Whiteboxgrind – Automated Analysis of Whitebox Cryptography

Abstract

Digital intellectual property is often protected by encrypting the data up to the point of use. Whitebox cryptography is an attempt to provide users with the ability to decrypt that data without actually revealing the key by embedding the key inside a cryptographic implementation. In this work, we design and implement Whiteboxgrind, a fast, fully automated toolchain that obtains execution traces from whitebox implementations and applies DCA to recover the hidden embedded keys. To evaluate Whiteboxgrind, we analysed whiteboxes of the CHES WhibOx 2019 competition, and found Whiteboxgrind to provide a significant performance improvement over the state-of-the-art tooling, enabling attacks that were previously infeasible due to memory constraints. Furthermore, we provide Whiteboxgrind’s source code.