Cryptanalysis of the Xiao - Lai White-Box AES Implementation

In the white-box attack context, i.e., the setting where an implementation of a cryptographic algorithm is executed on an untrusted platform, the adversary has full access to the implementation and its execution environment. In 2002, Chow et al. presented a white-box AES implementation which aims at preventing key-extraction in the white-box attack context. However, in 2004, Billet et al. presented an efficient practical attack on Chow et al.’s white-box AES implementation. In response, in 2009, Xiao and Lai proposed a new white-box AES implementation which is claimed to be resistant against Billet et al.’s attack. This paper presents a practical cryptanalysis of the white-box AES implementation proposed by Xiao et al. The linear equivalence algorithm presented by Biryukov et al. is used as a building block. The cryptanalysis efficiently extracts the AES key from Xiao et al.’s white-box AES implementation with a work factor of about 232.

[1]  Mohamed Karroumi,et al.  Protecting White-Box AES with Dual Ciphers , 2010, ICISC.

[2]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[3]  Julien Bringer,et al.  White Box Cryptography: Another Attempt , 2006, IACR Cryptol. ePrint Arch..

[4]  Alex Biryukov,et al.  A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[5]  Bart Preneel,et al.  Cryptanalysis of a Perturbated White-Box AES Implementation , 2010, INDOCRYPT.

[6]  Xuejia Lai,et al.  A Secure Implementation of White-Box AES , 2009, 2009 2nd International Conference on Computer Science and its Applications.

[7]  James A. Muir,et al.  A Tutorial on White-box AES , 2013, IACR Cryptol. ePrint Arch..

[8]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[9]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[10]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .