×

White-box cryptography: don’t forget about grey-box attacks. (English) Zbl 1435.94121

Summary: Despite the fact that all current scientific white-box approaches of standardized cryptographic primitives have been publicly broken, these attacks require knowledge of the internal data representation used by the implementation. In practice, the level of implementation knowledge required is only attainable through significant reverse-engineering efforts. In this paper, we describe new approaches to assess the security of white-box implementations which require neither knowledge about the look-up tables used nor expensive reverse-engineering efforts. We introduce the differential computation analysis (DCA) attack which is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. Similarly, the differential fault analysis (DFA) attack is the software counterpart of fault injection attacks on cryptographic hardware. For DCA, we developed plugins to widely available dynamic binary instrumentation (DBI) frameworks to produce software execution traces which contain information about the memory addresses being accessed. For the DFA attack, we developed modified emulators and plugins for DBI frameworks that allow injecting faults at selected moments within the execution of the encryption or decryption process as well as a framework to automate static fault injection. To illustrate the effectiveness, we show how DCA and DFA can extract the secret key from numerous publicly available non-commercial white-box implementations of standardized cryptographic algorithms. These approaches allow one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated or semi-automated manner.

MSC:

94A60 Cryptography

Software:

Valgrind; QEMU
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Advanced Encryption Standard (AES). National Institute of Standards and Technology (NIST), FIPS PUB 197, U.S. Department of Commerce (Nov. 2001)
[2] A. Aghaie, A. Moradi, S. Rasoolzadeh, F. Schellenberg, T. Schneider, Impeccable circuits. Cryptology ePrint Archive, Report 2018/203 (2018). https://eprint.iacr.org/2018/203.pdf
[3] B. Amstadt, M.K. Johnson, Wine. Linux J., 1994(4) (August 1994)
[4] C.H. Baek, J.H. Cheon, H. Hong, Analytic toolbox for white-box implementations: limitation and perspectives. Cryptology ePrint Archive, Report 2014/688 (2014). http://eprint.iacr.org/2014/688
[5] Barak, Boaz; Garg, Sanjam; Kalai, Yael Tauman; Paneth, Omer; Sahai, Amit, Protecting Obfuscation against Algebraic Attacks, Advances in Cryptology - EUROCRYPT 2014, 221-238 (2014), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1332.94055 · doi:10.1007/978-3-642-55220-5_13
[6] Barak, Boaz; Goldreich, Oded; Impagliazzo, Rusell; Rudich, Steven; Sahai, Amit; Vadhan, Salil; Yang, Ke, On the (Im)possibility of Obfuscating Programs, Advances in Cryptology — CRYPTO 2001, 1-18 (2001), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1001.68511
[7] Barenghi, Alessandro; Bertoni, Guido M.; Breveglieri, Luca; Pelliccioli, Mauro; Pelosi, Gerardo, Injection Technologies for Fault Attacks on Microprocessors, Information Security and Cryptography, 275-293 (2012), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg
[8] A. Barenghi, L. Breveglieri, I. Koren, D. Naccache, Fault injection attacks on cryptographic devices: theory, practice, and countermeasures, in Proceedings of the IEEE. IEEE, vol. 100 (2012), pp. 3056-3076
[9] J.-B. Bédrune, Hack.lu 2009 reverse challenge 1. Online (2009). http://2009.hack.lu/index.php/ReverseChallenge
[10] F. Bellard, QEMU, a fast and portable dynamic translator, in USENIX Annual Technical Conference, FREENIX Track (2005), pp. 41-46
[11] Berzati, Alexandre; Canovas-Dumas, Cécile; Goubin, Louis, A Survey of Differential Fault Analysis Against Classical RSA Implementations, Information Security and Cryptography, 111-124 (2012), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1267.94039
[12] S. Bhatkar, D. C. DuVarney, R. Sekar, Address obfuscation: an efficient approach to combat a broad range of memory error exploits, in Proceedings of the 12th USENIX Security Symposium. USENIX Association (2003)
[13] Biehl, Ingrid; Meyer, Bernd; Müller, Volker, Differential Fault Attacks on Elliptic Curve Cryptosystems, Advances in Cryptology — CRYPTO 2000, 131-146 (2000), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 0989.94505 · doi:10.1007/3-540-44598-6_8
[14] E. Biham, A. Shamir, Differential cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, in J. Feigenbaum, editor, CRYPTO’91. LNCS, vol. 576 (Springer, Heidelberg, Santa Barbara, CA, USA, Germany, Aug. 11-15, 1992), pp. 156-171 · Zbl 0825.94200
[15] E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in B.S. Kaliski Jr., editor, CRYPTO’97. LNCS, vol. 1294 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 17-21, 1997), pp. 513-525 · Zbl 0886.94010
[16] Billet, Olivier; Gilbert, Henri, A Traceable Block Cipher, Advances in Cryptology - ASIACRYPT 2003, 331-346 (2003), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1205.94074 · doi:10.1007/978-3-540-40061-5_21
[17] Billet, Olivier; Gilbert, Henri; Ech-Chatbi, Charaf, Cryptanalysis of a White Box AES Implementation, Selected Areas in Cryptography, 227-240 (2004), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1117.94310 · doi:10.1007/978-3-540-30564-4_16
[18] Biryukov, Alex; Bouillaguet, Charles; Khovratovich, Dmitry, Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract), Lecture Notes in Computer Science, 63-84 (2014), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1306.94030
[19] Biryukov, Alex; De Cannière, Christophe; Braeken, An; Preneel, Bart, A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms, Lecture Notes in Computer Science, 33-50 (2003), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1038.94521
[20] D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in W. Fumy, editor, EUROCRYPT’97. LNCS, vol. 1233 (Springer, Heidelberg, Germany, Konstanz, Germany, May 11-15, 1997), pp. 37-51
[21] Brakerski, Zvika; Rothblum, Guy N., Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding, Theory of Cryptography, 1-25 (2014), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1310.94134
[22] C.-B. Breunesse, I. Kizhvatov, R. Muijrers, A. Spruyt, Towards fully automated analysis of whiteboxes: perfect dimensionality reduction for perfect leakage. Cryptology ePrint Archive, Report 2018/095 (2018). http://eprint.iacr.org/
[23] Brier, Eric; Clavier, Christophe; Olivier, Francis, Correlation Power Analysis with a Leakage Model, Lecture Notes in Computer Science, 16-29 (2004), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1104.68467
[24] J. Bringer, H. Chabanne, E. Dottax, White box cryptography: another attempt. Cryptology ePrint Archive, Report 2006/468 (2006). http://eprint.iacr.org/2006/468
[25] S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in M.J. Wiener, editor, CRYPTO’99. LNCS, vol. 1666 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 15-19, 1999), pp. 398-412 · Zbl 0942.68045
[26] S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in B. S. Kaliski Jr., Çetin Kaya. Koç, and C. Paar, editors, CHES 2002. LNCS, vol. 2523 (Springer, Heidelberg, Germany, Redwood Shores, CA, USA, Aug. 13-15, 2003), pp. 13-28 · Zbl 1019.68541
[27] Chow, Stanley; Eisen, Philip; Johnson, Harold; Van Oorschot, Paul C., White-Box Cryptography and an AES Implementation, Selected Areas in Cryptography, 250-270 (2003), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1027.68595 · doi:10.1007/3-540-36492-7_17
[28] S. Chow, P.A. Eisen, H. Johnson, P. C. van Oorschot, A white-box DES implementation for DRM applications, in J. Feigenbaum, editor, Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002. LNCS, vol. 2696 (Springer, 2003), pp. 1-15 · Zbl 1327.94037
[29] Coron, Jean-Sébastien; Prouff, Emmanuel; Rivain, Matthieu; Roche, Thomas, Higher-Order Side Channel Security and Mask Refreshing, Fast Software Encryption, 410-424 (2014), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1321.94052 · doi:10.1007/978-3-662-43933-3_21
[30] J. Daemen, V. Rijmen, The design of Rijndael: AES—the Advanced Encryption Standard (Springer, 2002) · Zbl 1065.94005
[31] Y. de Mulder, White-Box Cryptography: Analysis of White-Box AES Implementations. PhD thesis, KU Leuven (2014)
[32] Delerablée, Cécile; Lepoint, Tancrède; Paillier, Pascal; Rivain, Matthieu, White-Box Security Notions for Symmetric Encryption Schemes, Selected Areas in Cryptography – SAC 2013, 247-264 (2014), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1339.94040 · doi:10.1007/978-3-662-43414-7_13
[33] P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on AES, in J. Zhou, M. Yung, and Y. Han, editors, ACNS 03. LNCS, vol. 2846 (Springer, Heidelberg, Germany, Kunming, China, Oct. 16-19, 2003), pp. 293-306 · Zbl 1131.94313
[34] P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on A.E.S., in J. Zhou, M. Yung, and Y. Han, editors, ACNS 2003. Lecture Notes in Computer Science, vol. 2846 (Springer, 2003), pp. 293-306. · Zbl 1131.94313
[35] F. Falco, N. Riva, Dynamic binary instrumentation frameworks: I know you’re there spying on me. REcon (2012). http://recon.cx/2012/schedule/events/216.en.html
[36] S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS. IEEE Computer Society (2013), pp 40-49 · Zbl 1348.94048
[37] L. Goubin, J.-M. Masereel, M. Quisquater, Cryptanalysis of white box DES implementations, in C.M. Adams, A. Miri, and M.J. Wiener, editors, SAC 2007. LNCS, vol. 4876 (Springer, Heidelberg, Germany, Ottawa, Canada, Aug. 16-17, 2007), pp. 278-295 · Zbl 1154.94390
[38] Goubin, Louis; Patarin, Jacques, DES and Differential Power Analysis The “Duplication” Method, Cryptographic Hardware and Embedded Systems, 158-172 (1999), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 0955.94011 · doi:10.1007/3-540-48059-5_15
[39] Y. Huang, F.S. Ho, H. Tsai, H.M. Kao, A control flow obfuscation method to discourage malicious tampering of software codes, in F. Lin, D. Lee, B.P. Lin, S. Shieh, and S. Jajodia, editors, Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2006. ACM (2006), p. 362
[40] M. Jacob, D. Boneh, E.W. Felten, Attacking an obfuscated cipher by injecting faults, in J. Feigenbaum, editor, Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, November 18, 2002, Revised Papers. LNCS, vol. 2696 (Springer, 2003), pp. 16-31 · Zbl 1327.94054
[41] M. Jakobsson, M.K. Reiter, Discouraging software piracy using software aging, in T. Sander, editor, Security and Privacy in Digital Rights Management, ACM CCS-8 Workshop DRM 2001. LNCS, vol. 2320 (Springer, 2002), pp. 1-12 · Zbl 1048.68787
[42] Joye, Marc; Tunstall, Michael, Fault Analysis in Cryptography (2012), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1250.94006
[43] M. Karroumi, Protecting white-box AES with dual ciphers, in K.H. Rhee and D. Nyang, editors, ICISC 10. LNCS, vol. 6829 (Springer, Heidelberg, Germany, Seoul, Korea, Dec. 1-3, 2011), pp. 278-291 · Zbl 1297.94078
[44] C.H. Kim, J. Quisquater, New differential fault analysis on AES key schedule: two faults are enough, in G. Grimaud and F. Standaert, editors, CARDIS 2008. Lecture Notes in Computer Science, vol. 5189 (Springer, 2008), pp. 48-60
[45] J. Kirsch, Towards transparent dynamic binary instrumentation using virtual machine introspection. REcon. (2015). https://recon.cx/2015/schedule/events/20.html
[46] J. Klemsa, Side-Channel Attack Analysis of AES White-Box Schemes. PhD thesis, Czech Technical University in Prague (2016)
[47] D. Klinec, White-box attack resistant cryptography. Master’s thesis, Masaryk University, Brno, Czech Republic (2013). https://is.muni.cz/th/325219/fi_m/
[48] Kocher, P.; Jaffe, J.; Jun, B.; Rohatgi, P., Introduction to differential power analysis, J. Cryptogr. Eng., 1, 1, 5-27 (2011) · doi:10.1007/s13389-011-0006-y
[49] P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in M.J. Wiener, editor, CRYPTO’99, LNCS, vol. 1666 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 15-19, 1999), pp. 388-397 · Zbl 0942.94501
[50] Lepoint, Tancrède; Rivain, Matthieu; De Mulder, Yoni; Roelse, Peter; Preneel, Bart, Two Attacks on a White-Box AES Implementation, Selected Areas in Cryptography – SAC 2013, 265-285 (2014), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1339.94051 · doi:10.1007/978-3-662-43414-7_14
[51] X. Li, K. Li, Defeating the transparency features of dynamic binary instrumentation. BlackHat US (2014). https://www.blackhat.com/docs/us-14/materials/us-14-Li-Defeating-The-Transparency-Feature-Of-DBI.pdf
[52] Li, Yang; Sakiyama, Kazuo; Gomisawa, Shigeto; Fukunaga, Toshinori; Takahashi, Junko; Ohta, Kazuo, Fault Sensitivity Analysis, Cryptographic Hardware and Embedded Systems, CHES 2010, 320-334 (2010), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · doi:10.1007/978-3-642-15031-9_22
[53] H.E. Link, W.D. Neumann, Clarifying obfuscation: improving the security of white-box DES, in International Symposium on Information Technology: Coding and Computing (ITCC 2005). IEEE Computer Society (2005), pp. 679-684
[54] C. Linn, S.K. Debray. Obfuscation of executable code to improve resistance to static disassembly, in S. Jajodia, V. Atluri, and T. Jaeger, editors, Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003. ACM (2003), pp. 290-299
[55] Luk, Chi-Keung; Cohn, Robert; Muth, Robert; Patil, Harish; Klauser, Artur; Lowney, Geoff; Wallace, Steven; Reddi, Vijay Janapa; Hazelwood, Kim, Pin, ACM SIGPLAN Notices, 40, 6, 190 (2005) · doi:10.1145/1064978.1065034
[56] A. Maillet, Nosuchcon 2013 challenge—write up and methodology. Online (2013). http://kutioo.blogspot.be/2013/05/nosuchcon-2013-challenge-write-up-and.html
[57] Mangard, S.; Oswald, E.; Standaert, F., One for all - all for one: unifying standard differential power analysis attacks, IET Inf. Secur., 5, 2, 100-110 (2011) · doi:10.1049/iet-ifs.2010.0096
[58] F. Marceau, F. Perigaud, A. Tillequin, Challenge SSTIC 2012. Online (2012). http://communaute.sstic.org/ChallengeSSTIC2012
[59] E. Alpirez Bock, C. Brzuska, W. Michiels, A. Treff, On the ineffectiveness of internal encodings—revisiting the dca attack on white-box cryptography. Cryptology ePrint Archive, Report 2018/301 (2018). https://eprint.iacr.org/2018/301.pdf · Zbl 1440.94025
[60] T.S. Messerges, Using second-order power analysis to attack DPA resistant software, in Çetin Kaya. Koç and C. Paar, editors, CHES 2000. LNCS, vol. 1965 (Springer, Heidelberg, Germany, Worcester, Massachusetts, USA, Aug. 17-18, 2000), pp. 238-251 · Zbl 0998.94538
[61] Michiels, W., Opportunities in white-box cryptography, IEEE Secur. Priv., 8, 1, 64-67 (2010) · doi:10.1109/MSP.2010.44
[62] W. Michiels, P. Gorissen, Mechanism for software tamper resistance: an application of white-box cryptography, in M. Yung, A. Kiayias, and A. Sadeghi, editors, Proceedings of the Seventh ACM Workshop on Digital Rights Management. ACM (2007), pp. 82-89
[63] Michiels, Wil; Gorissen, Paul; Hollmann, Henk D. L., Cryptanalysis of a Generic Class of White-Box Implementations, Selected Areas in Cryptography, 414-428 (2009), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1256.94058 · doi:10.1007/978-3-642-04159-4_27
[64] Moradi, Amir; Mischke, Oliver; Paar, Christof; Li, Yang; Ohta, Kazuo; Sakiyama, Kazuo, On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting, Cryptographic Hardware and Embedded Systems - CHES 2011, 292-311 (2011), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · doi:10.1007/978-3-642-23951-9_20
[65] C. Mougey, F. Gabriel, Désobfuscation de DRM par attaques auxiliaires, in Symposium sur la sécurité des technologies de l’information et des communications (2014). www.sstic.org/2014/presentation/dsobfuscation_de_drm_par_attaques_auxiliaires
[66] Muir, James A., A Tutorial on White-Box AES, Mathematics in Industry, 209-229 (2012), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg
[67] Y.D. Mulder, P. Roelse, B. Preneel, Cryptanalysis of the Xiao-Lai white-box AES implementation, in L.R. Knudsen and H. Wu, editors, SAC 2012. LNCS, vol. 7707 (Springer, Heidelberg, Germany, Windsor, Ontario, Canada, Aug. 15-16, 2013), pp. 34-49 · Zbl 1327.94081
[68] Y.D. Mulder, B. Wyseur, B. Preneel, Cryptanalysis of a perturbated white-box AES implementation, in G. Gong and K. C. Gupta, editors, INDOCRYPT 2010. LNCS, vol. 6498 (Springer, Heidelberg, Germany, Hyderabad, India, Dec. 12-15, 2010), pp. 292-310 · Zbl 1294.94040
[69] Nethercote, Nicholas; Seward, Julian, Valgrind, ACM SIGPLAN Notices, 42, 6, 89 (2007) · doi:10.1145/1273442.1250746
[70] S. Nikova, C. Rechberger, V. Rijmen, Threshold implementations against side-channel attacks and glitches, in P. Ning, S. Qing, and N. Li, editors, Information and Communications Security, ICICS. LNCS, vol. 4307 (Springer, 2006), pp. 529-545 · Zbl 1239.94058
[71] J. Patarin, L. Goubin, Asymmetric cryptography with S-boxes, in Y. Han, T. Okamoto, and S. Qing, editors, ICICS 97. LNCS, vol. 1334 (Springer, Heidelberg, Germany, Beijing, China, Nov. 11-14, 1997), pp. 369-380 · Zbl 0903.94032
[72] Piret, Gilles; Quisquater, Jean-Jacques, A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad, Lecture Notes in Computer Science, 77-88 (2003), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1274.94107
[73] Polla, ML; Martinelli, F.; Sgandurra, D., A survey on security for mobile devices, IEEE Commun. Surv. Tutor., 15, 1, 446-471 (2013) · doi:10.1109/SURV.2012.013012.00028
[74] Rivain, Matthieu, Differential Fault Analysis of DES, Information Security and Cryptography, 37-54 (2012), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1267.94092
[75] Sasdrich, Pascal; Moradi, Amir; Güneysu, Tim, White-Box Cryptography in the Gray Box, Fast Software Encryption, 185-203 (2016), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1387.94099 · doi:10.1007/978-3-662-52993-5_10
[76] Saxena, Amitabh; Wyseur, Brecht; Preneel, Bart, Towards Security Notions for White-Box Cryptography, Lecture Notes in Computer Science, 49-58 (2009), Berlin, Heidelberg: Springer Berlin Heidelberg, Berlin, Heidelberg · Zbl 1307.94096
[77] F. Scrinzi, Behavioral analysis of obfuscated code. Master’s thesis, University of Twente, Twente, Netherlands (2015). http://essay.utwente.nl/67522/1/Scrinzi_MA_SCS.pdf.
[78] A. Souchet, AES whitebox unboxing: no such problem. Online (2013). http://0vercl0k.tuxfamily.org/bl0g/?p=253
[79] SysK, Practical cracking of white-box implementations. Phrack 68, 14. http://www.phrack.org/issues/68/8.html
[80] P. Teuwen, CHES2015 writeup. Online (2015). http://wiki.yobi.be/wiki/CHES2015_Writeup#Challenge_4
[81] P. Teuwen, NSC writeups. Online (2015). http://wiki.yobi.be/wiki/NSC_Writeups
[82] L. Tolhuizen, Improved cryptanalysis of an AES implementation, in Proceedings of the 33rd WIC Symposium on Information Theory. Werkgemeenschap voor Inform.-en Communicatietheorie (2012)
[83] M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in C.A. Ardagna and J. Zhou, editors, WISTP 2011. Lecture Notes in Computer Science, vol. 6633. (Springer, 2011), pp. 224-233
[84] U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology. Data Encryption Standard (DES)
[85] E. Vanderbéken, Hacklu reverse challenge write-up. Online (2009). http://baboon.rce.free.fr/index.php?post/2009/11/20/HackLu-Reverse-Challenge
[86] B. Wyseur, W. Michiels, P. Gorissen, B. Preneel, Cryptanalysis of white-box DES implementations with arbitrary external encodings, in C.M. Adams, A. Miri, and M.J. Wiener, editors, SAC 2007. LNCS, vol. 4876 (Springer, Heidelberg, Germany, Ottawa, Canada Aug. 16-17, 2007), pp. 264-277 · Zbl 1154.94440
[87] Y. Xiao, X. Lai, A secure implementation of white-box AES, in 2nd International Conference on Computer Science and its Applications, 2009. CSA ’09 (2009), pp. 1-6
[88] Y. Zhou, S. Chow, System and method of hiding cryptographic private keys (Dec. 15 2009). US Patent 7,634,091
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.