Introduction
Since years, we are maintaining a few whitebox cryptanalysis tools in the well known Side-Channel Marvels set of repositories.
Besides a few very specific attack scripts, the most important tools are the implementations of the Differential Computation Analysis (DCA) attack and the Differential Fault Analysis (DFA) attack against whitebox implementations of AES. The latter has been extensively covered in a previous blogpost a few years ago. They have the big advantage that they require very few working hypotheses and work blindly against whitebox implementations, without requiring reverse-engineering. The main hypothesis is to have access to the input or the output of the AES block in clear, as it is for a regular AES.
Even before the existence of these automated attacks, it is well known that a whitebox implementation is hard to protect when input or output is not protected. The typical answer is to add so-called external encodings on the input and output, which is an extra layer of obfuscation, applied on the data before being sent to the AES and removed afterwards. When these external encodings are applied in the same application, it is a matter of reverse-engineering it to get to the point where the data are not encoded.
But there are a few situations where external encodings application may not be available locally. For example a local secure storage: data might be encrypted and decrypted with a local whitebox AES which considers its input and output to be already encoded. It is not a standard AES encryption of the data anymore but as it is used in isolation, it does not really matter. In such situation, DCA and DFA will fail and we need something else.
Dark Phoenix
The Phoenix became Dark Phoenix due to allowing human emotions to cloud its judgment. In this state, Phoenix was the strongest, but also an evil entity that thirsted for power and destruction. Totally uncontrollable, Dark Phoenix was a force to be reckoned with as it was not bound by a human conscience.
Dark Phoenix is a tool to perform differential fault analysis attacks (DFA) against AES whiteboxes with external encodings, as described in A DFA Attack on White-Box Implementations of AES with External Encodings by Alessandro Amadori, Wil Michiels and Peter Roelse.
TODO: requirements, nr of faults example on deadpool
Blue Galaxy Energy
Hologram: Shut up! You do not know the power of the Blue Galaxy Energy! Also known as the "B.G.E". Mr. Whereabout: The Loss, Part III, Volume I
Blue Galaxy Energy is a tool to perform the so-called BGE attack described in Cryptanalysis of a White Box AES Implementation by Olivier Billet, Henri Gilbert and Charaf Ech-Chatbi, with the optimizations proposed in Improved cryptanalysis of an AES implementation by Ludo Tolhuizen and in Revisiting the BGE Attack on a White-Box AES Implementation by Yoni De Mulder, Peter Roelse and Bart Preneel.
TODO:
Conclusion
TODO:
Acknowledgments
We are very grateful to Laurent Grémy who wrote the core of the BGE implementation.
Many thanks to Alessandro Amadori for having shared his simulation scripts, which greatly helped us verify our own implementation during its development.
References
- Blue Galaxy Energy repository
- Dark Phoenix repository
- TODO: examples
Article Link: Two more Whitebox Cryptanalysis Open Source Tools