On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

Estuardo Alpirez Bock, Chris Brzuska, Wil Michiels, Alexander Treff

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

Uittreksel

The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.

TaalEngels
TitelApplied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings
UitgeverijSpringer
Pagina's103-120
Aantal pagina's18
ISBN van geprinte versie9783319933863
DOI's
StatusGepubliceerd - 1 jan 2018
Evenement16th International Conference on Applied Cryptography and Network Security (ACNS2018) - Leuven, België
Duur: 2 jul 20184 jul 2018
https://www.cosic.esat.kuleuven.be/events/acns2018/

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10892 LNCS
ISSN van geprinte versie0302-9743
ISSN van elektronische versie1611-3349

Congres

Congres16th International Conference on Applied Cryptography and Network Security (ACNS2018)
Verkorte titelACNS2018
LandBelgië
StadLeuven
Periode2/07/184/07/18
Internet adres

Vingerafdruk

Computational Analysis
Cryptography
Encoding
Attack
Internal
Trace
Software
Instrumentation
Encryption
Statistical Analysis
Statistical methods
Binary
Data storage equipment
Dependent

Trefwoorden

    Citeer dit

    Alpirez Bock, E., Brzuska, C., Michiels, W., & Treff, A. (2018). On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. In Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings (blz. 103-120). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10892 LNCS). Springer. DOI: 10.1007/978-3-319-93387-0_6
    Alpirez Bock, Estuardo ; Brzuska, Chris ; Michiels, Wil ; Treff, Alexander. / On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer, 2018. blz. 103-120 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    @inproceedings{ddf35f29d8584dcca76d9082425f5163,
    title = "On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography",
    abstract = "The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.",
    keywords = "Differential computational analysis, Mixing bijections, Software execution traces, White-box cryptography",
    author = "{Alpirez Bock}, Estuardo and Chris Brzuska and Wil Michiels and Alexander Treff",
    year = "2018",
    month = "1",
    day = "1",
    doi = "10.1007/978-3-319-93387-0_6",
    language = "English",
    isbn = "9783319933863",
    series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
    publisher = "Springer",
    pages = "103--120",
    booktitle = "Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings",
    address = "Germany",

    }

    Alpirez Bock, E, Brzuska, C, Michiels, W & Treff, A 2018, On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. in Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10892 LNCS, Springer, blz. 103-120, Leuven, België, 2/07/18. DOI: 10.1007/978-3-319-93387-0_6

    On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. / Alpirez Bock, Estuardo; Brzuska, Chris; Michiels, Wil; Treff, Alexander.

    Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer, 2018. blz. 103-120 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10892 LNCS).

    Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

    TY - GEN

    T1 - On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography

    AU - Alpirez Bock,Estuardo

    AU - Brzuska,Chris

    AU - Michiels,Wil

    AU - Treff,Alexander

    PY - 2018/1/1

    Y1 - 2018/1/1

    N2 - The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.

    AB - The goal of white-box cryptography is to implement cryptographic algorithms securely in software in the presence of an adversary that has complete access to the software’s program code and execution environment. In particular, white-box cryptography needs to protect the embedded secret key from being extracted. Bos et al. (CHES 2016) introduced differential computational analysis (DCA), the first automated attack on white-box cryptography. The DCA attack performs a statistical analysis on execution traces. These traces contain information such as memory addresses or register values, that is collected via binary instrumentation tooling during the encryption process. The white-box implementations that were attacked by Bos et al., as well as white-box implementations that have been described in the literature, protect the embedded key by using internal encodings techniques introduced by Chow et al. (SAC 2002). Thereby, a combination of linear and non-liner nibble encodings is used to protect the secret key. In this paper we analyse the use of such internal encodings and prove rigorously that they are too weak to protect against DCA. We prove that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack succeeds with high probability.

    KW - Differential computational analysis

    KW - Mixing bijections

    KW - Software execution traces

    KW - White-box cryptography

    UR - http://www.scopus.com/inward/record.url?scp=85049089589&partnerID=8YFLogxK

    U2 - 10.1007/978-3-319-93387-0_6

    DO - 10.1007/978-3-319-93387-0_6

    M3 - Conference contribution

    SN - 9783319933863

    T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    SP - 103

    EP - 120

    BT - Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings

    PB - Springer

    ER -

    Alpirez Bock E, Brzuska C, Michiels W, Treff A. On the ineffectiveness of internal encodings - Revisiting the DCA attack on white-box cryptography. In Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer. 2018. blz. 103-120. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Beschikbaar vanaf, DOI: 10.1007/978-3-319-93387-0_6