Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough [chapter]

Joppe W. Bos, Charles Hubain, Wil Michiels, Philippe Teuwen
2016 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (582.5 kB)
https://web.archive.org/web/20150908062036/http://eprint.iacr.org/2015/753.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL. The file type is application/pdf.

Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis
more » ... ack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available whitebox programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.
doi:10.1007/978-3-662-53140-2_11 fatcat:vchh5a4ddnh2hfwvioakgehwz4
Citation

Joppe W. Bos, Charles Hubain, Wil Michiels, Philippe Teuwen. "Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough." Lecture Notes in Computer Science (2016) 215-236