[Resource Topic] 2013/450: Revisiting the BGE Attack on a White-Box AES Implementation

Welcome to the resource topic for 2013/450

Title:
Revisiting the BGE Attack on a White-Box AES Implementation

Authors: Yoni De Mulder, Peter Roelse, Bart Preneel

Abstract:

White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack (referred to as the BGE attack) on this implementation, extracting its embedded AES key with a work factor of 2^{30}. In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. This paper presents several improvements to the other phases of the BGE attack. The paper shows that the overall work factor of the BGE attack is reduced to 2^{22} when all improvements are implemented. In 2010, Karroumi presented a white-box AES implementation that is designed to withstand the BGE attack. This paper shows that the implementations of Karroumi and Chow \emph{et al.} are the same. As a result, Karroumi’s white-box AES implementation is vulnerable to the attack it was designed to resist.

ePrint: https://eprint.iacr.org/2013/450

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .