A Secure White Box Implementation of AES Against First Order DCA

Abstract

The white box threat model considers an attacker with complete access to the implementation and execution environment of a cryptographic algorithm. Aiming towards secure implementation of cryptographic algorithms in this context, several implementations of the AES cipher were proposed in the literature. However, they were proven vulnerable to implementation specific attacks, as well as to refined side-channel and more robust attacks that do not rely on implementation knowledge of the cipher, such as DCA (differential computation analysis). In this paper we present a white box implementation of the AES cipher with recently proposed DCA countermeasures [Lee et al. 2018]. We provide a comparison of the performance difference these countermeasures incur in practice and report some preliminary experimental results on the security of our implementation.