 and internally encoded white box implementations. This is a work by Junwei Wang and myself, and Junwei will give the talk. Thanks for the introduction. So we are talking about a white box security model in which an adversary is giving a software implementation of some cypher, and he tried to extract the underlying secret key. So the adversary could represent small errors or call hosted applications where the cypher is deployed, and it could be user themselves. So in this setting we don't limit the power of the adversary. We assume we can do whatever he wants. He could statically or dynamically analyze code. He could monitor on the memory, and he could also interfere a normal execution. So after about 20 years of research, we still don't have a sound solution for white box crypto. So but in practice, we need a white box crypto in many applications. For example, the digit can send the distribution and host the card emulation application in which the cypher can be only implemented in pure software and they are deployed in a hostile environment. So hence in the practice, the solution provider can only think about heuristic solutions and the security is mainly realized on the security of their technique. So white box crypto is proposed in sec 2002. And the first kind of mirror is called the internet including and it's still a mainstream components in many recent publications. So we first represents the cypher into a network of random operations. Each rounder has a different round key. If we are able to recover one or several round keys, we can fully recover the cypher key. So internal including trying to obfuscate this sequential transformation by applying some invertible transformations on to any pair for connecting the rounder functions without affecting the functionality but hiding the round outputs somehow. So then the included transformation is composed into many small lookup tables. So this talk is talk about the attacks against this kind of mirror, including the differential competition analysis and cleaner attack. In the people we also look at the mutual information analysis but it's not included in this talk. So differential competition analysis actually just the adoption of DPA techniques into white box contest. So the difference between the side channel attack and the DC attack is in the side channel case, we use the noisy leakage like power consumption and electronic magnetization. But in this white box setting, we use what exactly processed during the execution. We call this leakage a computational leakage. It could be the memory values we accessed or the registered values, for example. The principle is the first to collect the many traces for different inputs. And then we select some key dependent target function and make a key guess based on the prediction of this target variable. We can divide the traces into two groups. For each group we compute an average trace and then finally we do a differential trace for these two groups. So if this technique works, it's implying that there is a strong linear correlation between the targeting variable 5K and the leaked simple in the traces. So DC attack is a generator attack. Since it's published, it has broken many different implementations without knowing the underlying plan. However, people don't know very well why it would work. And the follow up analysis also has some limitations. And besides that we think if we got the computation traces we can do much more than what has been done. For example, we can attack in some variables in the inner rounds and we can use different attacking techniques. So the leakage in this setting is modeling in this way. We have an N-bit input and N-bit output selection function 5K, K-dependent. And N-bit random direction is applied onto this selection function. And the composition of Y and 5K is leaked in the memory as probably several deep blue cups. And to use this leakage we need to, it's necessary to have a big N. Otherwise the composition is independent of the K. We couldn't get anything but K. So our analysis is based on Boolean correlation and we look at the correlation between one bit of the selection function and one bit of the included value. So in order to make this a success it requires that the correlation for the good K-guest, K-star, should be bigger than all the incorrect one, K-plus, a K-cross. So the analysis is down under the ideal assumption that all the 5K are mutually independent N-bit output function. And the result is that for the good K-guest the result is 222 minus M plus N-star minus one with the N-star as a half-dramatric distribution and the formula only depends on M. For the incorrect K-guest everything is the same except that we replace M-bit. Here we don't have to understand what is distribution. It's a well-defined distribution because of the time we can skip. So the analysis is based on a simple line that if we have balanced Boolean function and we select the independent Boolean function the balancedness of their sum is four times N minus 22N and here N is a half-dramatric distribution and with the definition of correlation we can easily have the analysis. So to have a detailed look of the distribution so for the sighting when N is equal to eight and M is equal to four where N is the number of input base and M is the number of output base. This is the typical sighting in the similar work and in many attacks afterwards. So the original points is the correlation distribution for the good K-guest and the blue one for the incorrect ones. So we can see that for the incorrect ones almost everything is centralized around zero while for the good K-guest it has the highest chance that the absolute value is big then and equals to one over four. That's why we can easily distinguish the good K. So we also did some simulation by using ESS box as a target function and we can see the simulation result is match the theoretical analysis very well. So we also have a close formula for the success probability. So M is the output bit and A is the input bit for the select function. So M is decided why are we generating the red box so better when we do the attack we have flexibility to choose N. If we increase N up to two times M plus two the success probability will converge. And this is the same for the other possible including sites. And it's interesting to observe that if we increase the including size actually we have a higher chance to break the implementation. That mean a wider including not necessarily more secure. So we applied this attack into an open wet box challenge of ES here the M is eight it's a bad including protection and the DC is filled to break it because they are targeting select function N equals to M equals to eight. We already mentioned that N should necessarily be greater than M. So what we did is we target an output bit of mixed column in the first one. So the pink, so this is a ES state. So we only changed the pink cells and then we fixed constant the blue cells. After the ES computation only the pink shells depends on the inputs and we have this is the red shell, the formula. And the last part is some constants. So that means we are targeting such a select function that is 16 input base and M eight bit outputs and the key searching space is two to 16. So not surprisingly it works with the out to 108,000 traces to extract two key bytes. And we applied the similar attack on other red box implementation dedicated to resist the DC is still work. Okay, then the second attack is about collision. So again we collect the many traces for different inputs and for each pair of inputs, we calculate something called the clearing protection and the clearing trace in the sense that if we say the prediction are the same, we get the clearing prediction equals to one. But if they are not the same, we put zero. We do the simple, the trace simple also in the similar way in the clearing traces, there is only zero and one depends on whether they are equal or not. And finally we do a correlation between this clearing prediction and the clearing traces. And this works based on a very simple principle. If for the good guess the prediction are the same, they include the prediction only and only, if and only if they include the prediction are the same. And this attack with the very efficient trace complexity is just the two to M over two. And to understand it, imagine key is the key, a key one is key guess and the boards here are the inputs and the buckets are the prediction for each input. So we define the one element called collid. If we find that there is bucket that has more than one boards. For example, key one is collid. Then we define that the second element isomorphic for a pair of K, if we were sharp, we sharpen the position for the buckets, we can make them exactly the same. For example, key one and the key two are asomorphic because we can reshuffle the position for the bucket and we can make them identical. But the key one is not asomorphic with the key four. Similarly, key three is not collid. So the clearing attack works when these two elements happens. For the good guess, it collides. But for all the incorrect key guess, the good key guess is not asomorphic to the incorrect ones. And by looking at the probability of this event, we can deduce the trace complexity. So for the same implementation, we look at the same target variable that is the first one that makes column out of the bed. We can use only 16 traces to extract the two key beds, which is much efficient than the B3 we've done before. And it's interesting. It's not surprising that the peak is one because the correlation for the good guess should be one. But it's interesting to observe that there are many peaks. It means there are several different collids late during the execution. So to conclude, so in this work, we analyze the differential combination in depth. And this allows us to attack in wider includes instead of only four-bit includes. It also allows us to attack in some variables in the deep rounds. And we also further exploit the computational traces. For example, we can use a simple clear and to break this internal including. So it means to protect the cipher with the internal including only in the out of rounds is not efficient. That's all, thank you. Any question for Junoé? No question? So let's thank Junoé again.