International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge

Authors:
Guillaume Barbu , IDEMIA, Cryptography & Security Labs, Pessac, France
Ward Beullens , IBM Research, Zurich, Switzerland
Emmanuelle Dottax , IDEMIA, Cryptography & Security Labs, Pessac, France
Christophe Giraud , IDEMIA, Cryptography & Security Labs, Pessac, France
Agathe Houzelot , IDEMIA, Cryptography & Security Labs, Pessac, France; LaBRI, CNRS, Université de Bordeaux, Bordeaux, France
Chaoyun Li , imec-COSIC, KU Leuven, Leuven, Belgium
Mohammad Mahzoun , Eindhoven University of Technology, Eindhoven, Netherlands
Adrián Ranea , imec-COSIC, KU Leuven, Leuven, Belgium
Jianrui Xie , imec-COSIC, KU Leuven, Leuven, Belgium
Download:
DOI: 10.46586/tches.v2022.i4.527-552
URL: https://tches.iacr.org/index.php/TCHES/article/view/9830
Search ePrint
Search Google
Presentation: Slides
Abstract: Despite the growing demand for software implementations of ECDSA secure against attackers with full control of the execution environment, scientific literature on ECDSA white-box design is scarce. The CHES 2021 WhibOx contest was thus held to assess the state-of-the-art and encourage relevant practical research, inviting developers to submit ECDSA white-box implementations and attackers to break the corresponding submissions.In this work, attackers (team TheRealIdefix) and designers (team zerokey) join to describe several attack techniques and designs used during this contest. We explain the methods used by the team TheRealIdefix, which broke the most challenges, and we show the efficiency of each of these methods against all the submitted implementations. Moreover, we describe the designs of the two winning challenges submitted by the team zerokey; these designs represent the ECDSA signature algorithm by a sequence of systems of low-degree equations, which are obfuscated with affine encodings and extra random variables and equations.The WhibOx contest has shown that securing ECDSA in the white-box model is an open and challenging problem, as no implementation survived more than two days. In this context, our designs provide a starting methodology for further research, and our attacks highlight the weak points future work should address.
BibTeX
@article{tches-2022-32376,
  title={ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2022, Issue 4},
  pages={527-552},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9830},
  doi={10.46586/tches.v2022.i4.527-552},
  author={Guillaume Barbu and Ward Beullens and Emmanuelle Dottax and Christophe Giraud and Agathe Houzelot and Chaoyun Li and Mohammad Mahzoun and Adrián Ranea and Jianrui Xie},
  year=2022
}