Project SWITECH

Secure Software using Whitebox Technology

About

ANR and FNR Founded Research Project.

Cryptographic algorithms are increasingly deployed in various applications embedded on connected devices, such as smartphones and tablets. In this environment, the capabilities of the adversary can be greatly enhanced, and we should consider an adversary who can access the binary code, modify its execution, tamper with the memory, and use existing reverse engineering tools such as debuggers to recover the hidden secrets. In general consumers have an implicit trust in the security level of products and services produced by manufacturers and solution providers. Therefore it is often devastating in terms of technical credibility when security solutions are successfully broken and subsequently subject to uncontrolled cloning and counterfeiting.

The goal of the SWITECH project is to make White-Box Cryptography (WBC) a mature technology, by providing new constructions for cryptographic implementations, by improving known attacks and developing new ones, and by building innovative demonstrators based on concrete use cases to demonstrate the feasibility of security products in pure software. This is an industrial research project that brings together theoretical cryptographers and industrial experts whose main concern is the security of security products. The public laboratory partners are Versailles University and University of Luxembourg. The industrial partner is CryptoExperts. Besides developing secure white-box contructiongs, defining security models, exporing new attacks and developing new attack tools, the goal of the SWITECH project is to specify a concrete, market-driven use case and build a concrete demonstrator to demonstrate the feasibility of security products in pure software. Based on this use case, we will build Android mobile application that makes use of white-box cryptography to secure the storing and spending of cryptocurrency coins. This will require a dynamic ECDSA white-box implementation that can operate transactions from tokens.


Publications

Dummy Shuffling Against Algebraic Attacks in White-Box Implementations

Alex Biryukov and Aleksei Udovenko

in EUROCRYPT 2021

Defeating State-of-the-Art White-Box Countermeasures with Advanced Gray-Box Attacks

Louis Goubin and Matthieu Rivain and Junwei Wang

in IACR TCHES 2020

Talks

Dummy Shuffling Against Algebraic Attacks in White-Box Implementations

Alex Biryukov and Aleksei Udovenko

at EUROCRYPT 2021 (hybrid conference), slides

Defeating State-of-the-Art White-Box Countermeasures with Advanced Gray-Box Attacks

Louis Goubin and Matthieu Rivain and Junwei Wang

at CHES 2020 (virtual conference), slides


Partners


Sponsors


Contact

Coordinator in France:

Prof. Louis Goubin (The mathematics Laboratory of Versailles)

louis.goubin-AT-uvsq.fr

Coordinator in Luxembourg:

Prof. Jean-Séstien Coron (Applied Crypto Group)

jean-sebastien.coron-AT-uni.lu