Paper 2024/691

White-box filtering attacks breaking SEL masking: from exponential to polynomial time

Alex Charlès, University of Luxembourg
Aleksei Udovenko, University of Luxembourg
Abstract

This work proposes a new white-box attack technique called filtering, which can be combined with any other trace-based attack method. The idea is to filter the traces based on the value of an intermediate variable in the implementation, aiming to fix a share of a sensitive value and degrade the security of an involved masking scheme. Coupled with LDA (filtered LDA, FLDA), it leads to an attack defeating the state-of-the-art SEL masking scheme (CHES 2021) of arbitrary degree and number of linear shares with quartic complexity in the window size. In comparison, the current best attacks have exponential complexities in the degree (higher degree decoding analysis, HDDA), in the number of linear shares (higher-order differential computation analysis, HODCA), or the window size (white-box learning parity with noise, WBLPN). The attack exploits the key idea of the SEL scheme - an efficient parallel combination of the nonlinear and linear masking schemes. We conclude that a proper composition of masking schemes is essential for security. In addition, we propose several optimizations for linear algebraic attacks: redundant node removal (RNR), optimized parity check matrix usage, and chosen-plaintext filtering (CPF), significantly improving the performance of security evaluation of white-box implementations.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TCHES 2024
DOI
10.46586/tches.v2024.i3.1-24
Keywords
White-box CryptographyCryptanalysisFilteringMasking schemesSELFLDARNRCPF
Contact author(s)
alex charles205 @ gmail com
aleksei @ affine group
History
2024-07-27: revised
2024-05-06: received
See all versions
Short URL
https://ia.cr/2024/691
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/691,
      author = {Alex Charlès and Aleksei Udovenko},
      title = {White-box filtering attacks breaking {SEL} masking: from exponential to polynomial time},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/691},
      year = {2024},
      doi = {10.46586/tches.v2024.i3.1-24},
      url = {https://eprint.iacr.org/2024/691}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.