Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures
DOI:
https://doi.org/10.46586/tches.v2023.i1.369-400Keywords:
White-box Implementation, Masking, Dummy Shuffling, Higher-order DCA, Data-dependency AttackAbstract
On white-box implementations, it has been proven that differential computation analysis (DCA) can recover secret keys without time-costly reverse engineering. At CHES 2021, Seker et al. combined linear and non-linear masking protections (SEL masking) to prevent sensitive variables from being predicted by DCA. At Eurocrypt 2021, Biryukov and Udovenko introduced a public dummy shuffling construction (BU shuffling) to protect sensitive functions. In this paper, we extend higher-order DCA (HO-DCA) to higher-degree context for exploiting the vulnerabilities against the state-of-the-art countermeasures. The data-dependency HO-DCA (DDHO-DCA), which is proposed at CHES 2020, is improved to successfully recover the correct key of SEL masking. In specific, our improved DDHO-DCA can also enhance the attack result of #100 which is the third winning challenge in WhibOx 2019. Since the XOR phase plays the same role as linear masking, we prove that a specific BU shuffling is vulnerable to HO-DCA attacks. Furthermore, we demonstrate that the combination of SEL masking and the specific BU shuffling still cannot defeat our higher-degree HO-DCA and improved DDHO-DCA attacks.
Downloads
Published
Issue
Section
License
Copyright (c) 2022 Yufeng Tang, Zheng Gong, Jinhai Chen, Nanjiang Xie
This work is licensed under a Creative Commons Attribution 4.0 International License.