International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures

Authors:
Yufeng Tang , School of Computer Science, South China Normal University, Guangzhou, China
Zheng Gong , School of Computer Science, South China Normal University, Guangzhou, China
Jinhai Chen , School of Computer Science, South China Normal University, Guangzhou, China
Nanjiang Xie , School of Computer Science, South China Normal University, Guangzhou, China
Download:
DOI: 10.46586/tches.v2023.i1.369-400
URL: https://tches.iacr.org/index.php/TCHES/article/view/9956
Search ePrint
Search Google
Abstract: On white-box implementations, it has been proven that differential computation analysis (DCA) can recover secret keys without time-costly reverse engineering. At CHES 2021, Seker et al. combined linear and non-linear masking protections (SEL masking) to prevent sensitive variables from being predicted by DCA. At Eurocrypt 2021, Biryukov and Udovenko introduced a public dummy shuffling construction (BU shuffling) to protect sensitive functions. In this paper, we extend higher-order DCA (HO-DCA) to higher-degree context for exploiting the vulnerabilities against the state-of-the-art countermeasures. The data-dependency HO-DCA (DDHO-DCA), which is proposed at CHES 2020, is improved to successfully recover the correct key of SEL masking. In specific, our improved DDHO-DCA can also enhance the attack result of #100 which is the third winning challenge in WhibOx 2019. Since the XOR phase plays the same role as linear masking, we prove that a specific BU shuffling is vulnerable to HO-DCA attacks. Furthermore, we demonstrate that the combination of SEL masking and the specific BU shuffling still cannot defeat our higher-degree HO-DCA and improved DDHO-DCA attacks.
BibTeX
@article{tches-2022-32690,
  title={Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 1},
  pages={369-400},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9956},
  doi={10.46586/tches.v2023.i1.369-400},
  author={Yufeng Tang and Zheng Gong and Jinhai Chen and Nanjiang Xie},
  year=2022
}