Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures

Authors

  • Yufeng Tang School of Computer Science, South China Normal University, Guangzhou, China
  • Zheng Gong School of Computer Science, South China Normal University, Guangzhou, China
  • Jinhai Chen School of Computer Science, South China Normal University, Guangzhou, China
  • Nanjiang Xie School of Computer Science, South China Normal University, Guangzhou, China

DOI:

https://doi.org/10.46586/tches.v2023.i1.369-400

Keywords:

White-box Implementation, Masking, Dummy Shuffling, Higher-order DCA, Data-dependency Attack

Abstract

On white-box implementations, it has been proven that differential computation analysis (DCA) can recover secret keys without time-costly reverse engineering. At CHES 2021, Seker et al. combined linear and non-linear masking protections (SEL masking) to prevent sensitive variables from being predicted by DCA. At Eurocrypt 2021, Biryukov and Udovenko introduced a public dummy shuffling construction (BU shuffling) to protect sensitive functions. In this paper, we extend higher-order DCA (HO-DCA) to higher-degree context for exploiting the vulnerabilities against the state-of-the-art countermeasures. The data-dependency HO-DCA (DDHO-DCA), which is proposed at CHES 2020, is improved to successfully recover the correct key of SEL masking. In specific, our improved DDHO-DCA can also enhance the attack result of #100 which is the third winning challenge in WhibOx 2019. Since the XOR phase plays the same role as linear masking, we prove that a specific BU shuffling is vulnerable to HO-DCA attacks. Furthermore, we demonstrate that the combination of SEL masking and the specific BU shuffling still cannot defeat our higher-degree HO-DCA and improved DDHO-DCA attacks.

Downloads

Published

2022-11-29

Issue

Section

Articles

How to Cite

Higher-Order DCA Attacks on White-Box Implementations with Masking and Shuffling Countermeasures. (2022). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(1), 369-400. https://doi.org/10.46586/tches.v2023.i1.369-400