Skip to main content
SpringerLink
Log in

White-Box ECDSA: Challenges and Existing Solutions

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12910))

Abstract

White-box cryptography aims to protect secret keys when an algorithm is to be executed in an exposed environment, possibly fully controlled by an attacker. While this field enjoys a significant interest from researchers, a large majority of works focus on block ciphers, and asymmetric cryptography has been very little studied to date. This is in contrast with actual needs and usages by the industry. Indeed, most commercial white-box solutions offer asymmetric cryptography, and most notably the ECDSA signature. This paper provides a deeper comprehension on the challenges of such white-box ECDSA implementations. In particular, we highlight the existence of particularly devastating attacks, induced for instance by the lack of a reliable source of randomness in the white-box context. We also give an insight into the actual strategies for securing products in the field. To this end, we analyse the sole source of information – which is the patents filled by companies – and discuss how they respond to existing threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alpirez Bock, E., Amadori, A., Brzuska, C., Michiels, E.: On the security goals of white-box cryptography. Cryptogr. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 327–357 (2020). https://tches.iacr.org/index.php/TCHES/article/view/8554

  2. Alpirez Bock, E., Brzuska, C., Fischlin, M., Janson, C., Michiels, W.: Security reductions for white-box key-storage in mobile payments. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 221–252. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_8

    Chapter  Google Scholar 

  3. Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: breaking ECDSA with less than one bit of nonce leakage. In: Ligatti, L., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 225–242. ACM Press, November 2020

    Google Scholar 

  4. Barthelemy, L.: Toward an asymmetric white-box proposal. Cryptology ePrint Archive, Report 2020/893 (2020). https://eprint.iacr.org/2020/893

  5. Bellcore. New Threat Model Breaks Crypto Codes. Press Release, September 1996

    Google Scholar 

  6. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8

    Chapter  Google Scholar 

  7. Billet, O., Gilbert, H.: A Traceable block cipher. In: Laih, C.-S. (ed.) ASIACRYPT 2003, vol. 2894, LNCS, pp. 331–346. Springer, Heidelberg, November/December 2003

    Google Scholar 

  8. Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30564-4_16

    Chapter  Google Scholar 

  9. Bockes, M.: White-box ECC implementation. Patent WO2020192968A1 (2020)

    Google Scholar 

  10. Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_11

    Chapter  Google Scholar 

  11. Breitner, J., Heninger, J.: Biased nonce sense: lattice attacks against weak ECDSA signatures in cryptocurrencies. In: Goldberg, I., Moore, T. (eds.) FC 2019, vol. 11598, LNCS, pp. 3–20. Springer, Heidelberg, February 2019

    Google Scholar 

  12. Brier, É., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45664-3_24

    Chapter  Google Scholar 

  13. Bringer, J., Chabanne, H., Dottax, H.: White box cryptography: another attempt. cryptology ePrint Archive, Report 2006/468 (2006). https://eprint.iacr.org/2006/468

  14. Casteigts, A.: White-Box Elliptic Curve Diffie-Hellman (2011). https://www.labri.fr/perso/acasteig/files/ecdh-report.pdf

  15. Cavallo, R., Di Crescenzo, G., Kahrobaei, D., Shpilrain, V.: Efficient and secure delegation of group exponentiation to a single server. Cryptology ePrint Archive, Report 2015/206 (2015). https://eprint.iacr.org/2015/206

  16. Chabanne, H., Prouff, E.: Method for electronic signing of a document with a predetermined secret key. Patent FR3063857A1 (2018)

    Google Scholar 

  17. CHES 2017: Capture the Flag Challenge - The WhibOx Contest - An ECRYPT White-Box Cryptography Competition. https://whibox-contest.github.io/2017/

  18. CHES 2019: Capture the Flag Challenge - The WhibOx Contest Edition 2. https://whibox-contest.github.io/2019/

  19. CHES 2021 Challenge - WhibOx Contest. https://whibox.io/contests/2021/

  20. Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_1

    Chapter  Google Scholar 

  21. Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_17

    Chapter  MATH  Google Scholar 

  22. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25

    Chapter  Google Scholar 

  23. CryptoExperts SAS. White-Box Cryptography. https://www.cryptoexperts.com/technologies/white-box/

  24. De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3

    Chapter  Google Scholar 

  25. De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_3

    Chapter  Google Scholar 

  26. Delerablée, C., Lepoint, T., Paillier, P., Rivain, P.: White-box security notions for symmetric encryption schemes. Cryptology ePrint Archive, Report 2013/523, 2013. https://eprint.iacr.org/2013/523

  27. Digital.ai. Application Protection. https://digital.ai/application-protection

  28. Dottax, E.: Fault Attacks on NESSIE Signature and Identification Schemes. Technical report, NESSIE, October 2002. https://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/SideChan_1.pdf

  29. Feng, Q., He, D., Wang, H., Kumar, N., Choo, K.-K. R.: White-box implementation of Shamirs identity-based signature scheme. IEEE Syst. J. 14, 1820–1829 (2019)

    Google Scholar 

  30. Fersch, M., Kiltz, E., Poettering, B.: On the provable security of (EC)DSA signatures. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016)

    Google Scholar 

  31. FIPS PUB 186–4. Digital Signature Standard. National Institute of Standards and Technology, July 2013

    Google Scholar 

  32. Giraud, C., Knudsen, E.W.: Fault attacks on signature schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 478–491. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_41

    Chapter  Google Scholar 

  33. Giraud, C., Thiebeauld, H.: A survey on fault attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte,Y., Kalam, A.E. (eds.) Smart Card Research and Advanced Applications VI (CARDIS 2004), pp. 159–176. Kluwer Academic Publishers (2004)

    Google Scholar 

  34. Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_18

    Chapter  Google Scholar 

  35. Gouget, A., Vacek, J.: Method for generating a digital signature of an input message. Patent EP3709561A1 (2020)

    Google Scholar 

  36. intertrust. whiteCryption Secure Key Box. https://www.intertrust.com/products/application-protection/secure-key-box/

  37. Irdeto. Cloakware. https://irdeto.com/whitebox-cryptography/

  38. Jancar, J., Sedlacek, V., Svenda, P., Sys, M.: Minerva: the curse of ECDSA nonces. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 281–308 (2020). https://tches.iacr.org/index.php/TCHES/article/view/8684

  39. JORF n0241. Avis relatif aux paramètres de courbes elliptiques définis par l’État français, October 16 2011

    Google Scholar 

  40. Joye, M.: Protecting ECC against fault attacks: the ring extension method revisited. J. Math. Cryptol. 14(1), 254–267 (2020)

    Article  MathSciNet  Google Scholar 

  41. Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography — an algebraic approach —. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_31

    Chapter  Google Scholar 

  42. Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24209-0_19

    Chapter  Google Scholar 

  43. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Chapter  Google Scholar 

  44. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  45. T. Lepoint, M. Rivain, Y. De Mulder, P. Roelse, and B. Preneel. Two Attacks on a White-Box AES Implementation. In T. Lange, K. Lauter, and P. Lisonek, editors, SAC 2013, volume 8282 of LNCS, pages 265–285. Springer, Heidelberg, Aug. 2014

    Google Scholar 

  46. Lochter, M.: RFC 5639: ECC Brainpool Standard Curves and Curve Generation (2010). https://tools.ietf.org/pdf/rfc5639.pdf

  47. Lomné, V., Roche, T.: A side journey to Titan (2021). https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

  48. Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_27

    Chapter  Google Scholar 

  49. Muir, J., Sui, J., Murdock, D., Eisen, P.: System and method for protecting cryptographic assets from a white-box attack. Patent CA2792787C (2015)

    Google Scholar 

  50. PACE Anti-Piracy Inc., White-Box Works. https://www.paceap.com/white-box_cryptography.html

  51. Paillier, P.: Public-key cryptosystems based on composite degree Residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16

    Chapter  Google Scholar 

  52. Quarkslab. Quarks Keys Protect. https://quarkslab.com/quarks-appshield-keys-protect/

  53. Rietman, R., De Hoogh, S.R.: Elliptic curve point multiplication device and method for signing a message in a white-box context. Patent US020200119918A1 (2020)

    Google Scholar 

  54. Rivain, M.: Fast and regular algorithms for scalar multiplication over elliptic curves. Cryptology ePrint Archive, Report 2011/338 (2011). https://eprint.iacr.org/2011/338

  55. Saxena, A., Wyseur, B., Preneel, B.: Towards security notions for white-box cryptography. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 49–58. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_4

    Chapter  MATH  Google Scholar 

  56. Servant, V., Chabanne, H., Prouff, E.: Method for electronic signing of a document with a predetermined secret key. Patent FR3066845B1 (2018)

    Google Scholar 

  57. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks . Patent US005991415A (1999)

    Google Scholar 

  58. Standards for Efficient Cryptography Group (SECG). SEC 2 Ver 2.0 : Recommended Elliptic Curve Domain Parameters. Certicom Research, January 27, 2010

    Google Scholar 

  59. Thales. Sentinel Portfolio. https://cpl.thalesgroup.com/software-monetization/white-box-cryptography

  60. Vanstone, S.: Responses to NIST’s proposal. Commun. ACM 35, 50–52 (1992)

    Article  Google Scholar 

  61. Vaudenay, S.: The security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_23

    Chapter  Google Scholar 

  62. Verimatrix. Whitebox Designer. https://www.verimatrix.com/products/whitebox/

  63. Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_17

    Chapter  Google Scholar 

  64. Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: 2nd International Conference on Computer Science and its Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

  65. Zhang, Y., He, D., Huang, X., Wang, D., Choo, K.-K. R., Wang, J.: White-Box implementation of the identity-based signature scheme in the IEEE P1363 standard for public key cryptography. IEICE Trans. Inf. Syst. E103.D(2),188–195 (2020)

    Google Scholar 

  66. Zhou, J., Bai, J., Jiang, M.S.: White-box implementation of ECDSA based on the cloud plus side mode. Secur. Commun. Netw. 2020, 8881116:1–8881116:10 (2020)

    Google Scholar 

Download references

Acknowledgements

We would like to thank Hervé Chabanne for pointing out patents, and Guillaume Barbu, Laurent Castelnovi, Thomas Chabrier, Sarah Lopez, Nathan Reboud and Stphane Schneider for helpful comments on the preliminary version of this article.

Author information

Authors and Affiliations

  1. IDEMIA, Cryptography and Security Labs, Pessac, France

    Emmanuelle Dottax, Christophe Giraud & Agathe Houzelot

Authors
  1. Emmanuelle Dottax
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christophe Giraud
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Agathe Houzelot
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Agathe Houzelot .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

  2. Siemens AG, Munich, Germany

    Fabrizio De Santis

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dottax, E., Giraud, C., Houzelot, A. (2021). White-Box ECDSA: Challenges and Existing Solutions. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89915-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89914-1

  • Online ISBN: 978-3-030-89915-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation