ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge
Despite the growing demand for software implementations of ECDSA secure against attackers with full control of the execution environment, scientific literature on ECDSA white-box design is scarce. The CHES 2021 WhibOx contest was thus held to assess the state-of-the-art and encourage relevant pract...
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2022-08-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9830 |
| _version_ | 1797690108696068096 |
|---|---|
| author | Guillaume Barbu Ward Beullens Emmanuelle Dottax Christophe Giraud Agathe Houzelot Chaoyun Li Mohammad Mahzoun Adrián Ranea Jianrui Xie |
| author_facet | Guillaume Barbu Ward Beullens Emmanuelle Dottax Christophe Giraud Agathe Houzelot Chaoyun Li Mohammad Mahzoun Adrián Ranea Jianrui Xie |
| author_sort | Guillaume Barbu |
| collection | DOAJ |
| description |
Despite the growing demand for software implementations of ECDSA secure against attackers with full control of the execution environment, scientific literature on ECDSA white-box design is scarce. The CHES 2021 WhibOx contest was thus held to assess the state-of-the-art and encourage relevant practical research, inviting developers to submit ECDSA white-box implementations and attackers to break the corresponding submissions.
In this work, attackers (team TheRealIdefix) and designers (team zerokey) join to describe several attack techniques and designs used during this contest. We explain the methods used by the team TheRealIdefix, which broke the most challenges, and we show the efficiency of each of these methods against all the submitted implementations. Moreover, we describe the designs of the two winning challenges submitted by the team zerokey; these designs represent the ECDSA signature algorithm by a sequence of systems of low-degree equations, which are obfuscated with affine encodings and extra random variables and equations.
The WhibOx contest has shown that securing ECDSA in the white-box model is an open and challenging problem, as no implementation survived more than two days. In this context, our designs provide a starting methodology for further research, and our attacks highlight the weak points future work should address.
|
| first_indexed | 2024-03-12T01:54:49Z |
| format | Article |
| id | doaj.art-fc31da682f684074b35f7d2e1ae9a5d7 |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-03-12T01:54:49Z |
| publishDate | 2022-08-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-fc31da682f684074b35f7d2e1ae9a5d72023-09-08T07:01:09ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252022-08-012022410.46586/tches.v2022.i4.527-552ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 ChallengeGuillaume Barbu0Ward Beullens1Emmanuelle Dottax2Christophe Giraud3Agathe Houzelot4Chaoyun Li5Mohammad Mahzoun6Adrián Ranea7Jianrui Xie8IDEMIA, Cryptography & Security Labs, Pessac, FranceIBM Research, Zurich, SwitzerlandIDEMIA, Cryptography & Security Labs, Pessac, FranceIDEMIA, Cryptography & Security Labs, Pessac, FranceIDEMIA, Cryptography & Security Labs, Pessac, France; LaBRI, CNRS, Université de Bordeaux, Bordeaux, Franceimec-COSIC, KU Leuven, Leuven, BelgiumEindhoven University of Technology, Eindhoven, Netherlandsimec-COSIC, KU Leuven, Leuven, Belgiumimec-COSIC, KU Leuven, Leuven, Belgium Despite the growing demand for software implementations of ECDSA secure against attackers with full control of the execution environment, scientific literature on ECDSA white-box design is scarce. The CHES 2021 WhibOx contest was thus held to assess the state-of-the-art and encourage relevant practical research, inviting developers to submit ECDSA white-box implementations and attackers to break the corresponding submissions. In this work, attackers (team TheRealIdefix) and designers (team zerokey) join to describe several attack techniques and designs used during this contest. We explain the methods used by the team TheRealIdefix, which broke the most challenges, and we show the efficiency of each of these methods against all the submitted implementations. Moreover, we describe the designs of the two winning challenges submitted by the team zerokey; these designs represent the ECDSA signature algorithm by a sequence of systems of low-degree equations, which are obfuscated with affine encodings and extra random variables and equations. The WhibOx contest has shown that securing ECDSA in the white-box model is an open and challenging problem, as no implementation survived more than two days. In this context, our designs provide a starting methodology for further research, and our attacks highlight the weak points future work should address. https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9830ECDSAWhite-Box CryptographyWhibOx Contest |
| spellingShingle | Guillaume Barbu Ward Beullens Emmanuelle Dottax Christophe Giraud Agathe Houzelot Chaoyun Li Mohammad Mahzoun Adrián Ranea Jianrui Xie ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge Transactions on Cryptographic Hardware and Embedded Systems ECDSA White-Box Cryptography WhibOx Contest |
| title | ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge |
| title_full | ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge |
| title_fullStr | ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge |
| title_full_unstemmed | ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge |
| title_short | ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge |
| title_sort | ecdsa white box implementations attacks and designs from ches 2021 challenge |
| topic | ECDSA White-Box Cryptography WhibOx Contest |
| url | https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9830 |
| work_keys_str_mv | AT guillaumebarbu ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT wardbeullens ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT emmanuelledottax ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT christophegiraud ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT agathehouzelot ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT chaoyunli ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT mohammadmahzoun ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT adrianranea ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge AT jianruixie ecdsawhiteboximplementationsattacksanddesignsfromches2021challenge |