Cryptanalysis of a Generic Class of White-Box Implementations

A white-box implementation of a block cipher is a software implementation from which it is difficult for an attacker to extract the cryptographic key. Chow et al. published white-box implementations for AES and DES. These implementations are based on ideas that can be used to derive white-box implementations for other block ciphers as well. In particular, the ideas can be used to derive a white-box implementation for any substitution linear-transformation (SLT) cipher. Although the white-box implementations of AES and DES have been cryptanalyzed, the cryptanalyses published use typical properties of AES and DES. It is therefore an open question whether an SLT cipher exists for which the techniques of Chow et al. result in a secure white-box implementation. In this paper we largely settle this question by presenting an algorithm that is able to extract the key from such an implementation under a mild condition on the diffusion matrix. The condition is, for instance, satisfied by all MDS matrices. Our result can serve as a basis to design block ciphers and to develop white-box techniques that result in secure white-box implementations.

[1]  Hamilton E. Link,et al.  Clarifying obfuscation: improving the security of white-box DES , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[2]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[3]  Dan Boneh,et al.  Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[4]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[5]  Bruce Schneier,et al.  The Twofish encryption algorithm: a 128-bit block cipher , 1999 .

[6]  Alex Biryukov,et al.  A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[7]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[8]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[9]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[10]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[11]  Louis Goubin,et al.  Cryptanalysis of white box DES implementations , 2007, IACR Cryptol. ePrint Arch..

[12]  Serge Vaudenay,et al.  On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER , 1994, FSE.

[13]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.