CryptoDB
Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures
Authors: |
|
---|---|
Download: | |
Abstract: | On white-box implementations, it has been proven that differential computation analysis (DCA) can recover secret keys without time-costly reverse engineering. At CHES 2021, Seker et al. combined linear and non-linear masking protections (SEL masking) to prevent sensitive variables from being predicted by DCA. At Eurocrypt 2021, Biryukov and Udovenko introduced a public dummy shuffling construction (BU shuffling) to protect sensitive functions. In this paper, we extend higher-order DCA (HO-DCA) to higher-degree context for exploiting the vulnerabilities against the state-of-the-art countermeasures. The data-dependency HO-DCA (DDHO-DCA), which is proposed at CHES 2020, is improved to successfully recover the correct key of SEL masking. In specific, our improved DDHO-DCA can also enhance the attack result of #100 which is the third winning challenge in WhibOx 2019. Since the XOR phase plays the same role as linear masking, we prove that a specific BU shuffling is vulnerable to HO-DCA attacks. Furthermore, we demonstrate that the combination of SEL masking and the specific BU shuffling still cannot defeat our higher-degree HO-DCA and improved DDHO-DCA attacks. |
BibTeX
@article{tches-2022-32690, title={Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures}, journal={IACR Transactions on Cryptographic Hardware and Embedded Systems}, publisher={Ruhr-Universität Bochum}, volume={2023, Issue 1}, pages={369-400}, url={https://tches.iacr.org/index.php/TCHES/article/view/9956}, doi={10.46586/tches.v2023.i1.369-400}, author={Yufeng Tang and Zheng Gong and Jinhai Chen and Nanjiang Xie}, year=2022 }