On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

Estuardo Alpirez Bock; Chris Brzuska; Wil Michiels; Alexander Treff

doi:10.1007/978-3-319-93387-0_6

On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

Estuardo Alpirez Bock, Chris Brzuska, Wil Michiels, Alexander Treff

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

10 Citations (Scopus)

Abstract

The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.

Original language	English
Title of host publication	Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings
Publisher	Springer
Pages	103-120
Number of pages	18
ISBN (Print)	9783319933863
DOIs	https://doi.org/10.1007/978-3-319-93387-0_6
Publication status	Published - 1 Jan 2018
Event	16th International Conference on Applied Cryptography and Network Security (ACNS2018) - Leuven, Belgium Duration: 2 Jul 2018 → 4 Jul 2018 https://www.cosic.esat.kuleuven.be/events/acns2018/

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10892 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Conference on Applied Cryptography and Network Security (ACNS2018)
Abbreviated title	ACNS2018
Country/Territory	Belgium
City	Leuven
Period	2/07/18 → 4/07/18
Internet address	https://www.cosic.esat.kuleuven.be/events/acns2018/

Keywords

Differential computational analysis
Mixing bijections
Software execution traces
White-box cryptography

Access to Document

10.1007/978-3-319-93387-0_6

Cite this

Alpirez Bock, E., Brzuska, C., Michiels, W., & Treff, A. (2018). On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. In Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings (pp. 103-120). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10892 LNCS). Springer. https://doi.org/10.1007/978-3-319-93387-0_6

Alpirez Bock, Estuardo ; Brzuska, Chris ; Michiels, Wil ; Treff, Alexander. / On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer, 2018. pp. 103-120 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ddf35f29d8584dcca76d9082425f5163,

title = "On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography",

abstract = "The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software{\textquoteright}s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.",

keywords = "Differential computational analysis, Mixing bijections, Software execution traces, White-box cryptography",

author = "{Alpirez Bock}, Estuardo and Chris Brzuska and Wil Michiels and Alexander Treff",

year = "2018",

month = jan,

day = "1",

doi = "10.1007/978-3-319-93387-0_6",

language = "English",

isbn = "9783319933863",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "103--120",

booktitle = "Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings",

address = "Germany",

note = "16th International Conference on Applied Cryptography and Network Security (ACNS2018), ACNS2018 ; Conference date: 02-07-2018 Through 04-07-2018",

url = "https://www.cosic.esat.kuleuven.be/events/acns2018/",

}

Alpirez Bock, E, Brzuska, C, Michiels, W & Treff, A 2018, On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. in Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10892 LNCS, Springer, pp. 103-120, 16th International Conference on Applied Cryptography and Network Security (ACNS2018), Leuven, Belgium, 2/07/18. https://doi.org/10.1007/978-3-319-93387-0_6

On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. / Alpirez Bock, Estuardo; Brzuska, Chris; Michiels, Wil; Treff, Alexander.

Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer, 2018. p. 103-120 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10892 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

AU - Alpirez Bock, Estuardo

AU - Brzuska, Chris

AU - Michiels, Wil

AU - Treff, Alexander

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.

AB - The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.

KW - Differential computational analysis

KW - Mixing bijections

KW - Software execution traces

KW - White-box cryptography

UR - http://www.scopus.com/inward/record.url?scp=85049089589&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-93387-0_6

DO - 10.1007/978-3-319-93387-0_6

M3 - Conference contribution

AN - SCOPUS:85049089589

SN - 9783319933863

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 103

EP - 120

BT - Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings

PB - Springer

T2 - 16th International Conference on Applied Cryptography and Network Security (ACNS2018)

Y2 - 2 July 2018 through 4 July 2018

ER -

Alpirez Bock E, Brzuska C, Michiels W, Treff A. On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. In Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer. 2018. p. 103-120. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-93387-0_6

On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

On the Foundations of White-Box Cryptography

Cite this

On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Press / Media

On the Foundations of White-Box Cryptography

Cite this