Protect white-box AES to resist table composition attacks

Kunpeng Bai; Chuankun Wu; Zhenfeng Zhang

Protect white-box AES to resist table composition attacks

View Fulltext

Author(s): Kunpeng Bai¹ ; Chuankun Wu² ; Zhenfeng Zhang¹
- Affiliations: 1: Laboratory of Trusted Computing and Information Assurance, SKLCS, Institute of Software, Chinese Academy of Sciences , Beijing , People's Republic of China ;
  2: State Key Laboratory of Information Security, Institute of Information Engineering , Chinese Academy of Sciences, Beijing , People's Republic of China
Source: Volume 12, Issue 4, July 2018, p. 305 – 313
DOI: 10.1049/iet-ifs.2017.0046 , Print ISSN 1751-8709, Online ISSN 1751-8717

Received 25/01/2017, Accepted 02/02/2018, Revised 10/01/2018, Published 05/02/2018

White-box cryptography protects cryptographic software in a white-box attack context (WBAC), where the dynamic execution of the cryptographic software is under full control of an adversary. Protecting AES in the white-box setting attracted many scientists and engineers, and several solutions emerged. However, almost all these solutions have been badly broken by various efficient white-box attacks, which target compositions of key-embedding lookup tables. In 2014, Luo, Lai, and You proposed a new WBAC-oriented AES implementation, and claimed that their implementation is secure against both Billet et al.'s attack and De Mulder et al.'s attack. In this study, based on the existing table-composition-targeting cryptanalysis techniques, the authors show that the secret key of the Luo–Lai–You (LLY) implementation can be recovered with a time complexity of about 2⁴⁴. Furthermore, the authors propose a new white-box AES implementation based on table lookups, which is shown to be resistant against the existing table-composition-targeting white-box attacks. The authors, key-embedding tables are obfuscated with large affine mappings, which cannot be cancelled out by table compositions of the existing cryptanalysis techniques. Although their implementation requires twice as much memory as the LLY WBAES to store the tables, its speed is about 63 times of the latter.

References

1. 1)
  - 21. Bogdanov, A., Isobe, T.: ‘White-box cryptography revisited: space-hard ciphers’. Proc. Int. Conf. on Computer and Communications Security, Denver, USA, October 2015, pp. 1058–1069.
2. 2)
  - 13. Raddum, H.: ‘More dual Rijndaels’, in Dobbertin, H., Rijmen, V., Sowa, A. (Eds.): ‘Advanced encryption standard — AES’ (Springer, Berlin, 2005), pp. 33–50.
3. 3)
  - 15. Sasdrich, P., Moradi, A., Güneysu, T.: ‘White-box cryptography in the gray box — a hardware implementation and its side channels’, in Peyrin, T. (Ed.): ‘Fast software encryption’ (Springer, Berlin, 2016), pp. 185–203.
4. 4)
  - 1. Chow, S., Eisen, P., Johnson, H., et al: ‘White-box cryptography and an AES implementation’, in Nyberg, K., Heys, H. (Eds.): ‘Selected areas in cryptography’ (Springer, Berlin, 2003), pp. 250–270.
5. 5)
  - 17. Link, H.E., Neumann, W.D.: ‘Clarifying obfuscation: improving the security of white-Box DES’. Proc. Int. Conf. on Information Technology: Coding and Computing, Las Vegas, USA, April 2005, pp. 679–684.
6. 6)
  - 4. Lepoint, T., Rivain, M., De Mulder, Y., et al: ‘Two attacks on a white-box AES implementation’, in Lange, T., Lauter, K., Lisoněk, P. (Eds.): ‘Selected areas in cryptography — SAC 2013’ (Springer, Berlin, 2014), pp. 265–285.
7. 7)
  - 18. Goubin, L., Masereel, J.M., Quisquater, M.: ‘Cryptanalysis of white box DES implementations’, in Adams, C., Miri, A., Wiener, M. (Eds.): ‘Selected areas in cryptography’ (Springer, Berlin, 2007), pp. 278–295.
8. 8)
  - 9. Michiels, W., Gorissen, P., Hollmann, H.: ‘Cryptanalysis of a generic class of white-box implementations’, in Avanzi, R., Keliher, L., Sica, F. (Eds.): ‘Selected areas in cryptography’ (Springer, Berlin, 2009), pp. 414–428.
9. 9)
  - 25. Minaud, B., Derbez, P., Fouque, P.A., et al: ‘Key-recovery attacks on ASASA’, in Iwata, T., Cheon, J. (Eds.): ‘Advances in cryptology — ASIACRYPT 2015’ (Springer, Berlin, 2015), pp. 3–27.
10. 10)
  - 23. Fouque, P.A., Karpman, P., Kirchner, P., et al: ‘Efficient and provable white-box primitives’, in Cheon, J., Takagi, T. (Eds.): ‘Advances in cryptology — ASIACRYPT 2016’ (Springer, Berlin, 2016), pp. 159–188.
11. 11)
  - 7. Xiao, Y., Lai, X.: ‘A secure implementation of white-box AES’. Proc. Int. Conf. on Computer Science and its Applications, Jeju, Korea, December 2009, pp. 1–6.
12. 12)
  - 12. Biryukov, A., De Cannière, C., Braeken, A., et al: ‘A toolbox for cryptanalysis: linear and affine equivalence algorithms’, in Biham, E. (Ed.): ‘Advances in cryptology — EUROCRYPT 2003’ (Springer, Berlin, 2003), pp. 33–50.
13. 13)
  - 2. Billet, O., Gilbert, H., Ech-Chatbi, C.: ‘Cryptanalysis of a white box AES implementation’, in Handschuh, H., Hasan, M. (Eds.): ‘Selected areas in cryptography’ (Springer, Berlin, 2005), pp. 227–240.
14. 14)
  - 10. Karroumi, M.: ‘Protecting white-Box AES with dual ciphers’, in Rhee, K., Nyang, D. (Eds.): ‘Information security and cryptology — ICISC 2010’ (Springer, Berlin, 2011), pp. 278–291.
15. 15)
  - 11. Barkan, E., Biham, E.: ‘In how many ways can you write Rijndael?’, in Zheng, Y. (Ed.): ‘Advances in cryptology — ASIACRYPT 2002’ (Springer, Berlin, 2002), pp. 160–175.
16. 16)
  - 20. Biryukov, A., Bouillaguet, C., Khovratovich, D.: ‘Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract)’, in Sarkar, P., Iwata, T. (Eds.): ‘Advances in cryptology — ASIACRYPT 2014’ (Springer, Berlin, 2014), pp. 63–84.
17. 17)
  - 24. Gilbert, H., Plût, J., Treger, J.: ‘Key-recovery attack on the ASASA cryptosystem with expanding S-boxes’, in Gennaro, R., Robshaw, M. (Eds.): ‘Advances in cryptology — CRYPTO 2015’ (Springer, Berlin, 2015), pp. 475–490.
18. 18)
  - 28. Biryukov, A., Shamir, A.: ‘Structural cryptanalysis of SASAS’, in Pfitzmann, B. (Ed.): ‘Advances in cryptology — EUROCRYPT 2001’ (Springer, Berlin, 2001), pp. 395–405.
19. 19)
  - 19. Wyseur, B., Michiels, W., Gorissen, P., et al: ‘Cryptanalysis of white-box DES implementations with arbitrary external encodings’, in Adams, C., Miri, A., Wiener, M. (Eds.): ‘Selected areas in cryptography’ (Springer, Berlin, 2007), pp. 264–277.
20. 20)
  - 6. De Mulder, Y., Wyseur, B., Preneel, B.: ‘Cryptanalysis of a perturbated white-box AES implementation’, in Gong, G., Gupta, K. (Eds.): ‘Progress in cryptology — INDOCRYPT 2010’ (Springer, Berlin, 2010), pp. 292–310.
21. 21)
  - 5. Bringer, J., Chabanne, H., Dottax, E.: ‘White box cryptography: another attempt’. IACR Cryptology ePrint Archive, 2006.
22. 22)
  - 16. Chow, S., Eisen, P., Johnson, H., et al: ‘A white-box DES implementation for DRM applications’, in Feigenbaum, J. (Ed.): ‘Digital rights management’ (Springer, Berlin, 2003), pp. 1–15.
23. 23)
  - 8. De Mulder, Y., Roelse, P., Preneel, B.: ‘Cryptanalysis of the Xiao–Lai white-box AES implementation’, in Knudsen, L., Wu, H. (Eds.): ‘Selected areas in cryptography’ (Springer, Berlin, 2013), pp. 34–49.
24. 24)
  - 27. Daemen, J., Rijmen, V.: ‘The design of Rijndael: AES — the advanced encryption standard’ (Springer, Berlin, 2002).
25. 25)
  - 3. Tolhuizen, L.: ‘Improved cryptanalysis of an AES implementation’. Proc. 33rd WIC Symp. on Information Theory in the Benelux, Boekelo, The Netherlands, May 2012, pp. 24–25.
26. 26)
  - 22. Bogdanov, A., Isobe, T., Tischhauser, E.: ‘Towards practical whitebox cryptography: optimizing efficiency and space hardness’, in Cheon, J., Takagi, T. (Eds.): ‘Advances in cryptology — ASIACRYPT 2016’ (Springer, Berlin, 2016), pp. 126–158.
27. 27)
  - 26. Dinur, I., Dunkelman, O., Kranz, T., et al: ‘Decomposing the ASASA block cipher construction’. IACR Cryptology ePrint Archive, 2015.
28. 28)
  - 14. Luo, R., Lai, X., You, R.: ‘A new attempt of white-box AES implementation’. Proc. Int. Conf. on Security, Pattern Analysis, and Cybernetics, Wuhan, China, October 2014, pp. 423–429.

Login

Not registered yet?

Share

Tools

Login to add to favourites

Key

Protect white-box AES to resist table composition attacks

References

Related content