LPN-based Attacks in the White-box Setting
Uloženo v:
| Název: | LPN-based Attacks in the White-box Setting |
|---|---|
| Autoři: | CHARLÈS, Alex, UDOVENKO, Aleksei |
| Přispěvatelé: | Interdisciplinary Centre for Security, Reliability and Trust (SnT) > CryptoLUX – Cryptography |
| Zdroj: | IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023 (4), 318 - 343 (2023-08-31) |
| Informace o vydavateli: | Ruhr-University of Bochum |
| Rok vydání: | 2023 |
| Sbírka: | University of Luxembourg: ORBilu - Open Repository and Bibliography |
| Témata: | Cryptanalysis, DCA, Dummy Shuffling, LDA, LPN, Masking, White-box Cryptography, Learning parity with noise, Linear decoding, Linear decoding analyse attack, Masking schemes, White-box cryptographies, Software, Engineering, computing & technology, Computer science, Ingénierie, informatique & technologie, Sciences informatiques |
| Popis: | peer reviewed ; In white-box cryptography, early protection techniques have fallen to the automated Differential Computation Analysis attack (DCA), leading to new countermeasures and attacks. A standard side-channel countermeasure, Ishai-Sahai-Wagner’s masking scheme (ISW, CRYPTO 2003) prevents Differential Computation Analysis but was shown to be vulnerable in the white-box context to the Linear Decoding Analysis attack (LDA). However, recent quadratic and cubic masking schemes by Biryukov-Udovenko (ASIACRYPT 2018) and Seker-Eisenbarth-Liskiewicz (CHES 2021) prevent LDA and force to use its higher-degree generalizations with much higher complexity. In this work, we study the relationship between the security of these and related schemes to the Learning Parity with Noise (LPN) problem and propose a new automated attack by applying an LPN-solving algorithm to white-box implementations. The attack effectively exploits strong linear approximations of the masking scheme and thus can be seen as a combination of the DCA and LDA techniques. Different from previous attacks, the complexity of this algorithm depends on the approximation error, henceforth allowing new practical attacks on masking schemes which previously resisted automated analysis. We demonstrate it theoretically and experimentally, exposing multiple cases where the LPN-based method significantly outperforms LDA and DCA methods, including their higher-order variants. This work applies the LPN problem beyond its usual post-quantum cryptography boundary, strengthening its interest for the cryptographic community, while expanding the range of automated attacks by presenting a new direction for breaking masking schemes in the white-box model. ; R-AGR-3748 - C19/IS/13641232/APLICA (01/09/2020 - 30/08/2022) - BIRYUKOV Alexei |
| Druh dokumentu: | article in journal/newspaper |
| Jazyk: | English |
| ISSN: | 2569-2925 |
| Relation: | https://tches.iacr.org/index.php/TCHES/article/download/11168/10607; FNR13641232 - Analysis And Protection Of Lightweight Cryptographic Algorithms, 2019 (01/01/2021-31/12/2023) - Alex Biryukov; urn:issn:2569-2925; https://orbilu.uni.lu/handle/10993/57631; info:hdl:10993/57631; https://orbilu.uni.lu/bitstream/10993/57631/1/TCHES2023_4_13.pdf |
| DOI: | 10.46586/tches.v2023.i4.318-343 |
| Dostupnost: | https://orbilu.uni.lu/handle/10993/57631 https://orbilu.uni.lu/bitstream/10993/57631/1/TCHES2023_4_13.pdf https://doi.org/10.46586/tches.v2023.i4.318-343 |
| Rights: | open access ; http://purl.org/coar/access_right/c_abf2 ; info:eu-repo/semantics/openAccess |
| Přístupové číslo: | edsbas.5CD3CE7B |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: https://orbilu.uni.lu/handle/10993/57631# Name: EDS - BASE (s4221598) Category: fullText Text: View record from BASE – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=CHARL%C3%88S%20A Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edsbas DbLabel: BASE An: edsbas.5CD3CE7B RelevancyScore: 944 AccessLevel: 3 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 943.653564453125 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: LPN-based Attacks in the White-box Setting – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22CHARLÈS%2C+Alex%22">CHARLÈS, Alex</searchLink><br /><searchLink fieldCode="AR" term="%22UDOVENKO%2C+Aleksei%22">UDOVENKO, Aleksei</searchLink> – Name: Author Label: Contributors Group: Au Data: Interdisciplinary Centre for Security, Reliability and Trust (SnT) > CryptoLUX – Cryptography – Name: TitleSource Label: Source Group: Src Data: IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023 (4), 318 - 343 (2023-08-31) – Name: Publisher Label: Publisher Information Group: PubInfo Data: Ruhr-University of Bochum – Name: DatePubCY Label: Publication Year Group: Date Data: 2023 – Name: Subset Label: Collection Group: HoldingsInfo Data: University of Luxembourg: ORBilu - Open Repository and Bibliography – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22Cryptanalysis%22">Cryptanalysis</searchLink><br /><searchLink fieldCode="DE" term="%22DCA%22">DCA</searchLink><br /><searchLink fieldCode="DE" term="%22Dummy+Shuffling%22">Dummy Shuffling</searchLink><br /><searchLink fieldCode="DE" term="%22LDA%22">LDA</searchLink><br /><searchLink fieldCode="DE" term="%22LPN%22">LPN</searchLink><br /><searchLink fieldCode="DE" term="%22Masking%22">Masking</searchLink><br /><searchLink fieldCode="DE" term="%22White-box+Cryptography%22">White-box Cryptography</searchLink><br /><searchLink fieldCode="DE" term="%22Learning+parity+with+noise%22">Learning parity with noise</searchLink><br /><searchLink fieldCode="DE" term="%22Linear+decoding%22">Linear decoding</searchLink><br /><searchLink fieldCode="DE" term="%22Linear+decoding+analyse+attack%22">Linear decoding analyse attack</searchLink><br /><searchLink fieldCode="DE" term="%22Masking+schemes%22">Masking schemes</searchLink><br /><searchLink fieldCode="DE" term="%22White-box+cryptographies%22">White-box cryptographies</searchLink><br /><searchLink fieldCode="DE" term="%22Software%22">Software</searchLink><br /><searchLink fieldCode="DE" term="%22Engineering%22">Engineering</searchLink><br /><searchLink fieldCode="DE" term="%22computing+%26+technology%22">computing & technology</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+science%22">Computer science</searchLink><br /><searchLink fieldCode="DE" term="%22Ingénierie%22">Ingénierie</searchLink><br /><searchLink fieldCode="DE" term="%22informatique+%26+technologie%22">informatique & technologie</searchLink><br /><searchLink fieldCode="DE" term="%22Sciences+informatiques%22">Sciences informatiques</searchLink> – Name: Abstract Label: Description Group: Ab Data: peer reviewed ; In white-box cryptography, early protection techniques have fallen to the automated Differential Computation Analysis attack (DCA), leading to new countermeasures and attacks. A standard side-channel countermeasure, Ishai-Sahai-Wagner’s masking scheme (ISW, CRYPTO 2003) prevents Differential Computation Analysis but was shown to be vulnerable in the white-box context to the Linear Decoding Analysis attack (LDA). However, recent quadratic and cubic masking schemes by Biryukov-Udovenko (ASIACRYPT 2018) and Seker-Eisenbarth-Liskiewicz (CHES 2021) prevent LDA and force to use its higher-degree generalizations with much higher complexity. In this work, we study the relationship between the security of these and related schemes to the Learning Parity with Noise (LPN) problem and propose a new automated attack by applying an LPN-solving algorithm to white-box implementations. The attack effectively exploits strong linear approximations of the masking scheme and thus can be seen as a combination of the DCA and LDA techniques. Different from previous attacks, the complexity of this algorithm depends on the approximation error, henceforth allowing new practical attacks on masking schemes which previously resisted automated analysis. We demonstrate it theoretically and experimentally, exposing multiple cases where the LPN-based method significantly outperforms LDA and DCA methods, including their higher-order variants. This work applies the LPN problem beyond its usual post-quantum cryptography boundary, strengthening its interest for the cryptographic community, while expanding the range of automated attacks by presenting a new direction for breaking masking schemes in the white-box model. ; R-AGR-3748 - C19/IS/13641232/APLICA (01/09/2020 - 30/08/2022) - BIRYUKOV Alexei – Name: TypeDocument Label: Document Type Group: TypDoc Data: article in journal/newspaper – Name: Language Label: Language Group: Lang Data: English – Name: ISSN Label: ISSN Group: ISSN Data: 2569-2925 – Name: NoteTitleSource Label: Relation Group: SrcInfo Data: https://tches.iacr.org/index.php/TCHES/article/download/11168/10607; FNR13641232 - Analysis And Protection Of Lightweight Cryptographic Algorithms, 2019 (01/01/2021-31/12/2023) - Alex Biryukov; urn:issn:2569-2925; https://orbilu.uni.lu/handle/10993/57631; info:hdl:10993/57631; https://orbilu.uni.lu/bitstream/10993/57631/1/TCHES2023_4_13.pdf – Name: DOI Label: DOI Group: ID Data: 10.46586/tches.v2023.i4.318-343 – Name: URL Label: Availability Group: URL Data: https://orbilu.uni.lu/handle/10993/57631<br />https://orbilu.uni.lu/bitstream/10993/57631/1/TCHES2023_4_13.pdf<br />https://doi.org/10.46586/tches.v2023.i4.318-343 – Name: Copyright Label: Rights Group: Cpyrght Data: open access ; http://purl.org/coar/access_right/c_abf2 ; info:eu-repo/semantics/openAccess – Name: AN Label: Accession Number Group: ID Data: edsbas.5CD3CE7B |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsbas&AN=edsbas.5CD3CE7B |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.46586/tches.v2023.i4.318-343 Languages: – Text: English Subjects: – SubjectFull: Cryptanalysis Type: general – SubjectFull: DCA Type: general – SubjectFull: Dummy Shuffling Type: general – SubjectFull: LDA Type: general – SubjectFull: LPN Type: general – SubjectFull: Masking Type: general – SubjectFull: White-box Cryptography Type: general – SubjectFull: Learning parity with noise Type: general – SubjectFull: Linear decoding Type: general – SubjectFull: Linear decoding analyse attack Type: general – SubjectFull: Masking schemes Type: general – SubjectFull: White-box cryptographies Type: general – SubjectFull: Software Type: general – SubjectFull: Engineering Type: general – SubjectFull: computing & technology Type: general – SubjectFull: Computer science Type: general – SubjectFull: Ingénierie Type: general – SubjectFull: informatique & technologie Type: general – SubjectFull: Sciences informatiques Type: general Titles: – TitleFull: LPN-based Attacks in the White-box Setting Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: CHARLÈS, Alex – PersonEntity: Name: NameFull: UDOVENKO, Aleksei – PersonEntity: Name: NameFull: Interdisciplinary Centre for Security, Reliability and Trust (SnT) > CryptoLUX – Cryptography IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2023 Identifiers: – Type: issn-print Value: 25692925 – Type: issn-locals Value: edsbas – Type: issn-locals Value: edsbas.oa Titles: – TitleFull: IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023 (4), 318 - 343 (2023-08-31 Type: main |
| ResultId | 1 |