativeWork
    156 sg:pub.10.1007/978-3-642-38348-9_1 schema:sameAs https://app.dimensions.ai/details/publication/pub.1034646992
    157 https://doi.org/10.1007/978-3-642-38348-9_1
    158 rdf:type schema:CreativeWork
    159 sg:pub.10.1007/978-3-662-43414-7_13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018050450
    160 https://doi.org/10.1007/978-3-662-43414-7_13
    161 rdf:type schema:CreativeWork
    162 sg:pub.10.1007/978-3-662-43414-7_14 schema:sameAs https://app.dimensions.ai/details/publication/pub.1019819186
    163 https://doi.org/10.1007/978-3-662-43414-7_14
    164 rdf:type schema:CreativeWork
    165 sg:pub.10.1007/978-3-662-49890-3_2 schema:sameAs https://app.dimensions.ai/details/publication/pub.1023643402
    166 https://doi.org/10.1007/978-3-662-49890-3_2
    167 rdf:type schema:CreativeWork
    168 sg:pub.10.1007/978-3-662-53140-2_11 schema:sameAs https://app.dimensions.ai/details/publication/pub.1021278296
    169 https://doi.org/10.1007/978-3-662-53140-2_11
    170 rdf:type schema:CreativeWork
    171 sg:pub.10.1007/bf02165411 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018388567
    172 https://doi.org/10.1007/bf02165411
    173 rdf:type schema:CreativeWork
    174 https://doi.org/10.1103/physreve.69.066133 schema:sameAs https://app.dimensions.ai/details/publication/pub.1039022482
    175 rdf:type schema:CreativeWork
    176 https://doi.org/10.1109/csa.2009.5404239 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093219396
    177 rdf:type schema:CreativeWork
    178 https://doi.org/10.1109/focs.2013.13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095643127
    179 rdf:type schema:CreativeWork
    180 https://doi.org/10.1109/itcc.2005.100 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094952075
    181 rdf:type schema:CreativeWork
    182 https://doi.org/10.1109/sp.2015.47 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093288558
    183 rdf:type schema:CreativeWork
    184 https://doi.org/10.1145/2591796.2591825 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007381018
    185 rdf:type schema:CreativeWork
    186 https://www.grid.ac/institutes/grid.12832.3a schema:alternateName Versailles Saint-Quentin-en-Yvelines University
    187 schema:name Laboratoire de Mathématiques de Versailles, UVSQ, CNRS, Université Paris-Saclay, 78035, Versailles, France
    188 rdf:type schema:Organization
    189 https://www.grid.ac/institutes/grid.15878.33 schema:alternateName Paris 8 University
    190 schema:name CryptoExperts, 41 Boulevard des Capucines, 75002, Paris, France
    191 University Paris 8, 2 rue de la Liberté, 93526, Saint-Denis, France
    192 University of Luxembourg, 6 Avenue de la Fonte, 4364, Esch-sur-Alzette, Luxembourg
    193 rdf:type schema:Organization
    194 https://www.grid.ac/institutes/grid.470554.7 schema:alternateName CryptoExperts (France)
    195 schema:name CryptoExperts, 41 Boulevard des Capucines, 75002, Paris, France
    196 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...