Two Attacks on a White-Box AES Implementation

Tancrède Lepoint 1, 2, 3 Matthieu Rivain 3 Yoni De Mulder 4, 5 Bart Preneel 6 Peter Roelse 7
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
4 ESAT-COSIC - Computer Security and Industrial Cryptography [KU Leuven]
KU-ESAT - Department of Electrical Engineering [KU Leuven]
Abstract : White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracts extracting its embedded AES key with a work factor of 2^30 . In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. The present paper includes three contributions. First we describe several improvements of the BGE attack. We show that the overall work factor of the BGE attack is reduced to 2^22 when all improvements are implemented. This paper also presents a new attack on the initial white-box implementation of Chow et al. This attack exploits collisions occurring on internal variables of the implementation and it achieves a work factor of 2^22 . Eventually, we address the white-box AES implementation presented by Karroumi in 2010 which aims to withstand the BGE attack. We show that the implementations of Karroumi and Chow et al. are the same, making them both vulnerable to the same attacks.
Type de document :
Communication dans un congrès
SAC 2013 - 20th International Conference Selected Areas in Cryptography, Aug 2013, Burnaby, British Columbia, Canada. Springer, LNCS, 8282, pp.265-285, 2013, Selected Areas in Cryptography -- SAC 2013. 〈10.1007/978-3-662-43414-7_14〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00872844
Contributeur : Tancrède Lepoint <>
Soumis le : lundi 14 octobre 2013 - 14:58:03
Dernière modification le : vendredi 25 mai 2018 - 12:02:05

Lien texte intégral

Identifiants

Collections

Citation

Tancrède Lepoint, Matthieu Rivain, Yoni De Mulder, Bart Preneel, Peter Roelse. Two Attacks on a White-Box AES Implementation. SAC 2013 - 20th International Conference Selected Areas in Cryptography, Aug 2013, Burnaby, British Columbia, Canada. Springer, LNCS, 8282, pp.265-285, 2013, Selected Areas in Cryptography -- SAC 2013. 〈10.1007/978-3-662-43414-7_14〉. 〈hal-00872844〉

Partager

Métriques

Consultations de la notice

254