Paper 2022/444

A White-Box Speck Implementation using Self-Equivalence Encodings (Full Version)

Joachim Vandersmissen, Adrián Ranea, and Bart Preneel


In 2002, Chow et al. initiated the formal study of white-box cryptography and introduced the CEJO framework. Since then, various white-box designs based on their framework have been proposed, all of them broken. Ranea and Preneel proposed a different method in 2020, called self-equivalence encodings and analyzed its security for AES. In this paper, we apply this method to generate the first academic white-box Speck implementations using self-equivalence encodings. Although we focus on Speck in this work, our design could easily be adapted to protect other add-rotate-xor (ARX) ciphers. Then, we analyze the security of our implementation against key-recovery attacks. We propose an algebraic attack to fully recover the master key and external encodings from a white-box Speck implementation, with limited effort required. While this result shows that the linear and affine self-equivalences of self-equivalence encodings are insecure, we hope that this negative result will spur additional research in higher-degree self-equivalence encodings for white-box cryptography. Finally, we created an open-source Python project implementing our design, publicly available at We give an overview of five strategies to generate output code, which can be used to improve the performance of the white-box implementation. We compare these strategies and determine how to generate the most performant white-box Speck code. Furthermore, this project could be employed to test and compare the efficiency of attacks on white-box implementations using self-equivalence encodings.

Note: This is the full version of the paper published at ACNS 2022. This version includes attack results and performance details for additional Speck configurations.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Major revision. ACNS 2022
white-box cryptographyself-equivalenceSpeck
Contact author(s)
joachim @ atsec com
2022-04-12: received
Short URL
Creative Commons Attribution


      author = {Joachim Vandersmissen and Adrián Ranea and Bart Preneel},
      title = {A White-Box Speck Implementation using Self-Equivalence Encodings (Full Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2022/444},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.