White-box filtering attacks breaking SEL masking: from exponential to polynomial time

被引:0
作者
Charlès, Alex [1 ]
Udovenko, Aleksei [2 ]
机构
[1] DCS, University of Luxembourg, Esch-sur-Alzette
[2] SnT, University of Luxembourg, Esch-sur-Alzette
来源
IACR Transactions on Cryptographic Hardware and Embedded Systems | 2024年 / 2024卷 / 03期
关键词
Cryptanalysis; Filtering; Masking schemes; White-box Cryptography;
D O I
10.46586/tches.v2024.i3.1-24
中图分类号
学科分类号
摘要
This work proposes a new white-box attack technique called filtering, which can be combined with any other trace-based attack method. The idea is to filter the traces based on the value of an intermediate variable in the implementation, aiming to fix a share of a sensitive value and degrade the security of an involved masking scheme. Coupled with LDA (filtered LDA, FLDA), it leads to an attack defeating the state-of-the-art SEL masking scheme (CHES 2021) of arbitrary degree and number of linear shares with quartic complexity in the window size. In comparison, the current best attacks have exponential complexities in the degree (higher degree decoding analysis, HDDA), in the number of linear shares (higher-order differential computation analysis, HODCA), or the window size (white-box learning parity with noise, WBLPN). The attack exploits the key idea of the SEL scheme-an efficient parallel combination of the nonlinear and linear masking schemes. We conclude that a proper composition of masking schemes is essential for security. In addition, we propose several optimizations for linear algebraic attacks: redundant node removal (RNR), optimized parity check matrix usage, and chosen-plaintext filtering (CPF), significantly improving the performance of security evaluation of white-box implementations. © 2024, Ruhr-University of Bochum. All rights reserved.
引用
收藏
页码:1 / 24
页数:23
相关论文
共 25 条
[1]  
Bock Estuardo Alpirez, Brzuska Chris, Michiels Wil, Treff Alexander, On the ineffectiveness of internal encodings-revisiting the DCA attack on white-box cryptography, ACNS 18, volume 10892 of LNCS, pp. 103-120, (2018)
[2]  
Bos Joppe W., Hubain Charles, Michiels Wil, Teuwen Philippe, Differential computation analysis: Hiding your white-box designs is not enough, CHES 2016, volume 9813 of LNCS, pp. 215-236, (2016)
[3]  
Bogdanov Andrey, Rivain Matthieu, Vejre Philip S., Wang Junwei, Higher-order DCA against standard side-channel countermeasures, COSADE 2019, volume 11421 of LNCS, pp. 118-141, (2019)
[4]  
Biryukov Alex, Udovenko Aleksei, Attacks and countermeasures for white-box designs, ASI-ACRYPT 2018, Part II, volume 11273 of LNCS, pp. 373-402, (2018)
[5]  
Biryukov Alex, Udovenko Aleksei, Dummy shuffling against algebraic attacks in white-box implementations, EUROCRYPT 2021, Part II, volume 12697 of LNCS, pp. 219-248, (2021)
[6]  
Canteaut A., Chabaud F., A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511, IEEE Transactions on Information Theory, 44, 1, pp. 367-378, (1998)
[7]  
Chow Stanley, Eisen Philip A., Johnson Harold, van Oorschot Paul C., A white-box DES implementation for DRM applications, Digital Rights Management Workshop, volume 2696 of Lecture Notes in Computer Science, pp. 1-15, (2002)
[8]  
Chow Stanley, Eisen Philip A., Johnson Harold, van Oorschot Paul C., White-box cryptography and an AES implementation, SAC 2002, volume 2595 of LNCS, pp. 250-270, (2003)
[9]  
Charles Alex, Udovenko Aleksei, LPN-based attacks in the white-box setting, IACR TCHES, 2023, 4, pp. 318-343, (2023)
[10]  
Delerablee Cecile, Lepoint Tancrede, Paillier Pascal, Rivain Matthieu, White-box security notions for symmetric encryption schemes, SAC 2013, volume 8282 of LNCS, pp. 247-264, (2014)
123