A Dfa Attack On White-Box Implementations Of Aes With External Encodings

Attacks based on DFA are an important threat to the security of white-box AES implementations. DFA typically requires that the output of AES is known. The use of external encodings that obfuscate this output is therefore a straightforward and well-known measure against such attacks. This paper presents a new DFA attack on a class of white-box implementations of AES that use a specific type of external encoding on the output. The expected work factor of the new attack is dominated by 232 executions of the white-box implementation.