Adoring Poitras is the winning white-box implementation of AES-128 from WhibOx contest, also known as CHES 2017 CTF. We released a white-paper on breaking it at IACR ePrint archive. The original source code can be found here.
This repository provides some intermediate results and tools of our analysis on Adoring Poitras.
The reference environment (OS and compiler) of WhibOx contest can be found from their rules. Our experiments is done with GCC 7.2.0_1 on iMac (27-inch, Late 2012).
In order to open *.cdf, you may need to install Wolfram CDF
Player.
- reverse-engineering/step1-readability.c: result after readability prcessing.
- reverse-engineering/step2-de-virtualization.c: result after removing the virtual machine.
- reverse-engineering/step3-simplification.c: code after simplification.
- reverse-engineering/step4-ssa.c: code after single static assignment transformation.
- reverse-engineering/step5-circuit-minimization.c: code after circuit minimization.
python ddg/extract_dag_edges.py > ddg/edges.txtto generate edges in the data dependency graph of the minimized circuits.- ddg/ddg-clustering.cdf is the illustration of our data dependency analysis and clustering analysis.
lda/lda.cdf is an illustration of our linear decoding analysis for the 5th s-box.
@article{GPRW20,
author = {Louis Goubin and
Pascal Paillier and
Matthieu Rivain and
Junwei Wang},
title = {How to reveal the secrets of an obscure white-box implementation},
journal = {J. Cryptographic Engineering},
volume = {10},
number = {1},
pages = {49--66},
year = {2020},
url = {https://doi.org/10.1007/s13389-019-00207-5},
doi = {10.1007/s13389-019-00207-5},
timestamp = {Thu, 09 Apr 2020 21:56:49 +0200},
biburl = {https://dblp.org/rec/journals/jce/GoubinPRW20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}
@misc{cryptoeprint:2018:098,
author = {Louis Goubin and Pascal Paillier and Matthieu Rivain and Junwei Wang},
title = {How to Reveal the Secrets of an Obscure White-Box Implementation},
howpublished = {Cryptology ePrint Archive, Report 2018/098},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/098}},
}
All the C source codes carry the same license as the submission 777 in WhibOx contest.
ddg/ddg-clustering.cdf and lda/lda.cdf and the other files are CC BY-SA 3.0 licensed.