A White-Box Masking Scheme Resisting Computational and Algebraic Attacks

White-box cryptography attempts to protect cryptographic secrets in pure software implementations. Due to their high utility, white-box cryptosystems (WBC) are deployed by the industry even though the security of these constructions is not well defined. A major breakthrough in generic cryptanalysis of WBC was Differential Computation Analysis (DCA), which requires minimal knowledge of the underlying white-box protection and also thwarts many obfuscation methods. To avert DCA, classic masking countermeasures originally intended to protect against highly related side-channel attacks have been proposed for use in WBC. However, due to the controlled environment of WBCs, new algebraic attacks against classic masking schemes have quickly been found. These algebraic DCA attacks break all classic masking countermeasures efficiently, as they are independent of the masking order.In this work, we propose a novel generic masking scheme that can resist both DCA and algebraic DCA attacks. The proposed scheme extends the seminal work by Ishai et al. which is probing secure and thus resists DCA, to also resist algebraic attacks. To prove the security of our scheme, we demonstrate the connection between two main security notions in white-box cryptography: probing security and prediction security. Resistance of our masking scheme to DCA is proven for an arbitrary order of protection, using the well-known strong non-interference notion by Barthe et al. Our masking scheme also resists algebraic attacks, which we show concretely for first and second-order algebraic protection. Moreover, we present an extensive performance analysis and quantify the overhead of our scheme, for a proof-of-concept protection of an AES implementation.

Linear codes from vectorial Boolean functions in the context of algebraic attacks

In this paper, we study the relationship between vectorial (Boolean) functions and cyclic codes in the context of algebraic attacks. We first derive a direct link between the annihilators of a vectorial function (in univariate form) and certain [Formula: see text]-ary cyclic codes (which we show that they are LCD codes). We also present some properties of those cyclic codes as well as their weight enumerator. In addition, we generalize the so-called algebraic complement and study its properties.

Findings Annihilator(s) via Fault Injection Attack (FIA) on Boolean Function of Grain v0

In developing stream cipher algorithms, Boolean function is one of vital elements. Attacks on LFSR-based stream cipher is the challenge for the cryptanalyst to get low-degree annihilator(s). In this paper, we proposed Fault Injection Attack (FIA) on Boolean function of Grain v0, which is the original variant of Grain family algorithm. Fault injection attack (FIA) is used on Boolean function of Grain v0 by replacing certain coefficient with value of one (1) which results in the generation of several injected Boolean functions. With these injected Boolean function, we proceed using HAO’s algorithm to find annihilator(s). As a result, we obtained several new annihilator(s) of Grain v0’s Boolean function. This new annihilator(s) will be utilized to launch algebraic attacks upon Grain v0.