Abstract
White-box cryptography aims to protect secret keys when an algorithm is to be executed in an exposed environment, possibly fully controlled by an attacker. While this field enjoys a significant interest from researchers, a large majority of works focus on block ciphers, and asymmetric cryptography has been very little studied to date. This is in contrast with actual needs and usages by the industry. Indeed, most commercial white-box solutions offer asymmetric cryptography, and most notably the ECDSA signature. This paper provides a deeper comprehension on the challenges of such white-box ECDSA implementations. In particular, we highlight the existence of particularly devastating attacks, induced for instance by the lack of a reliable source of randomness in the white-box context. We also give an insight into the actual strategies for securing products in the field. To this end, we analyse the sole source of information – which is the patents filled by companies – and discuss how they respond to existing threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alpirez Bock, E., Amadori, A., Brzuska, C., Michiels, E.: On the security goals of white-box cryptography. Cryptogr. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 327–357 (2020). https://tches.iacr.org/index.php/TCHES/article/view/8554
Alpirez Bock, E., Brzuska, C., Fischlin, M., Janson, C., Michiels, W.: Security reductions for white-box key-storage in mobile payments. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 221–252. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_8
Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: breaking ECDSA with less than one bit of nonce leakage. In: Ligatti, L., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 225–242. ACM Press, November 2020
Barthelemy, L.: Toward an asymmetric white-box proposal. Cryptology ePrint Archive, Report 2020/893 (2020). https://eprint.iacr.org/2020/893
Bellcore. New Threat Model Breaks Crypto Codes. Press Release, September 1996
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8
Billet, O., Gilbert, H.: A Traceable block cipher. In: Laih, C.-S. (ed.) ASIACRYPT 2003, vol. 2894, LNCS, pp. 331–346. Springer, Heidelberg, November/December 2003
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16
Bockes, M.: White-box ECC implementation. Patent WO2020192968A1 (2020)
Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_11
Breitner, J., Heninger, J.: Biased nonce sense: lattice attacks against weak ECDSA signatures in cryptocurrencies. In: Goldberg, I., Moore, T. (eds.) FC 2019, vol. 11598, LNCS, pp. 3–20. Springer, Heidelberg, February 2019
Brier, É., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45664-3_24
Bringer, J., Chabanne, H., Dottax, H.: White box cryptography: another attempt. cryptology ePrint Archive, Report 2006/468 (2006). https://eprint.iacr.org/2006/468
Casteigts, A.: White-Box Elliptic Curve Diffie-Hellman (2011). https://www.labri.fr/perso/acasteig/files/ecdh-report.pdf
Cavallo, R., Di Crescenzo, G., Kahrobaei, D., Shpilrain, V.: Efficient and secure delegation of group exponentiation to a single server. Cryptology ePrint Archive, Report 2015/206 (2015). https://eprint.iacr.org/2015/206
Chabanne, H., Prouff, E.: Method for electronic signing of a document with a predetermined secret key. Patent FR3063857A1 (2018)
CHES 2017: Capture the Flag Challenge - The WhibOx Contest - An ECRYPT White-Box Cryptography Competition. https://whibox-contest.github.io/2017/
CHES 2019: Capture the Flag Challenge - The WhibOx Contest Edition 2. https://whibox-contest.github.io/2019/
CHES 2021 Challenge - WhibOx Contest. https://whibox.io/contests/2021/
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1
Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25
CryptoExperts SAS. White-Box Cryptography. https://www.cryptoexperts.com/technologies/white-box/
De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3
De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3
Delerablée, C., Lepoint, T., Paillier, P., Rivain, P.: White-box security notions for symmetric encryption schemes. Cryptology ePrint Archive, Report 2013/523, 2013. https://eprint.iacr.org/2013/523
Digital.ai. Application Protection. https://digital.ai/application-protection
Dottax, E.: Fault Attacks on NESSIE Signature and Identification Schemes. Technical report, NESSIE, October 2002. https://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/SideChan_1.pdf
Feng, Q., He, D., Wang, H., Kumar, N., Choo, K.-K. R.: White-box implementation of Shamirs identity-based signature scheme. IEEE Syst. J. 14, 1820–1829 (2019)
Fersch, M., Kiltz, E., Poettering, B.: On the provable security of (EC)DSA signatures. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016)
FIPS PUB 186–4. Digital Signature Standard. National Institute of Standards and Technology, July 2013
Giraud, C., Knudsen, E.W.: Fault attacks on signature schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 478–491. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_41
Giraud, C., Thiebeauld, H.: A survey on fault attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte,Y., Kalam, A.E. (eds.) Smart Card Research and Advanced Applications VI (CARDIS 2004), pp. 159–176. Kluwer Academic Publishers (2004)
Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_18
Gouget, A., Vacek, J.: Method for generating a digital signature of an input message. Patent EP3709561A1 (2020)
intertrust. whiteCryption Secure Key Box. https://www.intertrust.com/products/application-protection/secure-key-box/
Irdeto. Cloakware. https://irdeto.com/whitebox-cryptography/
Jancar, J., Sedlacek, V., Svenda, P., Sys, M.: Minerva: the curse of ECDSA nonces. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 281–308 (2020). https://tches.iacr.org/index.php/TCHES/article/view/8684
JORF n0241. Avis relatif aux paramètres de courbes elliptiques définis par l’État français, October 16 2011
Joye, M.: Protecting ECC against fault attacks: the ring extension method revisited. J. Math. Cryptol. 14(1), 254–267 (2020)
Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography — an algebraic approach —. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_31
Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_19
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
T. Lepoint, M. Rivain, Y. De Mulder, P. Roelse, and B. Preneel. Two Attacks on a White-Box AES Implementation. In T. Lange, K. Lauter, and P. Lisonek, editors, SAC 2013, volume 8282 of LNCS, pages 265–285. Springer, Heidelberg, Aug. 2014
Lochter, M.: RFC 5639: ECC Brainpool Standard Curves and Curve Generation (2010). https://tools.ietf.org/pdf/rfc5639.pdf
Lomné, V., Roche, T.: A side journey to Titan (2021). https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_27
Muir, J., Sui, J., Murdock, D., Eisen, P.: System and method for protecting cryptographic assets from a white-box attack. Patent CA2792787C (2015)
PACE Anti-Piracy Inc., White-Box Works. https://www.paceap.com/white-box_cryptography.html
Paillier, P.: Public-key cryptosystems based on composite degree Residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16
Quarkslab. Quarks Keys Protect. https://quarkslab.com/quarks-appshield-keys-protect/
Rietman, R., De Hoogh, S.R.: Elliptic curve point multiplication device and method for signing a message in a white-box context. Patent US020200119918A1 (2020)
Rivain, M.: Fast and regular algorithms for scalar multiplication over elliptic curves. Cryptology ePrint Archive, Report 2011/338 (2011). https://eprint.iacr.org/2011/338
Saxena, A., Wyseur, B., Preneel, B.: Towards security notions for white-box cryptography. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 49–58. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_4
Servant, V., Chabanne, H., Prouff, E.: Method for electronic signing of a document with a predetermined secret key. Patent FR3066845B1 (2018)
Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks . Patent US005991415A (1999)
Standards for Efficient Cryptography Group (SECG). SEC 2 Ver 2.0 : Recommended Elliptic Curve Domain Parameters. Certicom Research, January 27, 2010
Thales. Sentinel Portfolio. https://cpl.thalesgroup.com/software-monetization/white-box-cryptography
Vanstone, S.: Responses to NIST’s proposal. Commun. ACM 35, 50–52 (1992)
Vaudenay, S.: The security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_23
Verimatrix. Whitebox Designer. https://www.verimatrix.com/products/whitebox/
Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_17
Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: 2nd International Conference on Computer Science and its Applications, pp. 1–6. IEEE (2009)
Zhang, Y., He, D., Huang, X., Wang, D., Choo, K.-K. R., Wang, J.: White-Box implementation of the identity-based signature scheme in the IEEE P1363 standard for public key cryptography. IEICE Trans. Inf. Syst. E103.D(2),188–195 (2020)
Zhou, J., Bai, J., Jiang, M.S.: White-box implementation of ECDSA based on the cloud plus side mode. Secur. Commun. Netw. 2020, 8881116:1–8881116:10 (2020)
Acknowledgements
We would like to thank Hervé Chabanne for pointing out patents, and Guillaume Barbu, Laurent Castelnovi, Thomas Chabrier, Sarah Lopez, Nathan Reboud and Stphane Schneider for helpful comments on the preliminary version of this article.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Dottax, E., Giraud, C., Houzelot, A. (2021). White-Box ECDSA: Challenges and Existing Solutions. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-89915-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89914-1
Online ISBN: 978-3-030-89915-8
eBook Packages: Computer ScienceComputer Science (R0)