A generic attack against white box implementation of block ciphers

Abstract

White box attack context assumes that attackers have full access to the implementation and dynamic execution of cryptographic algorithms. How to protect keys in such an attack context has become a new challenge to implementation of cryptographic algorithms. In 2002, Chow et al. proposed a white box AES implementation whose construction could also be applied to other iterated block ciphers. This implementation was later improved and attacked several times. However those attacks greatly depend on the structure of specific cipher and its implementation. We propose a generic attack against a typical white box implementation of iterated block ciphers with Chow's techniques, which can be applied to block ciphers of different structures. Our attack relies on the connection of input-output difference probability distribution between block ciphers and their white box implementation, and recovers the subkey efficiently.