Paper 2019/329

Doubly half-injective PRGs for incompressible white-box cryptography

Estuardo Alpirez Bock, Alessandro Amadori, Joppe W. Bos, Chris Brzuska, and Wil Michiels


White-box cryptography was originally introduced in the setting of digital rights management with the goal of preventing a user from illegally re-distributing their software decryption program. In recent years, mobile payment has become a popular new application for white-box cryptography. Here, white-box cryptography is used to increase the robustness against external adversaries (i.e., not the user) who aim to misuse/attack the cryptographic functionalities of the payment application. A necessary requirement for secure white-box cryptography is that an adversary cannot extract the embedded secret key from the implementation. However, a white-box implementation needs to fulfill further security properties in order to provide useful protection of an application. In this paper we focus on the popular property incompressibility that is a mitigation technique against code-lifting attacks. We provide an incompressible white-box encryption scheme based on the standard-assumption of one-way permutations whereas previous works used either public-key type assumptions or non-standard symmetric-type assumptions.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. CT-RSA 2019
White-box cryptographyIncompressibilityOne-way permutations
Contact author(s)
estuardo alpirezbock @ gmail com
chris brzuska @ aalto fi
2019-03-29: received
Short URL
Creative Commons Attribution


      author = {Estuardo Alpirez Bock and Alessandro Amadori and Joppe W.  Bos and Chris Brzuska and Wil Michiels},
      title = {Doubly half-injective PRGs for incompressible white-box cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2019/329},
      year = {2019},
      doi = {10.1007/978-3-030-12612-4_10},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.