Attacking White-box AES Constructions

Work with Brendan McMillion.

A white-box implementation of the Advanced Encryption Standard (AES) is a software implementation which aims to prevent recovery of the block cipher’s master secret key. This paper refines the design criteria for white-box AES constructions by describing new attacks on past proposals which are conceptually very simple and introduces a new family of white-box AES constructions. Our attacks have a decomposition phase, followed by a disambiguation phase. The decomposition phase applies an SASAS-style cryptanalysis to convert the implementation into a simpler form, while the disambiguation phase converts the simpler form into a unique canonical form. It’s then trivial to recover the master secret key of the implementation from its canonical form. We move on to discuss the hardness of SPN disambiguation as a problem on its own, and how to construct white-boxes from it. Implementations of all described attacks and constructions are provided on GitHub at

SPRO 2016
October 28, 2016