Paper 2013/455

Another Nail in the Coffin of White-Box AES Implementations

Tancrède Lepoint and Matthieu Rivain


The goal of white-box cryptography is to design implementations of common cryptographic algorithm (e.g. AES) that remain secure against an attacker with full control of the implementation and execution environment. This concept was put forward a decade ago by Chow et al. (SAC 2002) who proposed the first white-box implementation of AES. Since then, several works have been dedicated to the design of new implementations and/or the breaking of existing ones. In this paper, we describe a new attack against the original implementation of Chow et al. (SAC 2002), which efficiently recovers the AES secret key as well as the private external encodings in complexity $2^{22}$. Compared to the previous attack due to Billet et al. (SAC 2004) of complexity $2^{30}$, our attack is not only more efficient but also simpler to implement. Then, we show that the \emph{last} candidate white-box AES implementation due to Karroumi (ICISC 2010) can be broken by a direct application of either Billet et al. attack or ours. Specifically, we show that for any given secret key, the overall implementation has the \emph{exact same} distribution as the implementation of Chow et al. making them both vulnerable to the same attacks. By improving the state of the art of white-box cryptanalysis and putting forward new attack techniques, we believe our work brings new insights on the failure of existing white-box implementations, which could be useful for the design of future solutions.

Available format(s)
Publication info
Published elsewhere. Unknown status
White-Box CryptographyAES ImplementationCryptanalysis
Contact author(s)
matthieu rivain @ gmail com
2013-07-23: received
Short URL
Creative Commons Attribution


      author = {Tancrède Lepoint and Matthieu Rivain},
      title = {Another Nail in the Coffin of White-Box AES Implementations},
      howpublished = {Cryptology ePrint Archive, Paper 2013/455},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.