Paper 2017/355

White-Box Cryptography: Don't Forget About Grey Box Attacks

Estuardo Alpirez Bock, Joppe W. Bos, Chris Brzuska, Charles Hubain, Wil Michiels, Cristofaro Mune, Eloi Sanfelix Gonzalez, Philippe Teuwen, and Alexander Treff


Despite the fact that all current scientific white-box approaches of standardized cryptographic primitives have been publicly broken, these attacks require knowledge of the internal data representation used by the implementation. In practice, the level of implementation knowledge required is only attainable through significant reverse engineering efforts. In this paper we describe new approaches to assess the security of white-box implementations which require neither knowledge about the look-up tables used nor expensive reverse engineering efforts. We introduce the differential computation analysis (DCA) attack which is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. Similarly, the differential fault analysis (DFA) attack is the software counterpart of fault-injection attacks on cryptographic hardware. For DCA, we developed plugins to widely available dynamic binary instrumentation (DBI) frameworks to produce software execution traces which contain information about the memory addresses being accessed. For the DFA attack, we developed modified emulators and plugins for DBI frameworks that allow injecting faults at selected moments within the execution of the encryption or decryption process as well as a framework to automate static fault injection. To illustrate the effectiveness, we show how DCA and DFA can extract the secret key from numerous publicly available non-commercial white-box implementations of standardized cryptographic algorithms. These approaches allow one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated or semi-automated manner.

Note: Includes mathematical foundations, a generalization of the DCA attack and the treatment of differential fault attacks.

Available format(s)
Publication info
A major revision of an IACR publication in CHES 2016
Contact author(s)
joppe bos @ nxp com
2019-02-01: last of 4 revisions
2017-04-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Estuardo Alpirez Bock and Joppe W.  Bos and Chris Brzuska and Charles Hubain and Wil Michiels and Cristofaro Mune and Eloi Sanfelix Gonzalez and Philippe Teuwen and Alexander Treff},
      title = {White-Box Cryptography: Don't Forget About Grey Box Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2017/355},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.