Randomly perturbing the bytecode of white box cryptography implementations in an attempt to mitigate side-channel attacks

Sammanfattning: This study takes one step further towards constructing a tool able to automatically amplify the security on your cryptographic implementations. In white box cryptography the encryption key is hidden inside the encryption algorithm out of plain sight. An attacker can try to extract the secret key by conducting a side channel attack, differential computational analysis, which many white boxes are vulnerable to. The technique to increase security explored in this study consists of randomly with different probabilities perturb the white box by adding the value one to a variable inside the running white box. This does break the correctness of the output on all the three tested white box implementations to various extents, but some perturbations can be made which maintains fairly high correctness on the output of the program. Running a white box with perturbations does not cause any significant increase in execution time. Out of more than 100 000 possible perturbation points 25 were chosen to be investigated further. In one case the security of a perturbed white box increased, but in four similar cases the white box was made more insecure, otherwise no change in security was observed. A more sophisticated technique of identifying the best point to insert perturbations are therefore required in order to further investigate how to increase the security of your cryptographic implementations while still maintaining a fairly high correctness despite the program experiencing random perturbations.