Protecting white-box AES with dual ciphers

Authors:
Mohamed Karroumi
Affiliations:
Technicolor, Security & Content Protection Labs, Cesson-Sévigné Cedex, France
Venue:
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Year:
2010

Citing 10
Cited 0

Public quadratic polynomial-tuples for efficient signature-verification and message-encryption

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
The Design of Rijndael

The Design of Rijndael
White-Box Cryptography and an AES Implementation

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
In How Many Ways Can You Write Rijndael?

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of a Generic Class of White-Box Implementations

Selected Areas in Cryptography
A toolbox for cryptanalysis: linear and affine equivalence algorithms

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Cryptanalysis of a white box AES implementation

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
More dual rijndaels

AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Polynomial equivalence problems: algorithmic and theoretical aspects

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Perturbing and protecting a traceable block cipher

CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In order to protect AES software running on untrusted platforms, Chow et al. (2002) designed a white-box implementation. However, Billet et al. (2004) showed that the secret key can be extracted with a time complexity of 230. In this paper, we present an improved whitebox implementation of AES. We use dual ciphers to modify the state and key representations in each round as well as two of the four classical AES operations, SubBytes and MixColumns. We show that, with 61200 possible dual ciphers the complexity of Billet et al. attack is raised to 291. Interestingly, our white-box implementation does not require more memory space than that of Chow et al. implementation.