On Recovering Affine Encodings in White-Box Implementations

Derbez, Patrick; Fouque, Pierre-Alain; Lambin, Baptiste; Minaud, Brice

doi:10.46586/tches.v2018.i3.121-149

Cited by 12 publications

(7 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(3) in polynomial time [19]; or (3) if S is composed of small m s -bit S-boxes, the algorithm by Derbez et al can solve Eqn. (4) in about O(2 2ms ) [17].…”

Section: Reducing Implicit Implementations To Self-equivalence Implem...mentioning

confidence: 96%

“…The first generic attack that we will consider is the reduction subroutine that transforms the encodings of a CEJO implementation to selfequivalence encodings. This subroutine was proposed in [34] and combines the three generic CEJO attacks proposed in [3,17,29]; showing that the reduction subroutine does not succeed implies that neither the three generic CEJO attacks do.…”

Section: Previous Generic Attacksmentioning

confidence: 99%

“…Several CEJO implementations [3,14,23,26,27,37,43] have been proposed, but all of them have been broken. These attacks exploit some properties of the underlying cipher (AES in most cases), but efficient generic attacks have also been proposed to the CEJO framework [3,17,29], which can break CEJO implementations of a wide class of ciphers.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Implicit White-Box Implementations: White-Boxing ARX Ciphers

Ranea¹,

Vandersmissen²,

Preneel³

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Since the first white-box implementation of AES published twenty years ago, no significant progress has been made in the design of secure implementations against an attacker with full control of the device. Designing white-box implementations of existing block ciphers is a challenging problem, as all proposals have been broken. Only two whitebox design strategies have been published this far: the CEJO framework, which can only be applied to ciphers with small S-boxes, and selfequivalence encodings, which were only applied to AES. In this work we propose implicit implementations, a new design of whitebox implementations based on implicit functions, and we show that current generic attacks that break CEJO or self-equivalence implementations are not successful against implicit implementations. The generation and the security of implicit implementations are related to the self-equivalences of the non-linear layer of the cipher, and we propose a new method to obtain self-equivalences based on the CCZ-equivalence. We implemented this method and many other functionalities in a new open-source tool BoolCrypt, which we used to obtain for the first time affine, linear, and even quadratic self-equivalences of the permuted modular addition. Using the implicit framework and these self-equivalences, we describe for the first time a practical white-box implementation of a generic Addition-Rotation-XOR (ARX) cipher, and we provide an opensource tool to easily generate implicit implementations of ARX ciphers.

show abstract

“…(3) in polynomial time [19]; or (3) if S is composed of small m s -bit S-boxes, the algorithm by Derbez et al can solve Eqn. (4) in about O(2 2ms ) [17].…”

Section: Reducing Implicit Implementations To Self-equivalence Implem...mentioning

confidence: 96%

Section: Previous Generic Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Implicit White-Box Implementations: White-Boxing ARX Ciphers

Ranea¹,

Vandersmissen²,

Preneel³

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We will now use the method from [DFLM18] to partially recover the outer affine maps on the left branch. The idea is to query a fixed random input difference on the left branch and no difference on the right branch (possible due to the previous step), and to compute the dimension of the space of the observed output differences.…”

Section: Triangularization Of the Outer Affine Maps (Left Branches)mentioning

confidence: 99%

Cryptanalysis of ARX-based White-box Implementations

Biryukov

Lambin

Udovenko

2023

TCHES

View full text Add to dashboard Cite

At CRYPTO’22, Ranea, Vandersmissen, and Preneel proposed a new way to design white-box implementations of ARX-based ciphers using so-called implicit functions and quadratic-affine encodings. They suggest the Speck block-cipher as an example target.In this work, we describe practical attacks on the construction. For the implementation without one of the external encodings, we describe a simple algebraic key recovery attack. If both external encodings are used (the main scenario suggested by the authors), we propose optimization and inversion attacks, followed by our main result - a multiple-step round decomposition attack and a decomposition-based key recovery attack.Our attacks only use the white-box round functions as oracles and do not rely on their description. We implemented and verified experimentally attacks on white-box instances of Speck-32/64 and Speck-64/128. We conclude that a single ARX-round is too weak to be used as a white-box round.

show abstract

“…However, the existing white-box schemes cannot meet these requirements. Since 2002, a number of white-box implementations of Data Encryption Standard (DES) and Advanced Encryption Standard (AES) have been proposed [1][2][3][4][5], but their security was penetrated [6][7][8][9][10][11][12]. At present, there are no recognized secure white-box implementations of DES/AES.…”

Section: Introductionmentioning

confidence: 99%

WARX: efficient white-box block cipher based on ARX primitives and random MDS matrix

Rijmen

et al. 2021

Sci. China Inf. Sci.

View full text Add to dashboard Cite

White-box cryptography aims to provide secure cryptographic primitives and implementations for the white-box attack model, which assumes that an adversary has full access to the implementation of the cryptographic algorithms. Real-world applications require highly efficient and secure white-box schemes, whereas the existing proposals cannot meet this demand. In this paper, we design a new white-box block cipher based on Addition/Rotation/XOR (ARX) primitives and random MDS matrix, WARX, aiming for efficient implementations in both black-and white-box models. The implementation of WARX in the blackbox model is nine times faster than SPNbox-16 from ASIACRYPT'16, and the implementation in the whitebox model is more efficient than SPNbox-16 and WEM from CT-RSA'17. Moreover, the security of WARX in both black-and white-box models is analyzed, which ensures its practical applicability. The design of WARX shows that ARX primitives and random linear layer can improve the efficiency of a white-box block cipher. This article may inspire more provably secure and efficient white-box block ciphers and help to narrow the gap between provably secure white-box schemes from academia and highly applicable schemes in great demand from industry.

show abstract

On Recovering Affine Encodings in White-Box Implementations

Cited by 12 publications

References 15 publications

Implicit White-Box Implementations: White-Boxing ARX Ciphers

Implicit White-Box Implementations: White-Boxing ARX Ciphers

Cryptanalysis of ARX-based White-box Implementations

WARX: efficient white-box block cipher based on ARX primitives and random MDS matrix

Contact Info

Product

Resources

About