Differential computation analysis : hiding your white-box designs is not enough

J.W. Bos, C. Hubain, W.P.A.J. Michiels, P. Teuwen

Onderzoeksoutput: Boek/rapportRapportAcademic

Uittreksel

Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.
TaalEngels
UitgeverijIACR
Aantal pagina's22
StatusGepubliceerd - 2015

Publicatie series

NaamCryptology ePrint Archive
Volume2015/753

Vingerafdruk

Reverse engineering
Cryptography
Hardware
Data storage equipment
Industry
Side channel attack

Citeer dit

Bos, J. W., Hubain, C., Michiels, W. P. A. J., & Teuwen, P. (2015). Differential computation analysis : hiding your white-box designs is not enough. (Cryptology ePrint Archive; Vol. 2015/753). IACR.
Bos, J.W. ; Hubain, C. ; Michiels, W.P.A.J. ; Teuwen, P./ Differential computation analysis : hiding your white-box designs is not enough. IACR, 2015. 22 blz. (Cryptology ePrint Archive).
@book{013c50d1f9ef45bbb396b000b59fea1c,
title = "Differential computation analysis : hiding your white-box designs is not enough",
abstract = "Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell {"}secure{"} white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.",
author = "J.W. Bos and C. Hubain and W.P.A.J. Michiels and P. Teuwen",
year = "2015",
language = "English",
series = "Cryptology ePrint Archive",
publisher = "IACR",

}

Bos, JW, Hubain, C, Michiels, WPAJ & Teuwen, P 2015, Differential computation analysis : hiding your white-box designs is not enough. Cryptology ePrint Archive, vol. 2015/753, IACR.

Differential computation analysis : hiding your white-box designs is not enough. / Bos, J.W.; Hubain, C.; Michiels, W.P.A.J.; Teuwen, P.

IACR, 2015. 22 blz. (Cryptology ePrint Archive; Vol. 2015/753).

Onderzoeksoutput: Boek/rapportRapportAcademic

TY - BOOK

T1 - Differential computation analysis : hiding your white-box designs is not enough

AU - Bos,J.W.

AU - Hubain,C.

AU - Michiels,W.P.A.J.

AU - Teuwen,P.

PY - 2015

Y1 - 2015

N2 - Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.

AB - Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.

M3 - Report

T3 - Cryptology ePrint Archive

BT - Differential computation analysis : hiding your white-box designs is not enough

PB - IACR

ER -

Bos JW, Hubain C, Michiels WPAJ, Teuwen P. Differential computation analysis : hiding your white-box designs is not enough. IACR, 2015. 22 blz. (Cryptology ePrint Archive).