Wil Michiels

Cryptanalysis of white-box DES implementations with arbitrary external encodings

At DRM 2002, Chow et al. [4] presented a method for implementing the DES block cipher such that it becomes hard to extract the embedded secret key in a white-box attack context. In such a context, an attacker has full access to the implementation and its execution environment. In order to provide an extra level of security, an implementation shielded with external encodings was introduced by Chow et al. and improved by Link and Neumann [10]. In this paper, we present an algorithm to extract the secret key from such white-box DES implementations. The cryptanalysis is a differential attack on obfuscated rounds, and works regardless of the shielding external encodings that are applied. The cryptanalysis has a average time complexity of 214 and a negligible space complexity.

Cryptanalysis of a Generic Class of White-Box Implementations

A white-box implementation of a block cipher is a software implementation from which it is difficult for an attacker to extract the cryptographic key. Chow et al. published white-box implementations for AES and DES. These implementations are based on ideas that can be used to derive white-box implementations for other block ciphers as well. In particular, the ideas can be used to derive a white-box implementation for any substitution linear-transformation (SLT) cipher. Although the white-box implementations of AES and DES have been cryptanalyzed, the cryptanalyses published use typical properties of AES and DES. It is therefore an open question whether an SLT cipher exists for which the techniques of Chow et al. result in a secure white-box implementation. In this paper we largely settle this question by presenting an algorithm that is able to extract the key from such an implementation under a mild condition on the diffusion matrix. The condition is, for instance, satisfied by all MDS matrices. Our result can serve as a basis to design block ciphers and to develop white-box techniques that result in secure white-box implementations.

Performance ratios for the Karmarkar-Karp differencing method

Abstract We consider the multiprocessor scheduling problem in which one must schedule n independent tasks nonpreemptively on m identical, parallel machines, such that the completion time of the last task is minimal. For this well-studied problem the Largest Differencing Method due to Karmarkar and Karp outperforms other existing polynomial-time approximation algorithms from an average-case perspective. For m ≥ 3, its worst-case performance has remained a challenging open problem. We show that its performance ratio is bounded between 4 3 − 1 (3(m-1)) and 4 3 − 1 3m . We also analyze the performance ratio if in addition to the number of machines, the number of tasks n is fixed as well.

On the guaranteed throughput of multizone disks

We derive the guaranteed throughput of a multizone disk that repeatedly handles batches of n requests of constant size. Using this guaranteed throughput in the design of multimedia systems, one can admit more streams or get smaller buffer requirements and guaranteed response times than when an existing lower bound is used. We consider the case that nothing can be assumed about the location of the requests on the disk. Furthermore, we assume that successive batches are handled one after the other, where the n requests in a batch are retrieved using a SCAN-based sweep strategy. We show that we only have to consider two successive batches to determine the guaranteed throughput. Using this, we can compute the guaranteed throughput by determining a maximum-weighted path in a directed acyclic graph in O(z/sub max//sup 3/n/sup 2/) time, where z/sub max/ is the number of zones of the disk.