Revisit Bitslice Implementation of Dummy Shuffling
摘要
White-box cryptography is designed to secure cryptographic keys in environments where the implementation is exposed to potential attackers. At Eurocrypt 2021, Biryukov and Udovenko introduced the dummy shuffling framework, which is now widely recognized as a state-of-the-art approach for white-box cryptographic protection. However, dummy shuffling can introduce additional computational overhead, degrading execution performance. In this paper, we explore the application of the bitsliced technique to the dummy shuffling white-box protection strategy to accelerate its execution. We identify a critical misuse scenario that introduces security vulnerabilities. Specifically, we find that directly extending the bitsliced technique to dummy shuffling uses IF-ELSE statements for main slot selection, leading to non-random choices. To illustrate this vulnerability, we introduce a new DCA-like attack termed statistical linear decoding analysis (SLDA), which exploits these weaknesses to recover the secret key. Our findings highlight the risks of misused bitsliced dummy shuffling with IF-ELSE implementations, emphasizing the importance of independent selection of main slots in practical deployments.