Paper 2007/104

Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings

Brecht Wyseur, Wil Michiels, Paul Gorissen, and Bart Preneel


At DRM 2002, Chow et al. presented a method for implementing the DES block cipher such that it becomes hard to extract the embedded secret key in a white-box attack context. In such a context, an attacker has full access to the implementation and its execution environment. In order to provide an extra level of security, an implementation shielded with external encodings was introduced by Chow et al. and improved by Link and Neumann. In this paper, we present an algorithm to extract the secret key from such white-box DES implementations. The cryptanalysis is a differential attack on obfuscated rounds, and works regardless of the shielding external encodings that are applied. The cryptanalysis has a average time complexity of $2^{14}$ and a negligible space complexity.

Available format(s)
Publication info
Published elsewhere. Selected Areas in Cryptography 2007 (SAC'07)
White-Box CryptographyObfuscationDESData Encryption StandardCryptanalysis
Contact author(s)
brecht wyseur @ esat kuleuven be
2007-09-14: revised
2007-03-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Brecht Wyseur and Wil Michiels and Paul Gorissen and Bart Preneel},
      title = {Cryptanalysis of White-Box {DES} Implementations with Arbitrary External Encodings},
      howpublished = {Cryptology ePrint Archive, Paper 2007/104},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.