h2020-ict-2014 { project 645421 ecrypt { csa ecrypt ...white-box cryptography from obfuscation...

H2020-ICT-2014 – Project 645421

ECRYPT – CSA

ECRYPT – Coordination & Support Action

D1.3

White-box Cryptography – New Challenges

and Research Directions

Due date of deliverable: 06. September 2016Actual submission date: 19. September 2016

Start date of project: 1 March 2015 Duration: 3 years

Lead contractor: CryptoExperts (CRX) Revision 1.0

Project co-funded by the European Commission within the H2020 Programme

Dissemination Level

PU Public X

PP Restricted to other programme participants (including the Commission services)

RE Restricted to a group specified by the consortium (including the Commission services)

CO Confidential, only for members of the consortium (including the Commission services)

White-box Cryptography – New Challenges

and Research Directions

EditorsMatthieu Rivain (CryptoExperts)Pascal Paillier (CryptoExperts)

ContributorsAndrey Bogdanov (DTU),

Joppe Bos (NXP),Mariana Raykova (Yale University),

Amit Sahai (UCLA),Mike Wiener (Irdeto),

Marc Witteman (Riscure),Brecht Wyseur (Nagra).

19. September 2016

Revision 1.0

The work described in this report has in part been supported by the Commission of the European Commu-nities through the H2020-ICT program under contract H2020-ICT-2014 no. 645421. The information in thisdocument is provided as is, and no warranty is given or implied that the information is fit for any particularpurpose. The user thereof uses the information at its sole risk and liability.

Contents

Executive Summary 1WhibOx: a workshop dedicated to white-box crypto . . . . . . . . . . . . . . . . . 1What is white-box cryptography? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Where do we stand on the matter? . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Major challenges and research directions . . . . . . . . . . . . . . . . . . . . . . . . 2

1 White-box cryptography from obfuscation 51.1 State of the art . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.2 Open problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 A formal approach to white-box cryptography 92.1 State of the art . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.2 Open problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3 Practical constructions and attacks 113.1 State of the art . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.2 Open problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

i

Executive Summary

WhibOx: A workshop dedicated to white-box crypto

This whitepaper is based on the presentations and discussions that have taken place duringthe workshop WhibOx 2016. The workshop was held on August 14th, 2016 in Santa Barbaraand organized by CryptoExperts on behalf of ECRYPT CSA. As a side event of Crypto andCHES 2016, the workshop attracted about 70 participants (plus a few walk-ins), essentiallycryptographers from the industry. The program featured a number of invited speakers whohad worked on white-box cryptography in a way or another, for decades for some of them,either as solutions designers or as attackers.

Overall, WhibOx’16 has been a great success and has generated a lot of discussions andcomments from the audience throughout the day, which motivated most of the conclusionsput together in this whitepaper.

As a complementary material, we also recommend the reader to download the slides and/orwatch the videos recorded throughout WhibOx’16. The workshop was concluded with theannouncement of the ECRYPT CSA sponsored WhibOx competition in 2017. Slides areavailable on the workshop’s website

https://www.cryptoexperts.com/whibox2016/,

and videos can be found on the ECRYPT YouTube channel.

What is white-box cryptography?

Cryptographic algorithms are more and more deployed in applications embedded on con-nected devices (smartphones, tablets, etc.). This context makes the underlying cryptographicimplementations potentially accessible to malware taking (partial) control of the executionenvironment. It is hence fair to consider an adversary that can analyze the binary code of theapplication, tamper with the execution, access the memory’s contents, intercept system calls,and use any kind of reverse engineering tool (debuggers, emulators, etc.). The adversary isthen said to have a white-box access to the embedded cryptographic implementation.

The challenge of white-box cryptography, introduced in 2002 by Chow et al. [15, 16], isto develop implementation techniques for cryptographic algorithms to protect their secretsagainst a white-box adversary. The ultimate goal would be to make the cryptographic codeunintelligible so that the full access to the cryptographic program would not give any advan-tage to the adversary compared to the situation where she is only provided with a black-boxoracle computing the program on input queries.

1

2 ECRYPT-CSA

Where do we stand on the matter?

We see mainly three major lines of research and applications in that area, which can besketched as follows.

White-box cryptography from obfuscation. A natural approach to white-box cryp-tography is to apply techniques from obfuscation [1, 28] to protect cryptographic programs.Though a huge progress towards secure obfuscation has been made lately, existing solutionare still impractical and their security is not well established. Further work is needed torender cryptographic obfuscation secure and practical so that it can be useful to white-boxcryptography.

Formal approach to white-box cryptography. Some works have focused on provid-ing alternative models and definitions for white-box cryptography [57, 23] and other workshave introduced new primitives achieving security properties inspired from the white-box con-text [4, 8, 26, 2]. However, no white-box implementation achieving such security notions forstandard cipher such as AES is currently known. Further work is needed to refine and ex-tend security notions as well as to investigate new ways to achieve these notions for standardcryptographic primitives.

Practical constructions and attacks. All the proposed white-box constructions for stan-dard ciphers such as 3DES or AES have been broken so far. This situation has made theindustry move towards a black-box generation model in which the white-box implementationsare built from secret methods. However some powerful attacks adapted from the wide contextof side-channels [10, 56] have been shown to practically break most of the white-box imple-mentations in the field. More research is needed to analyze these attacks, and to developsecure countermeasures against these attacks that achieve acceptable levels of resistance inpossibly weakened white-box models.

Following this executive summary, the rest of the whitepaper is dedicated to exploringthese three sub-areas in more detail.

Major challenges and research directions

In what follows, we give a tentative list of research-oriented and industry-oriented challengesthat the field is facing at this time.

1. White-box cryptography from obfuscation:

(a) Construct efficient multilinear maps for existing iO schemes.

(b) Get complete security proofs for iO candidates and underlying multilinear mapsbased on simple hardness assumptions.

(c) Construct obfuscators from other primitives / hardness assumptions.

(d) Can we get secure white-box cryptography from an iO obfuscator?

(e) Does VBB obfuscation exist for AES?

D1.3 — White-box Cryptography – New Challenges and Research Directions 3

2. Formal approach to white-box cryptography:

(a) Refine and extend the proposed white-box security notions.

(b) Design new cryptographic primitives satisfying some specific white-box securitynotions.

(c) Does an incompressible implementation of AES exist?

(d) Does a one-way implementation of AES exist?

3. Practical constructions and attacks:

(a) Refine existing attacks and analyze their data/time complexities.

(b) Adapt existing side-channel countermeasures to the white-box setting (and dealwith the randomness issue).

(c) Adapt existing fault-attack countermeasures to the white-box setting.

(d) Define weakened white-box models and resistance levels to DCA and DFA attacks.

(e) Propose new white-box implementations that achieve some resistance levels.

(f) Does the black-box generation model allow a state-of-the-art designer to defeat astate-of-the-art attacker?

4 ECRYPT-CSA

Chapter 1

White-box cryptography fromobfuscation

White-box cryptography was introduced in [15, 16] as cryptography in the worst-case adver-sarial model where the attacker is assumed to have full access to the encryption software andcontrol of the execution environment. The goal of white-box cryptography is to design someimplementations of traditional cryptographic primitives (e.g. the AES cipher) in such a waythat they remain secure even in this extreme context. In particular, it should be difficult toextract the secret key from a secure white-box implementation. In other words, such an im-plementation must be sufficiently obfuscated to prevent the adversary from recovering the keyor breaking any other security property that would hold in the traditional black-box model.In this sense, white-box cryptography can be seen as a special case of obfuscation wherethe program to be obfuscated is a specific encryption program (or some other cryptographicprimitive).

General-purpose obfuscation has been widely studied in the cryptography literature andthe field has recently made huge advances. Some theoretical constructions achieving strongsecurity properties have been put forward. A theoretical approach to white-box cryptographyconsists in applying these general-purpose techniques to protect cryptographic programs.

1.1 State of the art

A seminal work towards the definition of general-purpose cryptographic obfuscation has beenpublished by Barak et al. in 2001 [1]. In this paper, the authors formalize the notion ofVirtual Black Box (VBB) obfuscation which states that an adversary given an obfuscatedprogram should not get any advantage compared to an adversary with a black-box access toan oracle computing the program. The authors further show that this (strong) notion cannotbe achieved by a general-purpose obfuscator since some “self-eating” programs exist whichare non-obfuscatable with respect to the VBB notion. The authors then suggest a relaxedsecurity notion called indistinguishability obfuscation (iO) which states that the obfuscationsof two functionally equivalent programs (of similar sizes) should be computationally indis-tinguishable. However no concrete construction of an iO obfuscator was proposed as thattime.

The theory of cryptographic obfuscation has made a huge progress in the past few years.Following the breakthrough design of fully homomorphic encryption by Gentry [30] and the

5

6 ECRYPT-CSA

underlying principle of encrypting with noise, some candidate constructions for multilinearmaps [27, 21] and indistinguishability obfuscation [28] have been proposed. Since the firstiO candidate in 2013 [28], many further variants and alternative constructions have beenpublished (see for instance [32, 61, 42]). Most of these schemes use multilinear maps asbuilding blocks. This makes them far from being practical since existing constructions ofmultilinear maps are very demanding in terms of computational resources [27, 21, 22, 31].Moreover, their security is not well established and it is frequent to see a candidate brokensoon after its publication [19, 18, 14, 46].

On the other hand, it is not clear whether iO would be the right obfuscation notion toget secure white-box cryptography. For instance, consider an AES obfuscator O that takes aprogram Pk computing AES under a secret key k, and that consists in extracting k from Pk

and returning a reference AES program with k as secret key. This obfuscator is arguably apretty bad obfuscator since it outputs a reference AES program from which key extractionis easy. And yet it satisfies the iO notion: for any two programs Pk and P ′

k computing AESunder the same key, by definition we have O(Pk) = O(P ′

k) (implying that O(Pk) and O(P ′k)

are indistinguishable in the strongest possible way). Of course, such a bad obfuscator couldbe very inefficient: extracting k from any AES program Pk can be done in time O(2|k|) butit is unclear whether it could be done more efficiently or not. So it could be the case thatan efficient iO AES obfuscator would be a good obfuscator with output programs resistingkey extraction. Actually, if an AES program Pk exists that resists key extraction and if Ois efficient, then O cannot extract k from Pk and O(Pk) still resists key extraction. Then bythe iO notion, the obfuscation of any other program P ′

k (about the same size of Pk) must alsoresist key extraction since O(Pk) and O(P ′

k) are indistinguishable.It is also to be noted that the impossibility result for the VBB obfuscation notion does

not apply to AES and the existence of a VBB-obfuscated AES program is an open question.Moreover, by a similar reasoning as above, the existence of a VBB-obfuscated AES wouldimply that any efficient iO obfuscator would achieve VBB for AES.

1.2 Open problems

(a) Construct efficient multilinear maps for existing iO schemes. As stated above,the huge majority of proposed iO schemes rely on multilinear maps as a building block.A first way to tackle the issue of constructing a practical (indistinguishability) obfuscatoris hence to come up with a multilinear map construction that is sufficiently efficient tobe used as a building block in an existing iO scheme.

(b) Get complete security proofs for iO candidates and underlying multilinearmaps based on simple hardness assumptions. The security of known multilinearmaps and underlying iO constructions relies on learning problems such as the Ring Learn-ing With Errors (RLWE) problem [52, 44] or the Approximate Greatest Common Divisor(AGCD) problem [58, 13]. However, no known construction is provably secure under theRLWE or AGCD hardness assumptions. In other words, these assumptions are necessaryfor the security to hold but by no means are they sufficient. A challenging open issueis to design multilinear maps or iO candidates with security proofs under the RLWE orAGCD hardness assumptions.

(c) Construct obfuscators from other primitives / hardness assumptions. Another


interesting research direction would be to change the underlying paradigm by trying tobuild obfuscators out of other cryptographic primitives (not multilinear maps) and/orrelying on different hardness assumptions (not AGCD, RLWE, or similar assumptions).

(d) Can we get secure white-box cryptography from an iO obfuscator? The iOsecurity notion does not ensure that an iO-obfuscated encryption program resists keyextraction. It would be worth investigating whether an iO obfuscator could be usedto obtain secure white-box cryptography. Also, it would be interesting to determinewhether applying existing iO constructions to AES (or some other cipher) would resultin a program resisting key extraction.

(e) Does VBB obfuscation exist for AES? The VBB security notion is the strongestobfuscation notion but it cannot be achieved by a general purpose obfuscator. However,no such impossibility result exists when considering obfuscation restricted to some class ofencryption programs such as AES. So the (in)existence of a VBB-obfuscated AES remainsan open question.

8 ECRYPT-CSA

Chapter 2

A formal approach to white-boxcryptography

As discussed in the previous section, applying general-purpose obfuscation techniques mightnot be the best strategy to obtain secure white-box cryptography. In particular, it is not clearwhether an obfuscator achieving the iO notion can be used to build an encryption programthat resists key extraction (the basic requirement for a white-box implementation). On theother hand, the stronger VBB security notion might be very hard (or even impossible) toachieve in practice. This situation stresses the need for alternative security notions dedicatedto white-box cryptography.

As aforementioned, the basic security requirement for a white-box implementation is toresist key extraction. However, it is not clear how a program satisfying this sole securityproperty would actually restrict an attacker compared to the straight knowledge of the key.One could actually expect more from white-box cryptography, and consider various securityproperties attached to white-box implementations.


Some attempts have been made to provide formal definitions and security notions for white-box cryptography. A first step towards a theoretical model was proposed by Saxena et al.in [57]. Their approach is to translate traditional cryptography notions in the white-boxmodel. They introduce the white-box property for an obfuscator as the ability to turn aprogram which is secure with respect to some black-box security notion into a program securewith respect to the same notion in the white-box setting. For instance, an obfuscator achievingthe white-box semantic security can turn a symmetric encryption scheme into a (semanticallysecure) asymmetric encryption scheme.

A subsequent work by Delerablee et al. [23] formalizes concrete white-box security notionsfor symmetric encryption schemes. The proposed notions are derived from folklore intuitionsbehind white-box cryptography. Specifically, and beyond the required key-extraction security,a white-box implementation may be one-way (the input is hard to recover from the output),incompressible (the possibly large code size of the implementation cannot be decreased undersome threshold), or traceable (different white-box implementations with the same key canbe traced securely). The authors show that the one-wayness and incompressibility notionscan be achieved for some particular RSA-based cipher but the question remains open for a

9

10 ECRYPT-CSA

standard symmetric cipher such as AES.While white-box cryptography is originally about implementing a given (standard) cryp-

tographic primitive in a way that achieves some security properties against a white-box ad-versary, some works have investigated the issue of designing new primitives with securityproperties inspired from the white-box cryptography context. A traceable block cipher rely-ing on multivariate cryptography has been proposed in [4] but it was then shown that thetraceability could actually be bypassed [24]. Further “white-box” ciphers have been designedfrom multivariate cryptography [6] and have also later been broken [47]. Recently, incom-pressible encryption primitives have been particularly investigated. In [7, 8], Bogdanov et al.define AES-based block ciphers for which table-based incompressible implementations exist(called space-hard ciphers). In [26], Fouque et al. refine the incompressibility security notionfrom [23] and provide further provably incompressible table-based ciphers. Another relatedwork by Bellare et al. investigates big-key symmetric encryption and proposes new ciphersrelying on big and provably incompressible keys [2].

2.2 Open problems

(a) Refine and extend the proposed white-box security notions. Only a few workshave proposed a provable security approach to white-box cryptography. More investiga-tions are needed to refine and extend the proposed security notions.

(b) Design new cryptographic primitives satisfying some specific white-box secu-rity notions. Several encryption primitives with incompressible code size or secret keyshave been proposed. Further primitives with other security properties inspired from thewhite-box context could be defined.

(c) Does an incompressible implementation of AES exist? While designing newprimitives achieving specific properties is always of interest, a real challenge would be todesign an incompressible implementation of the AES (or another standard SPN cipher).

(d) Does a one-way implementation of AES exist? Another challenging issue would beto design a white-box implementation of AES (or another standard SPN cipher) satisfyingthe one-wayness property. This would give the ability to turn AES into a public-keycryptosystem where the white-box AES implementation would play the role of the publicfunction and the corresponding secret key would allow the computation of the inverse(private) function. Hence one would get public key cryptography with very fast andcompact private operations.

Chapter 3

Practical constructions and attacks

White-box cryptography has traditionally been a practical subject, and white-box implemen-tations are meant to be implementable and to fit real-life practical constraints (e.g. the codesize should be at most a few megabytes for a smartphone application). This is in contrastwith proposed solutions for cryptographic obfuscation which are meant to be secure in strongmodels should they be far from any practical implementation.

Given the strong (omniscient) power of the white-box adversary, the issue of constructinga secure implementation in this model revealed itself as a very difficult issue. As a matter offact, all published proposals have systematically been broken. This lack of solutions togetherwith the strong industrial appeal for white-box techniques have given rise to the developmentof home-made solutions which are hoped to be practically secure by the secrecy of the white-box generation process. In other words, industrial applications rely on a weakened modelconsidering the black-box generation of white-box implementations. This model has incitedthe application of well-known techniques from gray-box attacks, namely the realm of side-channel and fault-injection attacks. Translating these attacks to the white-box context hasbeen shown to work quite well in practice and there is a general belief that most white-boximplementations currently in the field can be easily broken by these attacks.


The first white-box implementations were proposed in the seminal works of Chow et al. forthe DES and AES ciphers [15, 16]. The rough idea of these constructions is to expressthe implementation as a network of look-up tables which are composed of random one-to-one mappings (see also [48] for a detailed presentation). Unfortunately, this approach isinsufficient in the white-box setting where various attacks inspired from the cryptanalysis ofblockciphers can efficiently extract the key [36, 5]. Several attempts to mitigate these attackswere subsequently published [43, 12, 60, 38] but sooner or later, every one of them was shownto be insecure as well [33, 59, 51, 49, 41, 50, 40].

This lack of secure solutions and the growing need for protecting cryptographic softwarehave driven the industry to rely on home-made white-box implementations. In the pastyears, several companies have developed and advertised their own solutions based on secretobfuscation methods. The security of these solutions hence relies on a black-box generationmodel. This situation has put forward a new approach to attack black-box generated white-box implementations which consists in translating usual hardware attacks to the white-box

11

12 ECRYPT-CSA

setting. In particular, Differential Computational Analysis (DCA) [10, 56] applies DifferentialPower Analysis (DPA) techniques [39, 11] to so-called computational traces composed of all theintermediate results of the computation (bus transfers, register allocations, memory addresses,etc.). On the other hand, Differential Fault Analysis (DFA) [9, 3] can also be directly appliedto the white-box setting [36, 56]. According to the authors of the most recent works, DCA andDFA attacks can practically break a vast majority of white-box implementations currently inthe field. Besides, the first works follow an empirical approach and more analysis would beneeded to get more insight about these attacks in the white-box context.

A natural approach to protect white-box implementations against these threats would beto apply classical DPA and DFA countermeasures, such as desynchronization [17, 20], (higher-order) masking and shuffling [34, 35, 54, 53], redundancy and coherence checks [37, 45, 29].However a straight implementation of these countermeasures would not stand against a white-box adversary. With full control of the execution environment, an attacker has indeed accessto much more information than in a side-channel context. Resynchronization and unshufflingof the computational traces are made easier by exploiting synchronization data (memoryaddresses, program counter, ...) and the randomized shuffling index (that is directly availablein the white-box context). Masking can also be easily defeated when all the masks areavailable without side-channel noise. Coherence checks can be removed or simply fooled toassert a faulty computation as consistent. Moreover, dynamic randomness generation (whichis essential for the countermeasures in question) becomes a real issue in the white-box settingwhere an external RNG could easily be annihilated. It is hence a challenge to adapt existingcountermeasures to the white-box context and to be able to quantify the obtained level ofresistance.

The black-box generation model might be helpful to obfuscate such countermeasures byallowing the implementation of exotic methods far enough from the state of the art to beeasily removed. But it is not clear whether it would provide sufficient leverage to a state-of-the-art designer to defeat a state-of-the-art attacker. A way to get some insights about thisquestion is precisely to organize a public white-box competition in which designers are invitedto submit candidate white-box implementations that attackers try to break, and see whetherany implementation would make it through the process unbroken. This is the motivationbehind organizing the ECRYPT CSA WhibOx competition.

3.2 Open problems

(a) Refine existing attacks and analyze their data and time complexities. Pow-erful DCA and DFA attacks have been applied to practically break existing white-boximplementations. However no theoretical analysis of these attacks has been conducted sofar. More investigation is needed to refine them and properly assess their data and timecomplexities.

(b) Adapt existing side-channel countermeasures to the white-box setting (anddeal with the randomness issue). Adapting existing side-channel countermeasures tothe white-box setting while avoiding easy removal might be a real challenge. In particularit is not clear how to deal with dynamic randomness generation.

(c) Adapt existing fault-attack countermeasures to the white-box setting. Adapt-ing existing fault-attack countermeasures to the white-box setting is not straightforward.


Most particularly, the redundancy should be hidden to avoid an easy cancellation of thecoherence checks.

(d) Define weakened white-box models and resistance levels to DCA and DFAattacks. The white-box adversary model is very powerful and all candidate white-boximplementations have been broken so far. On the other hand, the black-box generation ofwhite-box implementations might mitigate such a strong adversary and enable to achievesome levels of resistance against practical attacks such as DCA and DFA. It would beworthwhile to formalize weakened white-box models in which resistance levels could betruly quantified.

(e) Propose new white-box implementations that achieve some levels of resis-tance. We are currently lacking publicly available white-box implementations that wouldresist existing attack (at least a bit). An important issue is to design new white-box imple-mentations that achieve some level of resistance in possibly weakened white-box models.

(f) Does the black-box generation model allow a state-of-the-art designer to de-feat a state-of-the-art attacker? Designing secret home-made white-box techniqueshas become customary to protect industrial products. However it is not clear whether re-lying on the black-box generation model gives enough leverage to thwart a state-of-the-artattacker. This question needs to be answered by organizing a public competition where(secretly generated) white-box implementations could be submitted and made publiclyavailable with the aim to resist practical attacks.

14 ECRYPT-CSA

Bibliography

[1] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang.On the (im)possibility of obfuscating programs. In J. Kilian, editor, CRYPTO 2001,volume 2139 of LNCS, pages 1–18. Springer, Heidelberg, Aug. 2001.

[2] M. Bellare, D. Kane, and P. Rogaway. Big-Key Symmetric Encryption: Resisting KeyExfiltration. In Advances in Cryptology - CRYPTO 2016, Lecture Notes in ComputerScience, pages 373–402. Springer, 2016. http://eprint.iacr.org/2016/541.

[3] E. Biham and A. Shamir. Differential fault analysis of secret key cryptosystems. InB. S. Kaliski Jr., editor, CRYPTO’97, volume 1294 of LNCS, pages 513–525. Springer,Heidelberg, Aug. 1997.

[4] O. Billet and H. Gilbert. A traceable block cipher. In C.-S. Laih, editor, ASI-ACRYPT 2003, volume 2894 of LNCS, pages 331–346. Springer, Heidelberg, Nov. / Dec.2003.

[5] O. Billet, H. Gilbert, and C. Ech-Chatbi. Cryptanalysis of a white box AES implemen-tation. In H. Handschuh and A. Hasan, editors, SAC 2004, volume 3357 of LNCS, pages227–240. Springer, Heidelberg, Aug. 2004.

[6] A. Biryukov, C. Bouillaguet, and D. Khovratovich. Cryptographic schemes based onthe ASASA structure: Black-box, white-box, and public-key (extended abstract). InP. Sarkar and T. Iwata, editors, ASIACRYPT 2014, Part I, volume 8873 of LNCS, pages63–84. Springer, Heidelberg, Dec. 2014.

[7] A. Bogdanov and T. Isobe. White-Box Cryptography Revisited: Space-Hard Ciphers.In I. Ray, N. Li, and C. Kruegel, editors, CCS 2015, pages 1058–1069. ACM, 2015.

[8] A. Bogdanov, T. Isobe, and E. Tischhauser. Towards practical whitebox cryptography:Optimizing efficiency and space hardness. To appear in ASIACRYPT 2016, 2016.

[9] D. Boneh, R. A. DeMillo, and R. J. Lipton. On the importance of checking cryptographicprotocols for faults (extended abstract). In W. Fumy, editor, EUROCRYPT’97, volume1233 of LNCS, pages 37–51. Springer, Heidelberg, May 1997.

[10] J. W. Bos, C. Hubain, W. Michiels, and P. Teuwen. Differential computation analysis:Hiding your white-box designs is not enough. In B. Gierlichs and A. Y. Poschmann, edi-tors, Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th InternationalConference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, volume 9813 ofLecture Notes in Computer Science, pages 215–236. Springer, 2016.

15

16 ECRYPT-CSA

[11] E. Brier, C. Clavier, and F. Olivier. Correlation power analysis with a leakage model. InM. Joye and J.-J. Quisquater, editors, CHES 2004, volume 3156 of LNCS, pages 16–29.Springer, Heidelberg, Aug. 2004.

[12] J. Bringer, H. Chabanne, and E. Dottax. White box cryptography: Another attempt.Cryptology ePrint Archive, Report 2006/468, 2006. http://eprint.iacr.org/2006/

468.

[13] Y. Chen and P. Q. Nguyen. Faster algorithms for approximate common divisors: Break-ing fully-homomorphic-encryption challenges over the integers. In D. Pointcheval andT. Johansson, editors, EUROCRYPT 2012, volume 7237 of LNCS, pages 502–519.Springer, Heidelberg, Apr. 2012.

[14] J. H. Cheon, P. Fouque, C. Lee, B. Minaud, and H. Ryu. Cryptanalysis of the new CLTmultilinear map over the integers. In Fischlin and Coron [25], pages 509–536.

[15] S. Chow, P. A. Eisen, H. Johnson, and P. C. van Oorschot. A white-box DES im-plementation for DRM applications. In J. Feigenbaum, editor, Security and Privacyin Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, Washington, DC,USA, November 18, 2002, Revised Papers, volume 2696 of Lecture Notes in ComputerScience, pages 1–15. Springer, 2002.

[16] S. Chow, P. A. Eisen, H. Johnson, and P. C. van Oorschot. White-box cryptography andan AES implementation. In K. Nyberg and H. M. Heys, editors, SAC 2002, volume 2595of LNCS, pages 250–270. Springer, Heidelberg, Aug. 2003.

[17] C. Clavier, J.-S. Coron, and N. Dabbous. Differential power analysis in the presenceof hardware countermeasures. In Cetin Kaya. Koc and C. Paar, editors, CHES 2000,volume 1965 of LNCS, pages 252–263. Springer, Heidelberg, Aug. 2000.

[18] J. Coron, M. S. Lee, T. Lepoint, and M. Tibouchi. Cryptanalysis of GGH15 multilinearmaps. In Robshaw and Katz [55], pages 607–628.

[19] J.-S. Coron, C. Gentry, S. Halevi, T. Lepoint, H. K. Maji, E. Miles, M. Raykova, A. Sahai,and M. Tibouchi. Zeroizing without low-level zeroes: New MMAP attacks and theirlimitations. In R. Gennaro and M. J. B. Robshaw, editors, CRYPTO 2015, Part I,volume 9215 of LNCS, pages 247–266. Springer, Heidelberg, Aug. 2015.

[20] J.-S. Coron and I. Kizhvatov. An efficient method for random delay generation in em-bedded software. In C. Clavier and K. Gaj, editors, CHES 2009, volume 5747 of LNCS,pages 156–170. Springer, Heidelberg, Sept. 2009.

[21] J.-S. Coron, T. Lepoint, and M. Tibouchi. Practical multilinear maps over the integers.In R. Canetti and J. A. Garay, editors, CRYPTO 2013, Part I, volume 8042 of LNCS,pages 476–493. Springer, Heidelberg, Aug. 2013.

[22] J.-S. Coron, T. Lepoint, and M. Tibouchi. New multilinear maps over the integers. InR. Gennaro and M. J. B. Robshaw, editors, CRYPTO 2015, Part I, volume 9215 ofLNCS, pages 267–286. Springer, Heidelberg, Aug. 2015.


[23] C. Delerablee, T. Lepoint, P. Paillier, and M. Rivain. White-box security notions forsymmetric encryption schemes. In T. Lange, K. Lauter, and P. Lisonek, editors, SAC2013, volume 8282 of LNCS, pages 247–264. Springer, Heidelberg, Aug. 2014.

[24] J.-C. Faugere and L. Perret. Polynomial equivalence problems: Algorithmic and theoret-ical aspects. In S. Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages30–47. Springer, Heidelberg, May / June 2006.

[25] M. Fischlin and J. Coron, editors. Advances in Cryptology - EUROCRYPT 2016 - 35thAnnual International Conference on the Theory and Applications of Cryptographic Tech-niques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I, volume 9665 of LectureNotes in Computer Science. Springer, 2016.

[26] P.-A. Fouque, P. Karpman, P. Kirchner, and B. Minaud. Efficient and provable white-box primitives. To appear in ASIACRYPT 2016, 2016. Available at http://eprint.

iacr.org/2016/642.

[27] S. Garg, C. Gentry, and S. Halevi. Candidate multilinear maps from ideal lattices. InT. Johansson and P. Q. Nguyen, editors, EUROCRYPT 2013, volume 7881 of LNCS,pages 1–17. Springer, Heidelberg, May 2013.

[28] S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters. Candidate indistin-guishability obfuscation and functional encryption for all circuits. In 54th FOCS, pages40–49. IEEE Computer Society Press, Oct. 2013.

[29] L. Genelle, C. Giraud, and E. Prouff. Securing AES Implementation against Fault At-tacks. In L. Breveglieri, I. Koren, D. Naccache, E. Oswald, and J. Seifert, editors, SixthInternational Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009,Lausanne, Switzerland, 6 September 2009, pages 51–62. IEEE Computer Society, 2009.

[30] C. Gentry. Fully homomorphic encryption using ideal lattices. In M. Mitzenmacher,editor, 41st ACM STOC, pages 169–178. ACM Press, May / June 2009.

[31] C. Gentry, S. Gorbunov, and S. Halevi. Graph-induced multilinear maps from lattices.In Y. Dodis and J. B. Nielsen, editors, TCC 2015, Part II, volume 9015 of LNCS, pages498–527. Springer, Heidelberg, Mar. 2015.

[32] C. Gentry, A. B. Lewko, A. Sahai, and B. Waters. Indistinguishability Obfuscation fromthe Multilinear Subgroup Elimination Assumption. In V. Guruswami, editor, IEEE 56thAnnual Symposium on Foundations of Computer Science, FOCS 2015, Berkeley, CA,USA, 17-20 October, 2015, pages 151–170. IEEE Computer Society, 2015.

[33] L. Goubin, J.-M. Masereel, and M. Quisquater. Cryptanalysis of white box DES imple-mentations. In C. M. Adams, A. Miri, and M. J. Wiener, editors, SAC 2007, volume4876 of LNCS, pages 278–295. Springer, Heidelberg, Aug. 2007.

[34] L. Goubin and J. Patarin. DES and differential power analysis (the “duplication”method). In Cetin Kaya. Koc and C. Paar, editors, CHES’99, volume 1717 of LNCS,pages 158–172. Springer, Heidelberg, Aug. 1999.

18 ECRYPT-CSA

[35] C. Herbst, E. Oswald, and S. Mangard. An AES smart card implementation resistantto power analysis attacks. In J. Zhou, M. Yung, and F. Bao, editors, ACNS 06, volume3989 of LNCS, pages 239–252. Springer, Heidelberg, June 2006.

[36] M. Jacob, D. Boneh, and E. W. Felten. Attacking an Obfuscated Cipher by InjectingFaults. In J. Feigenbaum, editor, DRM 2002, volume 2696 of Lecture Notes in ComputerScience, pages 16–31. Springer, 2002.

[37] R. Karri, G. Kuznetsov, and M. Gossel. Parity-based concurrent error detection ofsubstitution-permutation network block ciphers. In C. D. Walter, Cetin Kaya. Koc, andC. Paar, editors, CHES 2003, volume 2779 of LNCS, pages 113–124. Springer, Heidelberg,Sept. 2003.

[38] M. Karroumi. Protecting white-box AES with dual ciphers. In K. H. Rhee and D. Nyang,editors, ICISC 10, volume 6829 of LNCS, pages 278–291. Springer, Heidelberg, Dec. 2011.

[39] P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. J. Wiener, editor,CRYPTO’99, volume 1666 of LNCS, pages 388–397. Springer, Heidelberg, Aug. 1999.

[40] T. Lepoint and M. Rivain. Another nail in the coffin of white-box AES implementations.Cryptology ePrint Archive, Report 2013/455, 2013. http://eprint.iacr.org/2013/

455.

[41] T. Lepoint, M. Rivain, Y. D. Mulder, P. Roelse, and B. Preneel. Two attacks on awhite-box AES implementation. In T. Lange, K. Lauter, and P. Lisonek, editors, SAC2013, volume 8282 of LNCS, pages 265–285. Springer, Heidelberg, Aug. 2014.

[42] H. Lin. Indistinguishability obfuscation from constant-degree graded encoding schemes.In Fischlin and Coron [25], pages 28–57.

[43] H. E. Link and W. D. Neumann. Clarifying obfuscation: Improving the security of white-box encoding. Cryptology ePrint Archive, Report 2004/025, 2004. http://eprint.

iacr.org/2004/025.

[44] V. Lyubashevsky, C. Peikert, and O. Regev. On ideal lattices and learning with errorsover rings. In H. Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 1–23.Springer, Heidelberg, May 2010.

[45] T. Malkin, F. Standaert, and M. Yung. A Comparative Cost/Security Analysis of FaultAttack Countermeasures. In L. Breveglieri, I. Koren, D. Naccache, and J. Seifert, editors,FDTC 2006, volume 4236 of Lecture Notes in Computer Science, pages 159–172. Springer,2006.

[46] E. Miles, A. Sahai, and M. Zhandry. Annihilation attacks for multilinear maps: Crypt-analysis of indistinguishability obfuscation over GGH13. In Robshaw and Katz [55],pages 629–658.

[47] B. Minaud, P. Derbez, P. Fouque, and P. Karpman. Key-recovery attacks on ASASA. InT. Iwata and J. H. Cheon, editors, Advances in Cryptology - ASIACRYPT 2015, volume9453 of Lecture Notes in Computer Science, pages 3–27. Springer, 2015.


[48] J. A. Muir. A tutorial on white-box AES. Cryptology ePrint Archive, Report 2013/104,2013. http://eprint.iacr.org/2013/104.

[49] Y. D. Mulder, P. Roelse, and B. Preneel. Cryptanalysis of the Xiao-Lai white-box AESimplementation. In L. R. Knudsen and H. Wu, editors, SAC 2012, volume 7707 of LNCS,pages 34–49. Springer, Heidelberg, Aug. 2013.

[50] Y. D. Mulder, P. Roelse, and B. Preneel. Revisiting the BGE attack on a white-box AESimplementation. Cryptology ePrint Archive, Report 2013/450, 2013. http://eprint.

iacr.org/2013/450.

[51] Y. D. Mulder, B. Wyseur, and B. Preneel. Cryptanalysis of a perturbated white-box AESimplementation. In G. Gong and K. C. Gupta, editors, INDOCRYPT 2010, volume 6498of LNCS, pages 292–310. Springer, Heidelberg, Dec. 2010.

[52] O. Regev. On lattices, learning with errors, random linear codes, and cryptography. InH. N. Gabow and R. Fagin, editors, 37th ACM STOC, pages 84–93. ACM Press, May2005.

[53] M. Rivain and E. Prouff. Provably secure higher-order masking of AES. In S. Man-gard and F.-X. Standaert, editors, CHES 2010, volume 6225 of LNCS, pages 413–427.Springer, Heidelberg, Aug. 2010.

[54] M. Rivain, E. Prouff, and J. Doget. Higher-order masking and shuffling for softwareimplementations of block ciphers. In C. Clavier and K. Gaj, editors, CHES 2009, volume5747 of LNCS, pages 171–188. Springer, Heidelberg, Sept. 2009.

[55] M. Robshaw and J. Katz, editors. Advances in Cryptology - CRYPTO 2016 - 36thAnnual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18,2016, Proceedings, Part II, volume 9815 of Lecture Notes in Computer Science. Springer,2016.

[56] E. Sanfelix, C. Mune, and J. de Haas. Unboxing the white-box – practical attacks againstobfuscated ciphers. Black Hat 2015.

[57] A. Saxena, B. Wyseur, and B. Preneel. Towards security notions for white-box cryptog-raphy. In P. Samarati, M. Yung, F. Martinelli, and C. A. Ardagna, editors, ISC 2009,volume 5735 of LNCS, pages 49–58. Springer, Heidelberg, Sept. 2009.

[58] M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan. Fully homomorphic encryp-tion over the integers. In H. Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS,pages 24–43. Springer, Heidelberg, May 2010.

[59] B. Wyseur, W. Michiels, P. Gorissen, and B. Preneel. Cryptanalysis of white-box DESimplementations with arbitrary external encodings. In C. M. Adams, A. Miri, and M. J.Wiener, editors, SAC 2007, volume 4876 of LNCS, pages 264–277. Springer, Heidelberg,Aug. 2007.

[60] Y. Xiao and X. Lai. A secure implementation of white-box AES. 2nd InternationalConference on Computer Science and its Applications (CSA 2009), 2009.

20 ECRYPT-CSA

[61] J. Zimmerman. How to obfuscate programs directly. In E. Oswald and M. Fischlin,editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS, pages 439–467. Springer,Heidelberg, Apr. 2015.

h2020-ict-2014 { project 645421 ecrypt { csa ecrypt ...white-box cryptography from obfuscation...

Documents