 Hello, everyone. I'm between V1. This is a prerecorded video for just 2020. This work entitled the defeating state-of-the-art white box contenders with advanced gray box attacks is a collaboration works with Louis Coupern and Mathieu Hiffen. This work was done when I was a PhD student at the University of Luxembourg and the University of Paris 8. We consider two parties to communicate over an insecure channel with the pre-shared secret K. The classical group analysis is done in a black box model in the sense that the adversary only has access to the encryption-decorruption algorithm as a black box. That is, the adversary can only learn the input and output behavior of the cipher. The cipher has to be implemented in the software or hardware to be useful. When the cipher is implemented in hardware, then the adversary is further able to access to the physical information of the execution of cipher, such as the power consumption. This secure model is called a gray box model. In an extreme case, the adversary can fully control an implementation of some cipher and its execution environment. In this model, the capability of the adversary are greatly enhanced. We call this secure model a white box model. In the white box model, the adversary tries to extract the underlying secret K from a software implementation of some cipher. The adversary could represent malware, malicious applications in the same host, and even the application users themselves. The adversary could try all possible means, for instance, she could perform static or dynamic analysis of the code. She could spy on the memory while executing the code. She can even modify the code, inject thoughts, and employ the error nurse execution. She can easily reset the act on a randomness. Traditionally, secure hardware is used to protect the secret case in cipher. However, such a hardware is not always available. Besides, it is costly to maintain the long life cycle for secure hardware. Most importantly, it is not easy to mitigate the security breach of a hardware. In many real-world applications, cryptographic algorithm has to be deployed in pure software. Such application including digital content distribution, mobile payments, digital contract signing, and blockchain technologies. As illustrated by Shamir and a one-sum ring, if the key is not corrected, it is trivial for the adversary to extract key from the memory since the key looks random. Hence, in these applications, web box crypto is an essential component to protect the security of the system. Unfortunately, all existing public web box designs in the literature are broken by structural analysis and we don't have any probably secure web box for any standard cipher. However, the demand of the web box crypto from the industry keep growing and there is a huge application potential for web box crypto. This forces industry to achieve security through obscurity. Namely, they use homemade web box design, then they put a layer for obfuscation to protect their homemade design. The industry hopes this would discourage the tiger by time consuming reverse engineering and new structural analysis. In 2016, both ATOS suggested to apply differential power analysis techniques to break web box implementations. Classical DPA in group box model works with noisy side tunnel leakage such as power consumption, electromagnetic radiation, and execution time. In web box model, the attack is called a differential computation analysis. Since the attack works with the noisy free computational leakage, which could be any collected running information such as values in the register and the memory. DCA is a generic attack because it doesn't need to know any implementation detail. Surprisingly, DCA orders have shown that it is able to break any public available wide box implementation. DCA has become a main threat of the security paradigm since then. In this context, two editions of web box competition are organized as just CTF events. As quoted from web box 2017, the competition gives an opportunity for researchers and practitioners to confront their secretly designed web box implementations to the state of the art attack. The competition invites designers to submit a C-source code of AES 128 with a secretly chosen key and invited attackers to reveal the hidden case in this implementation. The participants doesn't have to disclose their identity or designing or attacking techniques. Since the competition took place in 2017, it attracted 94 submissions which were all broken with nearly 900 individual breaks. Most of them were broken one day and it is reported that most of them became broken simply by DCA attacks. A new edition took place in 2019. New rules are introduced to encourage designers to submit a smaller and faster implementation. Finally, 27 implementations were submitted and only three of them stayed alive until the last minute of the competition. They were broken soon after the competition with the techniques present in this talk. Since DCA is a DPA techniques used in web box contest, it is nature to adopt the DPA countermeasures to protect web box implementations. In this presentation, I will first talk about advanced group box countermeasures that are used in practical web box implementations as well as the three-linear implementation of web box 2019. At the same time, I will present different attacking paths against these countermeasures and analyze the performance in terms of the competition complexity. Then I will introduce a new data dependency based attack that substantially improved the attacking complexity. Finally, I will conclude the talk. So we start with the linear masking countermeasure and the two attacks against it. Then we talk about algebraic security and the nonlinear masking countermeasures. Finally, we talk about the rule of shuffling countermeasure played in the web box implementation. The linear masking is a widely deployed group box countermeasure. The idea is to split any key dependent sense to intermediate variable in the implementation into n shares. The n shares are manipulated in a way such that any n minus 1 shares is independent of x. Apparently, linear masking of n shares is able to resist against the n minus 1 order DC attacks. The DC attack first pre-processed the competition traces and obtain high order degree traces, then apply standard DC on the high order traces. A high order trace contains symbols combining any n-toppers in the original trace. Hence, it has t chosen n points where t is the original trace size and n is the attacking order. The natural combination function to attack linear masking is X or some, since it simply revealed the sensitive variables. In obscure web box implementation, we don't know where the n shares are. Hence, the attacking trace window size t could be very large, which makes the high order DC be impractical. For example, if the linear masking order n equals to 5 and the attacking window size is 1000, then there would be 1000 chosen 5 shares in the high order traces, which is about 2243. So here we present a linear decoding analysis whose complexity is independent with the linear masking order. The attack assume that there exists a linear decoding function that could reveal the key-dependent sensitive variable. The LDA attack first collects many competition traces and make predictions to the attack to the variable according to the key gases and trying to solve this linear system. Apparently, this system is solvable for the correct key gases, but for the incorrect key gases, as long as the number of traces n is slightly larger than the window size t. Hence, the trace complexity of LDA is t plus big O of 1 and the competition complexity is the complexity to solve a linear system times the size of the key-searching space. For example, when the attacking window size t equals to 1000, the complexity to solve one linear system needs 228 operations, which is independent with the linear masking order and which is faster than high order DC with the same parameter. Next, we talk about algebraic security and nonlinear masking on the mirror. Algebraic security is proposed by Bukov and Yudwenko at Asia Crypt 2018. A deep-grade algebraically secure nonlinear masking ensures that any function of up to deep-grade to the intermediate variables should not compute a predictable value. The authors also designed a first-degree secure nonlinear masking scheme, which resists against the LDA attack. In their scheme, each sense to variable is included by three variables, A, B, C, and with the quadratic coding function, A times B plus C. They designed a secure garbage of a bit operations and approved their compatibility. Notice this game itself is vulnerable to DC attack since the correlations go between the sense to variable and the C is one over two. As the authors suggest using a combination of linear masking and nonlinear masking to draw both DCA and LDA attacks at the same time. However, the authors didn't show how to do that. In this presentation, we suggest the three possible natural combinations. The first combination consists in applying linear masking on top of nonlinear masking. That is the sensitive variable first nonlinearly shared than each nonlinear share is further linearly shared. The second combination consists in applying nonlinear masking on top of linear masking. That is the sensitive variable first linearly shared. non-linearly shared. The third combination merge the best of the two masking and they get a new encoding. You have two possible interpretation for this new encoding. The first interpretation you can think of the system variable is first non-linear shared, then the linear share, then the linear C in the non-linear share is further linearly shared. Or you can interpret the system variable first linearly shared, but the first linear share is non-linearly shared. For the first two combinations, the combined masking gadgets can be simply derived from the original gadgets of both scheme. For the third combination, new gadgets need to be developed. However, this is not the scope of this presentation. When they present a high degree of decoding analysis, which could break a combination of linear masking and non-linear masking? We first assume that the decoding function, so we first assume that there exists this degree of decoding function that reveals the system variable. Similar to the high order DCA, high degree decoding analysis also first pre-process is the original computation traces, then applies a LDA analysis. A deep degree trace contains all monomials of degree not greater than D, hence it contains T2D symbols. The complexity of high degree decoding analysis, hence, is to solve a linear system with the T2D variables times the size of the key space. Note that this complexity can only be practical when both the attacking window T and the decoding function degree D are small. For instance, if we want to bound the T2, 2.0 times D, less than 250, then if D equals 2, it means T less than 487. If the decoding degree D is equal to 3, this says that we can only attack a window with only less than 62 variables. Next, we talk about the shuffling counter mirror. Shuffling is another commonly used gearbox counter mirror. The idea is to randomly choose the execution order in each run of the implementation. Thus, the noisy in the adversary's observation will be increased. It has been shown that only shuffling operation order is insufficient in the wetbox model, since the adversary could realign the three symbols according to their memory addresses. Hence, we have to shuffle the usage of memory as well. If shuffling is applied together with the mass mirror, there won't be any fixed location for all shares in competition trees. If the shuffling degree is lambda, which means the operation is suffered in lambda slots, the higher order degree correlation score will be decreed by effect of lambda, hence the attack will be slowed down by lambda square. If the adversary is lucky, he is able to integrate values in all of the lambda slots, then the correlation score is only decreed by effect of square of roots, hence the attacking slow down is lambda. When masking and shuffling both apply, if the attacking window and the linear masking order is big, the higher order DC attack would be impractical. Next part, we will try to improve DC attack by exploding data dependency of the implementation. A wetbox adversary can also observe any internal states of a wetbox implementation. He can also observe the data flow of the implementation. From the data flow, the adversary could easily build a data dependency graph of implementation. While breaking the linear implementation of Webbox 2017, we gradually revealed the structure for AES first round by uploading data dependency graph and managed to locate the first round S-Box output included in a small window of about only 15 variables. However, the data dependency graph doesn't always virally disclose implementation detail. Nevertheless, to attack a obscure wetbox implementation, it can still minimize attack interest window by exploding the data dependency in an automatic way. Hereafter, we showed that how data dependency analysis can be used to break linear masking and non-linear masking combination. Our analysis is inspired by observation in linear masking gadget for an operation. A secure linear masking gadget takes the linear shares of two variable and updating the linear shares of their products. The linear share of gadgets can be interpreted as a sum of three matrices and then sum the values in the same row. If you look at the share of x, the first share x1, it multiplies with all shares of y, y1, y2, y3. This is also true for the second share of x. It multiplies with all the shares of y. This is also true for all the other shares of x. Each share of xxi is multiplied with all shares of y and each share of yi is multiplied with all shares of x. This is true for any linear masking order. Now, consider a circuit based wetbox implementation. For each gate, we compute its co-operator for and operation. For instance, if we look at the gate say, it multiplies with b, d, e3 gates. We consider b, d, e is the co-operator for gate say for and operation. As we have shown before, if c tends to be a share of some variable, b, d, e could be a linear share of some sensory intermediate variable. Hence, our data dependency analysis then collects data dependency traces, which contains the sum of the co-operates of each gate for and operation. Then we perform standard DCE on the data dependency traces. The attack would succeed if some b is the variable recovered in the data dependency traces. Note that if there are some noise in the set of co-operant for and operation, we could simply emulate the sum of all subsets of the co-operant set. This attack would substantially improve the competition complexity by avoiding obtaining high order traces, which is exponential complexity in terms of linear masking order. We use this data dependency attacks to break all three linear implementations from Webox 2019. Now, we have revisited all advanced Webox countermeasures and attacks. Let's give a comparison of different attacks against the different countermeasure combinations. We first consider when shuffling is absent. Then LDA against the linear masking requires t-traces, and each competition complexity is big O of t2, 2.8 times the quiescent space. The high-degree degree analysis against the linear masking and nonlinear masking combination requires big O of t-square traces, and the competition complexity is big O of t2, 5.6 times the quiescent space. Ohio order DCA, since the application of nonlinear masking only decrees the correlation score, hence the complexity before and after nonlinear masking is asymptotically same. So when shuffling is applied, algebraic attack doesn't work anymore. If the shuffling degree is lambda, the high order DCA requires lambda square more traces, and also need lambda square more competition power. This is true both for nonlinear masking exist and not exist, and the integrated high order DCA only have a lambda solution. So now let's put our data dependency analysis in the comparison under the assumption that there exists a gate whose co-operant are exactly the share of some k-dependent variable. You can see that its complexity has no exponential part, since it doesn't need to get the high order combination of four attacking trees. This is true when shuffling is involved as well. Finally the conclusion, so in this article we revisited all the status of the art, consumers employ the particular wet box implementation. We also quantified the different group box attacking practices and compare and have a performance comparison against the different consumers. Finally we will propose new attacks based on data dependency analysis, which substantially improve the competition complexity of the existing advanced attacks. And we use this attack to break through new wet box implementation from wet box 2019. Finally the paper and the tag are both online. Thank you.