DOI QR코드

DOI QR Code

Conditional Re-encoding Method for Cryptanalysis-Resistant White-Box AES

  • Lee, Seungkwang (SW & Contents Research Laboratory, ETRI) ;
  • Choi, Dooho (SW & Contents Research Laboratory, ETRI, University of Science & Technology (UST)) ;
  • Choi, Yong-Je (SW & Contents Research Laboratory, ETRI)
  • Received : 2014.01.27
  • Accepted : 2015.08.07
  • Published : 2015.10.01

Abstract

Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white-box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white-box attacks. The first white-box AES (WB-AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white-box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB-AES with 230 time complexity, and Michiels and others generalized it for all substitution-linear transformation ciphers. Recently, a collision-based cryptanalysis was also reported. In this paper, we revisit Chow and others's first WB-AES implementation and present a conditional re-encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.

Keywords

References

  1. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Int. Cryptology Conf. Adv. Cryptology, Santa Barbara, CA, USA, Aug. 15-19, 1999, pp. 388-397.
  2. E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," Cryptographic Hardware Embedded Syst., Cambridge, MA, USA, Aug. 11-13, 2004, pp. 16-29.
  3. S. Lee, D. Choi, and Y. Choi, "Improved Shamir's CRT-RSA Algorithm: Revisit with the Modulus Chaining Method," ETRI J., vol. 36, no. 3, June 2014, pp. 469-478. https://doi.org/10.4218/etrij.14.0113.0317
  4. D. Boneh, R.A. DeMillo, and R.J. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," Int. Conf. Theory Appl. Cryptographic Techn., Konstanz, Germany, May 11-15, 1997, pp. 37-51.
  5. S. Chow et al., "White-Box Cryptography and an AES Implementation," Workshop Sel. Areas Cryptography, Madrid, Spain, Aug. 15-16, 2002, pp. 250-270.
  6. O. Billet, H. Gilbert, and C. Ech-Chatbi, "Cryptanalysis of a White Box AES implementation," Int. Conf. Sel. Areas Cryptography, Waterloo, Canada, Aug. 9-10, 2004, pp. 227-240.
  7. J. Bringer, H. Chabanne, and E. Dottax, "White Box Cryptography: Another Attempt," IACR Cryptology ePrint Archive, vol. 2006, Dec. 2006, p. 468.
  8. Y.D. Mulder, P. Roelse, and B. Preneel, "Cryptanalysis of the Xiao-Lai White-Box AES Implementation," Int. Conf. Sel. Areas Cryptography, Windsor, Canada, Aug. 15-16, 2012, pp. 34-49.
  9. Y.D. Mulder, B. Wyseur, and B. Preneel, "Cryptanalysis of a Perturbated White-Box AES Implementation," Int. Conf. Cryptology India, Hyderabad, India, Dec. 12-15, 2010, pp. 292-310.
  10. T. Lepoint et al., "Two Attacks on a White-Box AES Implementation," Int. Workshop Sel. Areas Cryptography, Burnaby, Canada, Aug. 14-16, 2013, pp. 265-285.
  11. J. Daemen and V. Rijmen, AES Proposal: Rijndael, 1998. Accessed Aug. 30, 2014. http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
  12. J.A. Muir, "A Tutorial on White-Box AES," in IACR Cryptology ePrint Archive, 2013, p. 104.
  13. Shannon, "Communication Theory of Secrecy Systems," Bell Syst. Techn. J., vol. 28, no. 4, Oct. 1949, pp. 656-715. https://doi.org/10.1002/j.1538-7305.1949.tb00928.x
  14. Jeff Saremi, White-Box AES Project for Educational Purposes. Accessed Apr. 1, 2014. https://github.com/wbaes
  15. W. Michiels, P. Gorissen, and H.D. Hollmann, "Cryptanalysis of a Generic Class of White-Box Implementations," Int. Conf. Sel. Areas Cryptography, Sackville, Canada, Aug. 14-15, 2008, pp. 414-428.
  16. L. Tolhuizen, "Improved Cryptanalysis of an AES Implementation," WIC Symp. Inf. Theory Benelux, Boekelo, Netherlands, May 24-25, 2012.
  17. A. Biryukov et al., "A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms," Int. Conf. Theory Appl. Cryptographic Techn., Warsaw, Poland, May 4-8, 2003, pp. 33-50.
  18. J. Fuller and W. Millan, "Linear Redundancy in S-Boxes," Int. Workshop Fast Softw. Encryption, Lund, Sweden, Feb. 24-26, 2003, pp. 74-86.

Cited by

  1. One-Bit to Four-Bit Dual Conversion for Security Enhancement against Power Analysis vol.ea99, pp.10, 2016, https://doi.org/10.1587/transfun.e99.a.1833
  2. Light-weight white-box encryption scheme with random padding for wearable consumer electronic devices vol.63, pp.1, 2015, https://doi.org/10.1109/tce.2017.014722
  3. A Masked White-Box Cryptographic Implementation for Protecting Against Differential Computation Analysis vol.13, pp.10, 2015, https://doi.org/10.1109/tifs.2018.2825939
  4. A White-Box Cryptographic Implementation for Protecting against Power Analysis vol.ed101, pp.1, 2018, https://doi.org/10.1587/transinf.2017edl8186