International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Towards Combined Countermeasures against Differential Computation and Fault Analyses: An Approach with the {\sffamily ASASA} Structure

Authors:
Yufeng Tang , School of Computer Science, South China Normal University; Institute for Network Sciences and Cyberspace, Tsinghua University; School of Physical and Mathematical Sciences, Nanyang Technological University
Zheng Gong , School of Computer Science, South China Normal University
Jian Guo , School of Physical and Mathematical Sciences, Nanyang Technological University
Xiaoyang Dong , Institute for Network Sciences and Cyberspace, Tsinghua University; Zhongguancun Laboratory; State Key Laboratory of Cryptography and Digital Economy Security, Tsinghua University
Liangju Zhao , School of Computer Science, South China Normal University
Download:
Search ePrint
Search Google
Conference: ASIACRYPT 2025
Abstract: White-box cryptography aims to protect cryptographic implementations against adversaries with full access to execution environments. The encoding-based white-box implementations in {\sffamily SASAS} and {\sffamily ASA} constructions without the external encodings are vulnerable to automated side-channel analysis such as \textit{differential computation analysis} (DCA) and \textit{differential fault analysis} (DFA). The proposed countermeasures for encoding-based white-box implementations, such as \textit{masking} and \textit{table redundancy}, are designed to provide one-side defense against either DCA or DFA. However, these approaches are insecure, and no unified countermeasure capable of simultaneously defending against both DCA and DFA has been proposed. This paper proposes the first encoding-based white-box implementation with an {\sffamily ASASA} structure against both DCA and DFA attacks. By decomposing and recombining Sbox layers across rounds, our construction conceals round boundaries while enabling efficient representation via multivariate polynomials. Without the external encoding, the {\sffamily ASA}-based first and last rounds inherently resist DFA while remaining vulnerable to DCA. To enhance the DCA resistance, we introduce a cipher-level defense framework integrating anti-DCA Sboxes and anti-DCA/DFA layers. This unified approach provides $n$-bit security for an $n$-bit block length cipher against both DCA and DFA attacks. Our work bridges critical gaps in white-box cryptography by enabling {\sffamily ASASA}-based encodings and offering combined DCA and DFA countermeasures through novel cipher-level constructions.
BibTeX
@inproceedings{asiacrypt-2025-36044,
  title={Towards Combined Countermeasures against Differential Computation and Fault Analyses: An Approach with the {\sffamily ASASA} Structure},
  publisher={Springer-Verlag},
  author={Yufeng Tang and Zheng Gong and Jian Guo and Xiaoyang Dong and Liangju Zhao},
  year=2025
}