Cryptanalysis of a Perturbated White-Box AES Implementation
نویسندگان
چکیده
In response to various cryptanalysis results on white-box cryptography, Bringer et al. presented a novel white-box strategy. They propose to extend the round computations of a block cipher with a set of random equations and perturbations, and complicate the analysis by implementing each such round as one system that is obfuscated with annihilating linear input and output encodings. The improved version presented by Bringer et al. implements the AEw/oS, which is an AES version with key-dependent S-boxes (the S-boxes are in fact the secret key). In this paper we present an algebraic analysis to recover equivalent keys from the implementation. We show how the perturbations and system of random equations can be distinguished from the implementation, and how the linear input and output encodings can be eliminated. The result is that we have decomposed the white-box implementation into a much more simple, functionally equivalent implementation and retrieved a set of keys that are equivalent to the original key. Our cryptanalysis has a worst time complexity of 2 and a negligible space complexity.
منابع مشابه
Cryptanalysis of the Xiao - Lai White-Box AES Implementation
In the white-box attack context, i.e., the setting where an implementation of a cryptographic algorithm is executed on an untrusted platform, the adversary has full access to the implementation and its execution environment. In 2002, Chow et al. presented a white-box AES implementation which aims at preventing key-extraction in the white-box attack context. However, in 2004, Billet et al. prese...
متن کاملMultilateral White-Box Cryptanalysis: Case study on WB-AES of CHES Challenge 2016
The security requirement of white-box cryptography (WBC) is that it should protect the secret key from a white-box security model that permits an adversary who is able to entirely control the execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the WBCs are vulnerable to algebraic attacks from a white-box security perspective. Recently, a n...
متن کاملCryptanalysis of a White Box AES Implementation
The white box attack context as described in [1, 2] is the common setting where cryptographic software is executed in an untrusted environment—i.e. an attacker has gained access to the implementation of cryptographic algorithms, and can observe or manipulate the dynamic execution of whole or part of the algorithms. In this paper, we present an efficient practical attack against the obfuscated A...
متن کاملMultilateral White-Box Cryptanalysis
Security requirement of White-Box Cryptography (WBC) is that it should protect secret key from white-box security model permits an adversary who is able to entirely control execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the primitive is vulnerable to algebraic attacks in the white-box security perspective. In recently, a new Different...
متن کاملA Tutorial on White-box AES
White-box cryptography concerns the design and analysis of implementations of cryptographic algorithms engineered to execute on untrusted platforms. Such implementations are said to operate in a white-box attack context. This is an attack model where all details of the implementation are completely visible to an attacker: not only do they see input and output, they see every intermediate comput...
متن کامل