the univariate case. The second-order BCA offers the
best trade-off between the execution time and trace
complexity and hence it is a good alternative to the
second-order MIA. Finally, when masking is involved
then the DCA is better than the collision attack. In-
deed, the collision attack (w.r.t. to Eq. (3)) can be
seen as a particular case of the DCA where the corre-
lation is only computed when a collision is detected.
However, the collision attack remains a good candi-
date to consider in an unmasked context as demon-
strated in (Rivain and Wang, 2019).
7 CONCLUSION
In this work, we considered the evaluation of higher-
order masked white-box implementations. Indeed,
we extended some well-known computational attacks
to the higher-order context. The practical evaluation
of these attacks had shown their efﬁciency to defeat
masked white-box implementations.
As a future work, we intend to study these higher-
order computational attacks when relaxing the as-
sumptions formulated in Sec. 2.2.
REFERENCES
(2019). Supporting materials.
https://github.com/Bucketing/HO-attacks-on-WB.
Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert,
F.-X., and Veyrat-Charvillon, N. (2011). Mutual In-
formation Analysis: a Comprehensive Study. J. Cryp-
tology, 24(2):269–291.
Bogdanov, A., Rivain, M., Vejre, P. S., and Wang, J.
(2019). Higher-order DCA against standard side-
channel countermeasures. In COSADE 2019, Darm-
stadt, Germany, April 3-5, 2019, Proceedings, pages
118–141.
Bos, J. W., Hubain, C., Michiels, W., and Teuwen, P. (2016).
Differential computation analysis: Hiding your white-
box designs is not enough. In CHES 2016, pages 215–
236, Berlin, Heidelberg. Springer Berlin Heidelberg.
Chow, S., Eisen, P., Johnson, H., and van Oorschot,
P. C. (2003a). A white-box des implementation for
drm applications. In Feigenbaum, J., editor, Digital
Rights Management, pages 1–15, Berlin, Heidelberg.
Springer Berlin Heidelberg.
Chow, S., Eisen, P. A., Johnson, H., and Oorschot, P. C. v.
(2003b). White-box cryptography and an aes imple-
mentation. In SAC 2002, pages 250–270, London,
UK, UK. Springer-Verlag.
Gierlichs, B., Batina, L., Preneel, B., and Verbauwhede,
I. (2010). Revisiting higher-order dpa attacks:. In
Pieprzyk, J., editor, Topics in Cryptology - CT-RSA
2010, pages 221–234, Berlin, Heidelberg. Springer
Berlin Heidelberg.
Gierlichs, B., Batina, L., Tuyls, P., and Preneel, B. (2008).
Mutual information analysis. In CHES 2010, volume
5154 of Lecture Notes in Computer Science, pages
426–442. Springer. Washington, D.C., USA.
Goubin, L., Paillier, P., Rivain, M., and Wang, J. (2019).
How to reveal the secrets of an obscure white-box im-
plementation. Journal of Cryptographic Engineering.
Kocher, P. C., Jaffe, J., and Jun, B. (1999). Differential
power analysis. CRYPTO ’99, pages 388–397, Lon-
don, UK, UK. Springer-Verlag.
Lee, S. (2018). Lee’s CASE 1 implementation.
https://github.com/SideChannelMarvels/Deadpool
/tree/master/wbs aes lee case1.
Lee, S., Kim, T., and Kang, Y. (2018). A masked white-box
cryptographic implementation for protecting against
differential computation analysis. IEEE Transactions
on Information Forensics and Security, 13(10):2602–
2615.
Maghrebi, H., Prouff, E., Guilley, S., and Danger, J.-L.
(2012). A ﬁrst-order leak-free masking countermea-
sure. In Dunkelman, O., editor, Topics in Cryptology
– CT-RSA 2012, pages 156–170, Berlin, Heidelberg.
Springer Berlin Heidelberg.
Prouff, E. and Rivain, M. (2007). A generic method for
secure sbox implementation. In Kim, S., Yung, M.,
and Lee, H.-W., editors, Information Security Appli-
cations, pages 227–244, Berlin, Heidelberg. Springer
Berlin Heidelberg.
Prouff, E. and Rivain, M. (2009). Theoretical and Practical
Aspects of Mutual Information Based Side Channel
Analysis. In Springer, editor, ACNS, volume 5536 of
LNCS, pages 499–518. Paris-Rocquencourt, France.
Rivain, M. and Wang, J. (2019). Analysis and improvement
of differential computation attacks against internally-
encoded white-box implementations. IACR TCHES,
2019(2):225–255.
Zeyad, M., Maghrebi, H., Alessio, D., and Batteux, B.
(2019). Another look on bucketing attack to de-
feat white-box implementations. In Polian, I. and
St
¨
ottinger, M., editors, COSADE, pages 99–117,
Cham. Springer International Publishing.
ICISSP 2020 - 6th International Conference on Information Systems Security and Privacy
272