Research On Differential Statistical Analysis On White-box AES

Some encryption environments cannot ensure security by sealing keys into hardware devices.Therefore white-box ciphers that rely on software protection to maintain the safety of keys are getting more and more attention.Chow proposed the concept of white-box cryptography and a white-box AES design scheme based on the Advanced Encryption Standard(AES);there has been continuous research on white-box AES.At the same time,the gradual superposition of various protection means of white-box cipher forces the attack scheme to become more and more complex,and the time consumed to complete the key extraction is also longer.Moreover,white-box cryptography,combined with standard updates of keys in the application,undoubtedly greatly influences the key’s analysis on the dimension of attack time.Our paper is based on the cryptanalysis scheme of Chow white-box AES,and we significantly reduce the workload of Cryptanalysis.The use of dynamic binary instrumentation to collect white-box encryption software traces is a vital preparation process for performing white-box cryptanalysis.This paper presents a combination of tailoring the encryption rounds and the intermediate value filtering algorithm to reduce the range of cryptanalysis from 100000 bytes to 122 bytes.It dramatically improves the efficiency of cryptanalysis.To improve the speed of white box cryptanalysis,we innovatively propose a differential statistical analysis method for white-box AES.This analysis method uses the median difference to offset mask and linear coding protection and finds the correct key from the non-linear coding protection by counting the number of output differential types.Using the characteristic of the AES intermediate value of the white box,the cryptanalysis for each acquisition track is implemented several times,which further improves the speed of cryptanalysis.We design software simulation experiments on PC to verify the effect of differential statistical analysis and compare it with other methods.For the unprotected white-box AES,256 software tracks in the plaintext are required for differential statistical analysis.The attack time is 1.857 seconds,at least 20%shorter than that of other common attacks.The differential statistical analysis to break the single-byte mask of Lee’s whitebox AES needs 256 times encryption of the plaintext,3072 times of output differential operation statistics,and 1.8740 seconds,and obtain the correct key successfully for 100%.Compared with other recent masked white-box AES attack schemes,the attack time is reduced by at least 24%.However,8-bit non-linear coding white-box AES sacrifices more query table space for a more substantial protective effect.Differential statistical analysis can stably complete cryptanalysis in 6.419 seconds when other attack schemes are challenging to conduct attacks.The experimental results show that the attack speed of differential statistical analysis has advantages over other methods and can better deal with the attack environment with more stringent attack time requirements.