two attacks on a white-box aes implementation - selected areas in...

Two Attacks on aWhite-Box AES Implementation

SAC 2013, Vancouver, Canada August 15th, 2013

Tancrède Lepoint1,2, Matthieu Rivain1,Yoni De Mulder3, Peter Roelse4, and Bart Preneel3

Two Attacks on a White-Box AES

Implementation

?

Tancrede Lepoint1,2, Matthieu Rivain1,Yoni De Mulder3, Peter Roelse4, and Bart Preneel3

1 CryptoExperts, France{tancrede.lepoint,matthieu.rivain}@cryptoexperts.com

2 Ecole Normale Superieure, France

3 KU Leuven and iMinds, Belgium{yoni.demulder,bart.preneel}@esat.kuleuven.be

4 Irdeto B.V., The [email protected]

Abstract. White-box cryptography aims to protect the secret key of acipher in an environment in which an adversary has full access to theimplementation of the cipher and its execution environment. In 2002,Chow, Eisen, Johnson and van Oorschot proposed a white-box imple-mentation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented ane�cient attack (referred to as the BGE attack) on this implementation,extracting its embedded AES key with a work factor of 230. In 2012,Tolhuizen presented an improvement of the most time-consuming phaseof the BGE attack. The present paper includes three contributions. Firstwe describe several improvements of the BGE attack. We show that theoverall work factor of the BGE attack is reduced to 222 when all im-provements are implemented. This paper also presents a new attack onthe initial white-box implementation of Chow et al. This attack exploitscollisions occurring on internal variables of the implementation and itachieves a work factor of 222. Eventually, we address the white-box AESimplementation presented by Karroumi in 2010 which aims to withstandthe BGE attack. We show that the implementations of Karroumi andChow et al. are the same, making them both vulnerable to the sameattacks.

Keywords. White-box Cryptography, AES Implementation, Dual Ci-pher, Cryptanalysis.

1 Introduction

In 2002, Chow et al. introduced the concept of white-box cryptography by pre-senting a white-box implementation of AES [5]. White-box cryptography aims to

? The present paper is a merged abstract of two independent but overlapping works: apaper by De Mulder, Roelse and Preneel [11] and a paper by Lepoint and Rivain [7].

What isWhite-Box Cryptography ?

‣ focuses on the software implementation of cryptographic primitives executed in an untrusted environment.

‣ aims at protecting the embedded secret cryptographic key; it has the objective that the white-box implementation behaves as a “virtual black box”:

‣ a white-box adversary may not have any advantage over a black-box attacker, i.e., he is unable to extract any more key information than he could extract under a black-box attack (oracle access to the WB implementation).

White-Box Cryptography

• Black-box attacker:‣ only has access to the input/output

behavior of the cryptographic algorithm.

‣ has no visibility into its execution.

• White-box attacker:‣ h a s f u l l a c c e s s t o t h e s o f twa r e

implementation of the cryptographic algorithm.

‣ has full control over its execution environment.

‣ has the goal to extract the secret cryptographic key (key recovery).

“thesis” — 2013/8/9 — 16:17 — page 24 — #42

24 DESIGN AND ANALYSIS OF BLOCK CIPHERS: THE EVOLUTION

Dk(·)Ek(·)

m/c

c/m

adve

rsar

y

m/c

c/m

adve

rsar

y

injectingfaults

- power- time- EM- ...

Dk(·)Ek(·)

m/c

c/m

adve

rsar

y

- debug- reverse engineer- inspect memory

Dk(·)Ek(·)

- inject faults- alter implementation

black-box model grey-box model white-box model

weakest strongestincreasing security threat

Figure 2.2: The evolution of the various attack models. {fig:attackModels}

2.5 Cryptanalytic Techniques{sec:cryptanalyticTechniques}

2.5.1 Black-Box Cryptanalysis{sec:blackBoxCrypt}

Two di�erent classes of black-box attacks can be distinguished: (i) the genericattacks which only exploit the core properties of the cipher such as the blockand key size, and (ii) the non-generic attacks which exploit additionally theinternal structure/specification of the block cipher. As mentioned earlier, theformer class of attacks can be mounted against ideal block ciphers. Below, aselection of the most common black-box attacks is highlighted.

Generic Attacks

Exhaustive key search. The exhaustive key search attack, also known asthe brute force attack, belongs to the class of generic attacks and hence isindependent of the design specification of the block cipher. As the name of theattack suggests, the attack simply consists of testing all possible values of thesecret key. This ‘key-test’ can be performed in the ciphertext-only setting whichrelies on redundancy (i.e., a biased statistical distribution) in the plaintext inorder to identify the correct key. However, ideally, a known plaintext/ciphertextpair in the known plaintext setting is prefered. The ‘time’ work factor of thebrute-force attack to retrieve a nk-bit secret key equals about 2nk encryptionoperations, where the computation cost of the key scheduling algorithm (ifapplicable) should be taken into account. In case more than one key is givenas output for the original plaintext/ciphertext pair, the attack needs to berepeated for additional plaintext/ciphertext pairs. Optimizations are possiblethrough the parallelization of the exhaustive key search.

“thesis” — 2013/8/9 — 16:17 — page 24 — #42

24 DESIGN AND ANALYSIS OF BLOCK CIPHERS: THE EVOLUTION

Dk(·)Ek(·)

m/c

c/m

adve

rsar

ym/c

c/m

adve

rsar

y

injectingfaults

- power- time- EM- ...

Dk(·)Ek(·)

m/c

c/m

adve

rsar

y

- debug- reverse engineer- inspect memory

Dk(·)Ek(·)

- inject faults- alter implementation

black-box model grey-box model white-box model

weakest strongestincreasing security threat

Figure 2.2: The evolution of the various attack models. {fig:attackModels}

2.5 Cryptanalytic Techniques{sec:cryptanalyticTechniques}

2.5.1 Black-Box Cryptanalysis{sec:blackBoxCrypt}

Two di�erent classes of black-box attacks can be distinguished: (i) the genericattacks which only exploit the core properties of the cipher such as the blockand key size, and (ii) the non-generic attacks which exploit additionally theinternal structure/specification of the block cipher. As mentioned earlier, theformer class of attacks can be mounted against ideal block ciphers. Below, aselection of the most common black-box attacks is highlighted.

Generic Attacks

Exhaustive key search. The exhaustive key search attack, also known asthe brute force attack, belongs to the class of generic attacks and hence isindependent of the design specification of the block cipher. As the name of theattack suggests, the attack simply consists of testing all possible values of thesecret key. This ‘key-test’ can be performed in the ciphertext-only setting whichrelies on redundancy (i.e., a biased statistical distribution) in the plaintext inorder to identify the correct key. However, ideally, a known plaintext/ciphertextpair in the known plaintext setting is prefered. The ‘time’ work factor of thebrute-force attack to retrieve a nk-bit secret key equals about 2nk encryptionoperations, where the computation cost of the key scheduling algorithm (ifapplicable) should be taken into account. In case more than one key is givenas output for the original plaintext/ciphertext pair, the attack needs to berepeated for additional plaintext/ciphertext pairs. Optimizations are possiblethrough the parallelization of the exhaustive key search.

‣ S-box Blanking Attack [Kerins and Kursawe, 2006]

S

⊕kw

xr�1

xr = S(xr�1)� kw

⊕kw

xr�1

0

xr = 0� kw = kw

When the attacker has knowledge of the internal structure of a cryptographic primitive, the way how it is implemented is the sole remaining line of defense.

Use case: a (very) simplified DRM model

• The trusted digital media player (containing the WB implementation) is deployed in an untrusted environment (the end-user’s playback device).

• The goal of a malicious behaving end-user is to extract the secret decryption key out of the decryption routine in order to:

‣ decrypt the encrypted content while circumventing the License Verification

‣ distribute the key to non-authorized end-users

Remote Content Provider

Ekm

License Generator

User’s Playback Device

Lic License Verifier

Dk

YES NO

player

Ek(m) k Lic

WB Impl.Ek(m) m

EVE

White-Box AES Implementation

State-of-the-Art

White-box AES ImplementationChow, Eisen, Johnson, van Oorschot [2002]

Billet, Gilbert and Ech-Chatbi [2004]

Generic Class

Michiels, Gorissen and Hollmann [2008]

Perturbated White-box AES Implementation

Bringer, Chabanne, Dottax [2006]

De Mulder, Wyseur and Preneel [2010]

White-box AES Implementation based on Wide Linear Encodings

Xiao and Lai [2009]

White-box AES Implementation based on Dual Ciphers of AES

Karroumi [2010]

De Mulder, Roelse and Preneel [2012]

White-box AES ImplementationChow, Eisen, Johnson, van Oorschot [2002]

Billet, Gilbert and Ech-Chatbi [2004]

Generic Class

Michiels, Gorissen and Hollmann [2008]

Perturbated White-box AES Implementation

Bringer, Chabanne, Dottax [2006]

De Mulder, Wyseur and Preneel [2010]

White-box AES Implementation based on Wide Linear Encodings

Xiao and Lai [2009]

White-box AES Implementation based on Dual Ciphers of AES

Karroumi [2010]

De Mulder, Roelse and Preneel [2012]

a new attack based on collision

Aspects of Chow’sWhite-Box AES Implementation

Descriptions of AES-128

1. AddRoundKey (K(1));2. for r from 1 to 9:

(a) SubBytes;

(b) ShiftRows;

(c) MixColumns;

(d) AddRoundKey (K(r+1));

3. SubBytes;4. ShiftRows;5. AddRoundKey (K(11)).

Conventional way: Used for WB AES:

^

^

(

Round 1-9

Round 10

(

(

Round 1-9

Round 10

1. for r from 1 to 9:(a) ShiftRows;

(b) AddRoundKey (K(r));

(c) SubBytes;

(d) MixColumns;

2. ShiftRows;3. AddRoundKey (K(10));4. SubBytes;5. AddRoundKey (K(11)).

(

AES Subround

k(r,j)1 k(r,j)2 k(r,j)3k(r,j)0� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3

Fig. 5. � ne of the four R

rj mappings, j � � , . . . , �

GF(2)-a�ne, except for the permutation P

1i,j

whose non-a�ne part has not beendetermined. In a second step, we recover those GF(2)-a�ne mappings (but P

1i,j

and Q

1i,j

), first up to an unknown GF(28)-a�ne bijection, and then entirely.Eventually combining all this information in a third step, we extract the AES-128 key.

3.1 Recovering Non-Linear Parts

Consider the mapping R

r

j

. We are trying to remove the non-linearity in theparasites (Qr

i

)i=0,...,3. To this end consider y0 as a function of (x0, x1, x2, x3),

and fix the values of x1, x2, and x3 to some constants, say c1, c2, and c3. Oneeasily checks that there exists two constants in GF(28), namely ↵ independentof c1, c2, c3, and �

c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.

Since x only takes 256 values, those mappings are known by input/output, aswell as their inverses. Also, varying one constant (say c3) into the whole GF(28),and keeping the other one fixed, has the e↵ect that �

c

1

,c

2

,c

03

takes all the valuesin GF(28). We are thus able to produce—as lookup tables, of course—all thefunctions

y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3

takes all the values in GF(28). This leads tothe problem of recovering Q0, or at least its non-linear part from the set of allthose lookup tables. Note that since functions are given as lookup tables, weare not provided with the underlying translations: we only know the unorderedset of functions corresponding to the 256 translations. As this problem is ofindependent interest, we state it, along with a solution, in a standalone context.

Theorem 1. Given a set of functions S = {Q � ��

� Q

�1}�2gf(28) given by

values, where Q is a permutation of GF(28) and ��

is the translation by �

in GF(28), one can construct a particular solution

eQ such that there exists an

a�ne mapping A so that

eQ = Q �A.

Appeared in H. Handschuh and A. Hasan (Eds.): SAC 2004, LNCS 3357, pp. 227–240, 2005.c� Springer-Verlag Berlin Heidelberg 2005

8 8 8 8

8 8 8 8

for 0 ≤ j ≤ 3 and 1 ≤ r ≤ 9

for r from 1 to 9:

(a) ShiftRows;

(b) AddRoundKey (K(r));(c) SubBytes;(d) MixColumns;

Encoded AES Subroundthe naive version the generic version

k(r,j)1 k(r,j)2 k(r,j)3k(r,j)0� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

⇧(r,j)1

k(r,⇡(r)(j))

0 k(r,⇡(r)(j))

1 k(r,⇡(r)(j))

2 k(r,⇡(r)(j))

3

⇧(r,j)2

new attack (collisions) BGE attack

Revisiting the BGE Attack

BGE AttackPhase 1

‣ obtain the output encodings up to an affine part

‣ the same for the input through round r-1

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

⇧(r,j)1

k(r,⇡(r)(j))

0 k(r,⇡(r)(j))

1 k(r,⇡(r)(j))

2 k(r,⇡(r)(j))

3

⇧(r,j)2

Phase 1

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

⇧(r,j)1

k(r,⇡(r)(j))

0 k(r,⇡(r)(j))

1 k(r,⇡(r)(j))

2 k(r,⇡(r)(j))

3

⇧(r,j)2

Q(r�1,j0)i0

^ ^ ^ ^

^ ^ ^ ^

^

BGE AttackPhase 2

‣ fully recover the affine output encodings and the key-dependent affine input encodings

‣ fully recover the affine input encodings through round r-1

Phase 2

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

⇧(r,j)1

k(r,⇡(r)(j))

0 k(r,⇡(r)(j))

1 k(r,⇡(r)(j))

2 k(r,⇡(r)(j))

3

⇧(r,j)2

Q(r�1,j0)i0

^ ^ ^ ^

^ ^ ^ ^

^

P (r,j)1 P (r,j)

2 P (r,j)3

� � �

8 8 88

P (r,j)0

�k(r,j)0 k(r,j)1 k(r,j)3k(r,j)2

8 8 88

8

Q(r,j)3

8

Q(r,j)2

8

Q(r,j)1

8

Q(r,j)0

8 8 88

Q(r�1,j0)i0

^

[k(r,j)i ]0i3 = (⇧(r,j)1 )�1

�[k(r,⇡

(r)(j))i ]0i3

�with

Phase 3:‣ apply Phases 1 and 2 to rounds r

and r+1 to obtain the round keys‣ relate both round keys via:1. the white-box implementation2. the AES key scheduling algorithm

Original BGE Attack

ImprovedBGE Attack

total work factor: 230 total work factor: 222

no given work factor

[Tolhuizen, 2012]Phase 1:

Phase 2:

‣ apply Phases 1 and 2 only to round r to obtain the rth round key

‣ a new method to obtain the (r+1)th round key

‣ an efficient method to determine the correct order of the round keys

230

229

219

222

218

213

BGE AttackPhase 3

‣ obtain the (r+1)th round key

‣ correctness: is non-affine for all non-zero values of c

Phase 3

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r+1,j)0 P (r+1,j)

2P (r+1,j)1 P (r+1,j)

3

Q(r+1,j)3Q(r+1,j)

2Q(r+1,j)1Q(r+1,j)

0

� � ��k(r+1,j)0 k(r+1,j)

1 k(r+1,j)2 k(r+1,j)

3

⇧(r+1,j)1

⇧(r+1,j)2

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

Q(r+1,j)3Q(r+1,j)

2Q(r+1,j)1Q(r+1,j)

0

� � ��k(r+1,j)0 k(r+1,j)

1 k(r+1,j)2 k(r+1,j)

3

⇧(r+1,j)1

⇧(r+1,j)2

^ ^ ^ ^

0 0 0k � S

�1(x)

affine?

S

�c� S

�1(x)�

New Attack based on Collisions

k(r,j)1 k(r,j)2 k(r,j)3k(r,j)0� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

k(r,j)1 k(r,j)2 k(r,j)3k(r,j)0� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

↵ �0 0 0 0 0 0

collision?

S(r,j)i

yes

02⌦ S(r,j)0 (↵)� 03⌦ S(r,j)

1 (0) = 02⌦ S(r,j)0 (0)� 03⌦ S(r,j)

1 (�)

256 pairs (α,β) with the trivial solution (α,β)=(0,0)222

S(r,j)ik(r,j)1 k(r,j)2 k(r,j)3k(r,j)0

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


P (r,j)0 P (r,j)

1 P (r,j)2 P (r,j)

3

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

8 8 8 8

8 8 8 8

Q(r,j)3Q(r,j)

2Q(r,j)1Q(r,j)

0

8 8 8 8

8 8 8 8

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

P (r+1,j)0 P (r+1,j)

2P (r+1,j)1 P (r+1,j)

3

Q(r+1,j)3Q(r+1,j)

2Q(r+1,j)1Q(r+1,j)

0

k(r+1,j)0 k(r+1,j)

1 k(r+1,j)2 k(r+1,j)

3

� � � �

S S S S

MixColumns

P

r0,j

P

r1,j+1

P

r2,j+2

P

r3,j+3

T

r0,j

T

r1,j+1

T

r2,j+2

T

r3,j+3

MixColumns

2

664

‘02’ ‘03’ ‘01’ ‘01’

‘01’ ‘02’ ‘03’ ‘01’

‘01’ ‘01’ ‘02’ ‘03’

‘03’ ‘01’ ‘01’ ‘02’

3

775⇥·

Q

r0,j

Q

r1,j

Q

r2,j

Q

r3,j

x

0

x

1

x

2

x

3

y

0

y

1

y

2

y

3


rj mappings, j � � , . . . , �


1i,j


1i,j

and Q

1i,j




r

j


i



c

1

,c

2

,c

3

, such that

y0(x, c1, c2, c3) = Q

r

0,j

�↵T

r

0,j

�P

r

0,j

(x)��

c

1

,c

2

,c

3

�.


c

1

,c

2

,c

03


y0(x, c1, c2, c3) � y0(x, c1, c2, c03)�1 = Q0

�Q

�10 (x)� �

�, (1)

where � = �

c

1

,c

2

,c

03

� �

c

1

,c

2

,c

3



� Q







eQ = Q �A.


8 8 8 8

8 8 8 8

Q(r+1,j)3Q(r+1,j)

2Q(r+1,j)1Q(r+1,j)

0

k(r+1,j)0 k(r+1,j)

1 k(r+1,j)2 k(r+1,j)

3

0 0 0k � S

�1(x)

algebraicdegree ≤ 4?

‣ obtain the (r+1)th round key

‣ correctness: has algebraic degree greater than 4 for all non-zero values of c

S

�c� S

�1(x)�

Cryptanalysis of Karroumi’s White-Box AES Implementation

Dual AES Ciphers

operations in the polynomial representation associated with R

l

are denoted by�

l

and ⌦l

, respectively (�l

and ⌦l

being equal to � and ⌦ for exactly one valueof l with 1 l 30). Finally, the definition of a dual AES subround uses a setof mappings, denoted by T , and defined by

T = {Rl

�m↵

� ft

| 1 l 30,↵ 2 F

⇤256 and 0 t 7} .

Observe that an element of T maps elements in the AES polynomial represen-tation to elements in one of the 30 polynomial representations of F256.

Definition 4. Let �

r,j

2 T with �

r,j

= R

l

� m

↵

� f

t

for some triple (l,↵, t)with 1 l 30,↵ 2 F

⇤256 and 0 t 7, and let �

r,j

= R

l

� f

t

. Further, let

v

i

, w

i

2 F256 for 0 i 3 be represented using the polynomial representation

associated with R

l

. The mapping AES

(r,j,�r,j) : F4256 ! F

4256 for 1 r 9

and 0 j 3, called a dual AES subround, is defined by (w0, w1, w2, w3) =AES

(r,j,�r,j)(v0, v1, v2, v3) with

w

i

= �

r,j

(mc

i0)⌦l

�

r,j

� S ��1r,j

�v0 �l

�

r,j

(k(r,j)0 )�

�l

�

r,j

(mc

i1)⌦l

�

r,j

� S ��1r,j

�v1 �l

�

r,j

(k(r,j)1 )�

�l

�

r,j

(mc

i2)⌦l

�

r,j

� S ��1r,j

�v2 �l

�

r,j

(k(r,j)2 )�

�l

�

r,j

(mc

i3)⌦l

�

r,j

� S ��1r,j

�v3 �l

�

r,j

(k(r,j)3 )�,

for 0 i 3.

The following lemma presents a property that is required to show that a dualAES cipher maintains the functionality of AES. As the lemma is also used inthe cryptanalysis in this paper, and as a formal proof of this property is omittedin [4] and [6], we include a proof as well.

Lemma 3. If �

r,j

2 T , then

AES

(r,j,�r,j) � (�r,j

,�

r,j

,�

r,j

,�

r,j

) = (�r,j

,�

r,j

,�

r,j

,�

r,j

) �AES(r,j) ,

for 1 r 9 and 0 j 3.

Proof. Let x

i

for 0 i 3 be elements of F256 using the AES polynomialrepresentation, let w

i

for 0 i 3 be elements of F256 using the polynomialrepresentation associated with R

l

(assuming that �r,j

= R

l

�m↵

� ft

), and let

(w0, w1, w2, w3) = AES(r,j,�r,j) � (�r,j

,�

r,j

,�

r,j

,�

r,j

)(x0, x1, x2, x3) .

Substituting v

i

= �

r,j

(xi

) for 0 i 3 in the equation in Def. 4 yields

w

i

=3M

l

z=0

�

r,j

(mc

iz

)⌦l

�

r,j

� S ��1r,j

��

r,j

(xz

)�l

�

r,j

(k(r,j)z

)�,

for 0 i 3. Next, observe that �r,j

(a)�l

�

r,j

(b) = R

l

�m↵

�ft

(a)�l

R

l

�m↵

�f

t

(b) = R

l

(m↵

�ft

(a)�m

↵

�ft

(b)) = R

l

(m↵

(ft

(a)�f

t

(b)) = R

l

(m↵

(ft

(a�b))) =

squaring operations ft(x) = x

2t

multiplication with a non-zero constant m↵(x) = ↵⌦ x

isomorphisms between the AES polynomial representation of F256

and one of the 30 polynomial representations of F256

|T | = 61.200

[Biryukov, De Cannière, Braeken, and Preneel, 2003]

(� 2 T )

C = AESk(P )

�(C) = AES�k��(P )

�

[Barkan and Biham, 2002]

with

�r,j

�r,j

�r,j

�r,j

��1r�1,sr(0,j)

��1r�1,sr(1,j)

��1r�1,sr(2,j)

��1r�1,sr(3,j)

A(r,j)0

A(r,j)1

A(r,j)2

A(r,j)3

AES(r,j,�r,j)

B(r,j)0

B(r,j)1

B(r,j)2

B(r,j)3

An encoded dual AES subround ...

P (r,j)i

(0 i 3) (0 i 3)Q(r,j)i

�r,j

�r,j

�r,j

�r,j

��1r�1,sr(0,j)

��1r�1,sr(1,j)

��1r�1,sr(2,j)

��1r�1,sr(3,j)

A(r,j)0

A(r,j)1

A(r,j)2

A(r,j)3

AES(r,j,�r,j)

B(r,j)0

B(r,j)1

B(r,j)2

B(r,j)3

=

��1r�1,sr(0,j)

��1r�1,sr(1,j)

��1r�1,sr(2,j)

��1r�1,sr(3,j)

A(r,j)0

A(r,j)1

A(r,j)2

A(r,j)3

�r,j

�r,j

�r,j

�r,j

B(r,j)0

B(r,j)1

B(r,j)2

B(r,j)3

AES(r,j)

... is in fact an encoded AES subround

Conclusions‣ reduced the work factor of the BGE attack from 230 to 222

- non-affine encodings and permutations on the round key bytes have a negligible contribution to the overall work factor of the improved BGE attack

‣ a new attack based on internal collision with work factor 222

‣ insecurity of Karroumi’s white-box AES implementation

Open problem: new WB-AES designs?‣ Research for new secure WBAES designs: fixed key vs. dynamic key

‣ WBC part of bigger program: additional layers of security by obfuscation techniques

‣ Companies: “security through obscurity”

Questions?

two attacks on a white-box aes implementation - selected areas in...

Documents