Paper 2016/203

White-Box Cryptography in the Gray Box - A Hardware Implementation and its Side Channels

Pascal Sasdrich, Amir Moradi, and Tim Güneysu

Abstract

Implementations of white-box cryptography aim to protect a secret key in a white-box environment in which an adversary has full control over the execution process and the entire environment. Its fundamental principle is the map of the cryptographic architecture, including the secret key, to a number of encoded tables that shall resist the inspection and decomposition of an attacker. In a gray-box scenario, however, the property of hiding required implementation details from the attacker could be used as a promising mitigation strategy against side-channel attacks (SCA). In this work, we present a first white-box implementation of AES on reconfigurable hardware for which we evaluate this approach assuming a gray-box attacker. We show that - unfortunately - such an implementation does not provide sufficient protection against an SCA attacker. We continue our evaluations by a thorough analysis of the source of the observed leakage, and present additional results which can be used to build stronger white-box designs.

Note: updated acknowledgment

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in FSE 2016
Keywords
White-BoxSide-ChannelCPAFPGAAES
Contact author(s)
pascal sasdrich @ rub de
History
2016-06-24: revised
2016-02-25: received
See all versions
Short URL
https://ia.cr/2016/203
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/203,
      author = {Pascal Sasdrich and Amir Moradi and Tim Güneysu},
      title = {White-Box Cryptography in the Gray Box - A Hardware Implementation and its Side Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2016/203},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/203}},
      url = {https://eprint.iacr.org/2016/203}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.