cryptanalysis of white box des implementations with
play

Cryptanalysis of White-Box DES Implementations with Arbitrary - PowerPoint PPT Presentation

Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings Brecht Wyseur, Wil Michiels, Paul Gorissen, Bart Preneel COSIC K.U.Leuven and Philips Research March 27 2007 White-Box Attack Context key key ke y


  1. Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings Brecht Wyseur, Wil Michiels, Paul Gorissen, Bart Preneel COSIC – K.U.Leuven and Philips Research March 27 2007

  2. White-Box Attack Context key key ke y � Software running on host � Dynamic execution can be observed � Internal details both completely visible and alterable at will Attacker's goal: extract the embedded secret key

  3. State-of-the-art WB DES WB AES Chow et al. 2002 Chow et al. 2002 Naked variant Encoded variant Fault injection attack Jacob et al. 2002 Cryptanalysis Statistical attack Billet et al. 2004 Link et al. 2005 Condensed impl. Wyseur et al. 2005 Improved variant Cryptanalysis Goubin et al. 2007 Cryptanalysis Wyseur et al. 2007

  4. White-box transformation

  5. White-box transformations � Internal encodings LT 1 LT 1 LT' 1 Encoding Inv encoding LT' 2 LT 2 LT 2

  6. White-box transformations External encodings Input encoding � Protection against implementation extraction E/D � Protection against first and last round attacks Output encoding “Encoded variant”

  7. White-box transformation

  8. Differential Cryptanalysis Input Difference propagation Input encoding 12 byte state Round 1 12 byte state Difference knowledge Round 2 12 byte state Round 3 12 byte state S-box input recovery Round 4 S-box identification 12 byte state Round 16 Key recovery Output encoding Output

  9. Differential Cryptanalysis Detect single R-bit flips � Change the input to a T- box in round 1 � Observe difference propagation at the input of round 3 Observe: 2 different T- boxes affected

  10. Conclusion � Attack with time complexity: 2 14 independent of the external encodings � Design choices that make DES “strong” in a black-box environment, make it weak in a black-box environment � Paper at http://eprint.iacr.org

Recommend


More recommend