Public quadratic polynomial-tuples for efficient signature-verification and message-encryption
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
The Design of Rijndael
White-Box Cryptography and an AES Implementation
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
In How Many Ways Can You Write Rijndael?
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of a Generic Class of White-Box Implementations
Selected Areas in Cryptography
A toolbox for cryptanalysis: linear and affine equivalence algorithms
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Cryptanalysis of a white box AES implementation
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Polynomial equivalence problems: algorithmic and theoretical aspects
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Perturbing and protecting a traceable block cipher
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Hi-index | 0.00 |
In order to protect AES software running on untrusted platforms, Chow et al. (2002) designed a white-box implementation. However, Billet et al. (2004) showed that the secret key can be extracted with a time complexity of 230. In this paper, we present an improved whitebox implementation of AES. We use dual ciphers to modify the state and key representations in each round as well as two of the four classical AES operations, SubBytes and MixColumns. We show that, with 61200 possible dual ciphers the complexity of Billet et al. attack is raised to 291. Interestingly, our white-box implementation does not require more memory space than that of Chow et al. implementation.