White-Box Cryptography: Analysis of White-Box AES Implementations (White-Box Cryptografie: Analyse van White-Box AES implementaties)

Cryptographic algorithms are designed to protect data or communication in the presence of an attacker. If these algorithms make use of a secret key, then their security relies on the secrecy of the key. Hence, the primary objective of an attacker typically is to extract the key. In a traditional black-box environment, the attacker has only access to the inputs and outputs of a cryptographic algorithm. However, due to the increasing demand to deploy strong cryptographic algorithms within software applications that are executed on untrusted open platforms owned and controlled by a possibly malicious party, the black-box environment becomes inadequate. Therefore, a new realistic white-box environment is introduced in which an attacker has complete access to a software implementation of a cryptographic algorithm and furthermore has full control over its execution environment. Real-world examples of a white-box environment can be found in digital content protection systems such as Digital Rights Management or Pay-TV systems, where key-instantiated cryptographic algorithms are implemented on e.g. a smartphone, tablet or set-top box. The extraction of the secret key would compromise the content protection.White-box cryptography aims to protect the confidentiality of the secret key of a cryptographic algorithm in a white-box environment. It is a technique to construct software implementations of a cryptographic algorithm that are sufficiently secure against a white-box attacker. In the academic literature, the focus has been mainly on the design of white-box implementations of block ciphers, an important subclass of symmetric-key cryptographic algorithms. In 2002, Chow, Eisen, Johnson and van Oorschot proposed the first published white-box implementation of the Advanced Encryption Standard (AES), one of the most prominent block ciphers at this time. However, two years later, Billet, Gilbert and Ech-Chatbi presented an efficient attack on this implementation, which motivated the design of three new white-box AES implementations offering more resistance against key extraction: the ones by Bringer, Chabanne and Dottax in 2006, by Xiao and Lai in 2009 and by Karroumi in 2010.This doctoral thesis covers the design and analysis of white-box implementations of block ciphers, where the main contributions address the analysis of white-box AES implementations. Starting from the initial improvement of Billet et al. s attack proposed by Tolhuizen in 2012, we present several a