Paper 2015/753

Differential Computation Analysis: Hiding your White-Box Designs is Not Enough

Joppe W. Bos, Charles Hubain, Wil Michiels, and Philippe Teuwen


Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.

Note: The entire software toolchain ranging from the plugins, to the GUI, to the individual scrips to target the white-box challenges as described in this paper is released as open-source software: see

Available format(s)
Publication info
A major revision of an IACR publication in CHES 2016
Contact author(s)
joppe bos @ nxp com
2016-07-08: last of 5 revisions
2015-07-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Joppe W.  Bos and Charles Hubain and Wil Michiels and Philippe Teuwen},
      title = {Differential Computation Analysis: Hiding your White-Box Designs is Not Enough},
      howpublished = {Cryptology ePrint Archive, Paper 2015/753},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.