# A Tutorial on White-box AES

@article{Muir2013ATO, title={A Tutorial on White-box AES}, author={James A. Muir}, journal={IACR Cryptol. ePrint Arch.}, year={2013}, volume={2013}, pages={104} }

White-box cryptography concerns the design and analysis of implementations of cryptographic algorithms engineered to execute on untrusted platforms. [... ] Key Method We provide a number of diagrams that summarize the flow of data through the various look-up tables in the implementation, which helps clarify the overall design. We then briefly review the impressive 2004 cryptanalysis by Billet et al. (Cryptanalysis of a white box AES implementation. In: Selected areas in cryptography: 11th international workshop… Expand

## 36 Citations

### White-Box Cryptography in the Gray Box - A Hardware Implementation and its Side Channels

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

This work presents a first white-box implementation of AES on reconfigurable hardware for which it is shown that such an implementation does not provide sufficient protection against an SCA attacker and presents additional results which can be used to build stronger white- box designs.

### Two Attacks on a White-Box AES Implementation

- Computer Science, MathematicsSelected Areas in Cryptography
- 2013

It is shown that the overall work factor of the BGE attack is reduced to $$2^{22}$$ when all improvements are implemented, and a new attack on the initial white-box implementation of Chow et al. is presented, making them both vulnerable to the same attacks.

### A white-box AES-like implementation based on key-dependent substitution-linear transformations

- Computer Science, MathematicsMultimedia Tools and Applications
- 2017

It is shown that the white-box implementation of the authors' AES-like cipher can resist current known attacks, and is proposed by replacing AES’s S-boxes and MixColumn matrices with key-dependent components while keeping their good cryptographic properties.

### Revisiting the BGE Attack on a White-Box AES Implementation

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

The paper shows that the overall work factor of the BGE attack is reduced to 2 when all improvements are implemented, and shows that Karroumi's white-box AES implementation is vulnerable to the attack it was designed to resist.

### On the Ineffectiveness of Internal Encodings - Revisiting the DCA Attack on White-Box Cryptography

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

It is proved that the use of non-linear nibble encodings does not hide key dependent correlations, such that a DCA attack on white-box cryptography succeeds with high probability.

### On the practical security of white-box cryptography. (De la théorie à la pratique de la cryptographie en boite blanche)

- Computer Science, Mathematics
- 2020

This thesis could break the winning implementations of two consecutive editions of the well-known WhibOx white-box cryptography competition and describes how to combine state-of-the-art countermeasures to resist gray-box attacks and comprehensively elaborate on the (in)effectiveness of these combined countermeasures in terms of computation complexity.

### Cryptanalysis of the Xiao - Lai White-Box AES Implementation

- Computer Science, MathematicsSelected Areas in Cryptography
- 2012

A practical cryptanalysis of the white-box AES implementation proposed by Xiao et al. is presented, which efficiently extracts the AES key from Xiao & Lai’s implementation with a work factor of about 232.

### Analysis of Software Countermeasures for Whitebox Encryption

- Computer Science, MathematicsIACR Trans. Symmetric Cryptol.
- 2017

It is found that if in addition to control flow obfuscation, one were to randomize the locations of the LUTs in the memory, then it is very difficult to perform the DCA on the resultant system using such table inputs and extract the secret key in reasonable time.

### Multilateral White-Box Cryptanalysis: Case study on WB-AES of CHES Challenge 2016

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

A DPA-based attack that directly exploits the intermediate values of WB-AES computation without requiring to utilize memory data is proposed and demonstrated.

### A Masked White-Box Cryptographic Implementation for Protecting Against Differential Computation Analysis

- Computer Science, MathematicsIEEE Transactions on Information Forensics and Security
- 2018

The security and performance analysis shows that the proposed method to protect the gray-box attack against white-box implementations can be a reliable and efficient countermeasure.

## References

SHOWING 1-10 OF 26 REFERENCES

### Cryptanalysis of a White Box AES Implementation

- Computer Science, MathematicsSelected Areas in Cryptography
- 2004

This paper explains in details how to extract the whole AES secret key embedded in such a white box AES implementation, with negligible memory and worst time complexity 230.

### On the Importance of Eliminating Errors in Cryptographic Computations

- Computer Science, MathematicsJournal of Cryptology
- 2015

A model for attacking various cryptographic schemes by taking advantage of random hardware faults shows that for many digital signature and identification schemes these incorrect outputs completely expose the secrets stored in the box.

### Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

This paper presents an algorithm to extract the secret key from such white-box DES implementations that is a differential attack on obfuscated rounds, and works regardless of the shielding external encodings that are applied.

### Protecting White-Box AES with Dual Ciphers

- Computer Science, MathematicsICISC
- 2010

An improved whitebox implementation of AES that uses dual ciphers to modify the state and key representations in each round as well as two of the four classical AES operations, SubBytes and MixColumns.

### A White-Box DES Implementation for DRM Applications

- Computer Science, MathematicsDigital Rights Management Workshop
- 2002

This work presents methods to make key extraction from the program more difficult, with focus on symmetric block ciphers implemented by substitution boxes and linear transformations.

### Cryptanalysis of white box DES implementations

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

A general method that applies to all schemes of obfuscation applied to the DES and is implemented with a C code and applied successfully to thousands of obfuscated implementations of DES (both "naked" and "non-standard" DES).

### White Box Cryptography

- Computer Science, Mathematics

This paper discusses white box cryptography, which is used to protect the key from white box attack and improves its low performance and key update problem by adopting a composite mode using White Box AES and Standard AES.

### Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

- Computer Science, MathematicsCRYPTO
- 1996

By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.…

### A Secure Implementation of White-Box AES

- Computer Science2009 2nd International Conference on Computer Science and its Applications
- 2009

A secure implementation of White-Box AES, the main difference lies in ShiftRows operation, which is now embedded in matrices product, the output encodings has the same size as the output of MixColumns operation (32bits).

### Securely Obfuscating Re-Encryption

- Computer Science, MathematicsJournal of Cryptology
- 2010

A positive obfuscation result is presented for a traditional cryptographic functionality which takes a ciphertext for message m encrypted under Alice’s public key and transforms it into a cipher text for the same message m under Bob's public key which satisfies a definition of obfuscation which incorporates more security-aware provisions.