Multilateral White-Box Cryptanalysis

Security requirement of White-Box Cryptography (WBC) is that it should protect secret key from white-box security model permits an adversary who is able to entirely control execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the primitive is vulnerable to algebraic attacks in the white-box security perspective. In recently, a new Differential Computation Analysis (DCA) attack is proposed that thwarts White-Box AES (WB-AES) by monitoring accessed memory information during execution of the algorithm. Though it requires ability to estimate internal information of memory pattern, the attack retrieves secret key with a few attempts. In addition it is proposed that the existence of vulnerability on hardware implementation of WB-AES against to Differential Power Analysis (DPA) attack. In this paper, we propose DPA based attack which directly exploits intermediate value of WB-AES computation without effort to take memory data. And demonstrate its practicability with respect to public software implementation of WB-AES. Additionally, we investigate vulnerability of our target primitive on DPA by acquiring actual power consumption traces of software implementation.