Towards Practical Whitebox Cryptography: Optimizing Efficiency and Space Hardness

Whitebox cryptography aims to provide security for cryptographic algorithms in an untrusted environment where the adversary has full access to their implementation. Typical security goals for whitebox cryptography include key extraction security and decomposition security: Indeed, it should be infeasible to recover the secret key from the implementation and it should be hard to decompose the implementation by finding a more compact representation without recovering the secret key, which mitigates code lifting.

[1]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[2]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[3]  Philip Hawkes,et al.  XOR and Non-XOR Differential Probabilities , 1999, EUROCRYPT.

[4]  Wil Michiels,et al.  Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough , 2016, CHES.

[5]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[6]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[7]  Mohamed Karroumi,et al.  Protecting White-Box AES with Dual Ciphers , 2010, ICISC.

[8]  Bart Preneel,et al.  Cryptanalysis of the Xiao - Lai White-Box AES Implementation , 2012, Selected Areas in Cryptography.

[9]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[10]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[11]  Dennis Reil Forum. , 1996, Environmental health perspectives.

[12]  Andrey Bogdanov,et al.  White-Box Cryptography Revisited: Space-Hard Ciphers , 2015, CCS.

[13]  Bart Preneel,et al.  Cryptanalysis of a Perturbated White-Box AES Implementation , 2010, INDOCRYPT.

[14]  Xuejia Lai,et al.  A Secure Implementation of White-Box AES , 2009, 2009 2nd International Conference on Computer Science and its Applications.

[15]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[16]  Lars R. Knudsen,et al.  Slender-Set Differential Cryptanalysis , 2011, Journal of Cryptology.

[17]  Stefan Kölbl,et al.  Security of the AES with a Secret S-Box , 2015, FSE.

[18]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[19]  Gorka Irazoqui Apecechea,et al.  Wait a Minute! A fast, Cross-VM Attack on AES , 2014, RAID.

[20]  Alex Biryukov,et al.  Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract) , 2014, ASIACRYPT.

[21]  Julien Bringer,et al.  White Box Cryptography: Another Attempt , 2006, IACR Cryptol. ePrint Arch..

[22]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[23]  Brice Minaud,et al.  Key-Recovery Attacks on ASASA , 2015, ASIACRYPT.

[24]  Frédérique E. Oggier,et al.  Lightweight MDS Involution Matrices , 2015, FSE.

[25]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[26]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[27]  Tancrède Lepoint,et al.  White-Box Security Notions for Symmetric Encryption Schemes , 2013, Selected Areas in Cryptography.

[28]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[29]  Bart Preneel,et al.  Two Attacks on a White-Box AES Implementation , 2013, Selected Areas in Cryptography.

[30]  Vincent Rijmen,et al.  The KHAZAD Legacy-Level Block Cipher , 2001 .

[31]  Hamilton E. Link,et al.  Clarifying obfuscation: improving the security of white-box DES , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[32]  Kong-Ming Chong The Arithmetic Mean—Geometric Mean Inequality: A New Proof , 1976 .

[33]  W. Marsden I and J , 2012 .