Paper 2018/1047

On the Linear Transformation in White-box Cryptography

Seungkwang Lee, Nam-su Jho, and Myungchul Kim


Linear transformations are applied to the white-box cryptographic implementation for the diffusion effect to prevent key-dependent intermediate values from being analyzed. However, it has been shown that there still exists a correlation before and after the linear transformation, and thus this is not enough to protect the key against statistical analysis. So far, the Hamming weight of rows in the invertible matrix has been considered the main cause of the key leakage from the linear transformation. In this study, we present an in-depth analysis of the distribution of intermediate values and the characteristics of block invertible binary matrices. Our mathematical analysis and experimental results show that the balanced distribution of the key-dependent intermediate value is the main cause of the key leakage.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
White-box cryptographylinear transformationkey leakage
Contact author(s)
skwang @ etri re kr
2020-02-18: last of 10 revisions
2018-11-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Seungkwang Lee and Nam-su Jho and Myungchul Kim},
      title = {On the Linear Transformation in White-box Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1047},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.