White-Box Cryptography: Don’t Forget About Grey-Box Attacks

  • Estuardo Alpirez Bock
  • Joppe W. BosEmail author
  • Chris Brzuska
  • Charles Hubain
  • Wil Michiels
  • Cristofaro Mune
  • Eloi Sanfelix Gonzalez
  • Philippe Teuwen
  • Alexander Treff


Despite the fact that all current scientific white-box approaches of standardized cryptographic primitives have been publicly broken, these attacks require knowledge of the internal data representation used by the implementation. In practice, the level of implementation knowledge required is only attainable through significant reverse-engineering efforts. In this paper, we describe new approaches to assess the security of white-box implementations which require neither knowledge about the look-up tables used nor expensive reverse-engineering efforts. We introduce the differential computation analysis (DCA) attack which is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. Similarly, the differential fault analysis (DFA) attack is the software counterpart of fault injection attacks on cryptographic hardware. For DCA, we developed plugins to widely available dynamic binary instrumentation (DBI) frameworks to produce software execution traces which contain information about the memory addresses being accessed. For the DFA attack, we developed modified emulators and plugins for DBI frameworks that allow injecting faults at selected moments within the execution of the encryption or decryption process as well as a framework to automate static fault injection. To illustrate the effectiveness, we show how DCA and DFA can extract the secret key from numerous publicly available non-commercial white-box implementations of standardized cryptographic algorithms. These approaches allow one to extract the secret key material from white-box implementations significantly faster and without specific knowledge of the white-box design in an automated or semi-automated manner.


White-box cryptography Software execution traces Differential computation analysis Differential power analysis Differential fault analysis 



  1. 1.
    Advanced Encryption Standard (AES). National Institute of Standards and Technology (NIST), FIPS PUB 197, U.S. Department of Commerce (Nov. 2001)Google Scholar
  2. 2.
    A. Aghaie, A. Moradi, S. Rasoolzadeh, F. Schellenberg, T. Schneider, Impeccable circuits. Cryptology ePrint Archive, Report 2018/203 (2018).
  3. 3.
    B. Amstadt, M.K. Johnson, Wine. Linux J., 1994(4) (August 1994)Google Scholar
  4. 4.
    C.H. Baek, J.H. Cheon, H. Hong, Analytic toolbox for white-box implementations: limitation and perspectives. Cryptology ePrint Archive, Report 2014/688 (2014).
  5. 5.
    B. Barak, S. Garg, Y.T. Kalai, O. Paneth, A. Sahai, Protecting obfuscation against algebraic attacks, in P.Q. Nguyen and E. Oswald, editors, EUROCRYPT 2014. LNCS, vol. 8441 (Springer, Heidelberg, Germany, Copenhagen, Denmark, May 11–15, 2014), pp. 221–238Google Scholar
  6. 6.
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang. On the (im)possibility of obfuscating programs, in J. Kilian, editor, CRYPTO 2001. LNCS, vol. 2139 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 19–23, 2001), pp. 1–18Google Scholar
  7. 7.
    A. Barenghi, G.M. Bertoni, L. Breveglieri, M. Pellicioli, G. Pelosi, Injection technologies for fault attacks on microprocessors, in Joye and Tunstall [42], pp. 275–293Google Scholar
  8. 8.
    A. Barenghi, L. Breveglieri, I. Koren, D. Naccache, Fault injection attacks on cryptographic devices: theory, practice, and countermeasures, in Proceedings of the IEEE. IEEE, vol. 100 (2012), pp. 3056–3076Google Scholar
  9. 9.
    J.-B. Bédrune, 2009 reverse challenge 1. Online (2009).
  10. 10.
    F. Bellard, QEMU, a fast and portable dynamic translator, in USENIX Annual Technical Conference, FREENIX Track (2005), pp. 41–46Google Scholar
  11. 11.
    A. Berzati, C. Canovas-Dumas, L. Goubin, A survey of differential fault analysis against classical RSA implementations, in Joye and Tunstall [42], pp. 111–124Google Scholar
  12. 12.
    S. Bhatkar, D. C. DuVarney, R. Sekar, Address obfuscation: an efficient approach to combat a broad range of memory error exploits, in Proceedings of the 12th USENIX Security Symposium. USENIX Association (2003)Google Scholar
  13. 13.
    I. Biehl, B. Meyer, V.Müller, Differential fault attacks on elliptic curve cryptosystems, in M. Bellare, editor, CRYPTO 2000. LNCS, vol. 1880 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 20–24, 2000), pp. 131–146Google Scholar
  14. 14.
    E. Biham, A. Shamir, Differential cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, in J. Feigenbaum, editor, CRYPTO’91. LNCS, vol. 576 (Springer, Heidelberg, Santa Barbara, CA, USA, Germany, Aug. 11–15, 1992), pp. 156–171Google Scholar
  15. 15.
    E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in B.S. Kaliski Jr., editor, CRYPTO’97. LNCS, vol. 1294 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 17–21, 1997), pp. 513–525Google Scholar
  16. 16.
    O. Billet, H. Gilbert, A traceable block cipher, in C.-S. Laih, editor, ASIACRYPT 2003. LNCS, vol. 2894 (Springer, Heidelberg, Germany, 2003), pp. 331–346Google Scholar
  17. 17.
    O. Billet, H. Gilbert, C. Ech-Chatbi, Cryptanalysis of a white box AES implementation, in H. Handschuh and A. Hasan, editors, SAC 2004. LNCS, vol. 3357 (Springer, Heidelberg, Germany, Waterloo, Ontario, Canada, Aug. 9–10, 2004), pp 227–240Google Scholar
  18. 18.
    A. Biryukov, C. Bouillaguet, D. Khovratovich, Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract), in P. Sarkar and T. Iwata, editors, ASIACRYPT 2014, Part I. LNCS, vol. 8873 (Springer, Heidelberg, Germany, Kaoshiung, Taiwan, R.O.C., Dec. 7–11, 2014), pp. 63–84Google Scholar
  19. 19.
    A. Biryukov, C. De Canniére, A. Braeken, B. Preneel, A toolbox for cryptanalysis: linear and affine equivalence algorithms, in E. Biham, editor, EUROCRYPT 2003. LNCS, vol. 2656 (Springer, Heidelberg, Germany, Warsaw, Poland, May 4–8, 2003), pp. 33–50Google Scholar
  20. 20.
    D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract), in W. Fumy, editor, EUROCRYPT’97. LNCS, vol. 1233 (Springer, Heidelberg, Germany, Konstanz, Germany, May 11–15, 1997), pp. 37–51Google Scholar
  21. 21.
    Z. Brakerski, G.N. Rothblum, Virtual black-box obfuscation for all circuits via generic graded encoding, in Y. Lindell, editor, TCC 2014. LNCS, vol. 8349 (Springer, Heidelberg, Germany, San Diego, CA, USA, Feb. 24–26, 2014), pp. 1–25Google Scholar
  22. 22.
    C.-B. Breunesse, I. Kizhvatov, R. Muijrers, A. Spruyt, Towards fully automated analysis of whiteboxes: perfect dimensionality reduction for perfect leakage. Cryptology ePrint Archive, Report 2018/095 (2018).
  23. 23.
    E. Brier, C. Clavier, F. Olivier. Correlation power analysis with a leakage model, in M. Joye and J.-J. Quisquater, editors, CHES 2004. LNCS, vol. 3156 (Springer, Heidelberg, Germany, Cambridge, Massachusetts, USA, Aug. 11–13, 2004), pp. 16–29Google Scholar
  24. 24.
    J. Bringer, H. Chabanne, E. Dottax, White box cryptography: another attempt. Cryptology ePrint Archive, Report 2006/468 (2006).
  25. 25.
    S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in M.J. Wiener, editor, CRYPTO’99. LNCS, vol. 1666 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 15–19, 1999), pp. 398–412Google Scholar
  26. 26.
    S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in B. S. Kaliski Jr., Çetin Kaya. Koç, and C. Paar, editors, CHES 2002. LNCS, vol. 2523 (Springer, Heidelberg, Germany, Redwood Shores, CA, USA, Aug. 13–15, 2003), pp. 13–28Google Scholar
  27. 27.
    S. Chow, P.A. Eisen, H. Johnson, P.C. van Oorschot, White-box cryptography and an AES implementation, in K. Nyberg and H. M. Heys, editors, SAC 2002. LNCS, vol. 2595, St. John’s (Springer, Heidelberg, Germany, Newfoundland, Canada, Aug. 15–16, 2003), pp. 250–270Google Scholar
  28. 28.
    S. Chow, P.A. Eisen, H. Johnson, P. C. van Oorschot, A white-box DES implementation for DRM applications, in J. Feigenbaum, editor, Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002. LNCS, vol. 2696 (Springer, 2003), pp. 1–15Google Scholar
  29. 29.
    J.-S. Coron, E. Prouff, M. Rivain, T. Roche, Higher-order side channel security and mask refreshing, in S. Moriai, editor, FSE 2013. LNCS, vol. 8424 (Springer, Heidelberg, Germany), pp. 410–424Google Scholar
  30. 30.
    J. Daemen, V. Rijmen, The design of Rijndael: AES—the Advanced Encryption Standard (Springer, 2002)Google Scholar
  31. 31.
    Y. de Mulder, White-Box Cryptography: Analysis of White-Box AES Implementations. PhD thesis, KU Leuven (2014)Google Scholar
  32. 32.
    C. Delerablée, T. Lepoint, P. Paillier, M. Rivain, White-box security notions for symmetric encryption schemes, in T. Lange, K. Lauter, and P. Lisonek, editors, SAC 2013. LNCS, vol. 8282 (Springer, Heidelberg, Germany, Burnaby, BC, Canada, Aug. 14–16, 2014), pp. 247–264Google Scholar
  33. 33.
    P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on AES, in J. Zhou, M. Yung, and Y. Han, editors, ACNS 03. LNCS, vol. 2846 (Springer, Heidelberg, Germany, Kunming, China, Oct. 16–19, 2003), pp. 293–306Google Scholar
  34. 34.
    P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on A.E.S., in J. Zhou, M. Yung, and Y. Han, editors, ACNS 2003. Lecture Notes in Computer Science, vol. 2846 (Springer, 2003), pp. 293–306.Google Scholar
  35. 35.
    F. Falco, N. Riva, Dynamic binary instrumentation frameworks: I know you’re there spying on me. REcon (2012).
  36. 36.
    S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS. IEEE Computer Society (2013), pp 40–49Google Scholar
  37. 37.
    L. Goubin, J.-M. Masereel, M. Quisquater, Cryptanalysis of white box DES implementations, in C.M. Adams, A. Miri, and M.J. Wiener, editors, SAC 2007. LNCS, vol. 4876 (Springer, Heidelberg, Germany, Ottawa, Canada, Aug. 16–17, 2007), pp. 278–295Google Scholar
  38. 38.
    L. Goubin, J. Patarin, DES and differential power analysis (the “duplication” method), in Çetin Kaya. Koç and C. Paar, editors, CHES’99. LNCS, vol. 1717 (Springer, Heidelberg, Germany, Worcester, Massachusetts, USA, Aug. 12–13, 1999), pp. 158–172Google Scholar
  39. 39.
    Y. Huang, F.S. Ho, H. Tsai, H.M. Kao, A control flow obfuscation method to discourage malicious tampering of software codes, in F. Lin, D. Lee, B.P. Lin, S. Shieh, and S. Jajodia, editors, Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2006. ACM (2006), p. 362Google Scholar
  40. 40.
    M. Jacob, D. Boneh, E.W. Felten, Attacking an obfuscated cipher by injecting faults, in J. Feigenbaum, editor, Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, November 18, 2002, Revised Papers. LNCS, vol. 2696 (Springer, 2003), pp. 16–31Google Scholar
  41. 41.
    M. Jakobsson, M.K. Reiter, Discouraging software piracy using software aging, in T. Sander, editor, Security and Privacy in Digital Rights Management, ACM CCS-8 Workshop DRM 2001. LNCS, vol. 2320 (Springer, 2002), pp. 1–12Google Scholar
  42. 42.
    M. Joye, M. Tunstall, editors. Fault Analysis in Cryptography. ISC (Springer, Heidelberg, Germany, 2012)Google Scholar
  43. 43.
    M. Karroumi, Protecting white-box AES with dual ciphers, in K.H. Rhee and D. Nyang, editors, ICISC 10. LNCS, vol. 6829 (Springer, Heidelberg, Germany, Seoul, Korea, Dec. 1–3, 2011), pp. 278–291Google Scholar
  44. 44.
    C.H. Kim, J. Quisquater, New differential fault analysis on AES key schedule: two faults are enough, in G. Grimaud and F. Standaert, editors, CARDIS 2008. Lecture Notes in Computer Science, vol. 5189 (Springer, 2008), pp. 48–60Google Scholar
  45. 45.
    J. Kirsch, Towards transparent dynamic binary instrumentation using virtual machine introspection. REcon. (2015).
  46. 46.
    J. Klemsa, Side-Channel Attack Analysis of AES White-Box Schemes. PhD thesis, Czech Technical University in Prague (2016)Google Scholar
  47. 47.
    D. Klinec, White-box attack resistant cryptography. Master’s thesis, Masaryk University, Brno, Czech Republic (2013).
  48. 48.
    P. Kocher, J. Jaffe, B. Jun, P. Rohatgi, Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)CrossRefGoogle Scholar
  49. 49.
    P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in M.J. Wiener, editor, CRYPTO’99, LNCS, vol. 1666 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 15–19, 1999), pp. 388–397Google Scholar
  50. 50.
    T. Lepoint, M. Rivain, Y.D. Mulder, P. Roelse, B. Preneel, Two attacks on a white-box AES implementation, in T. Lange, K. Lauter, and P. Lisonek, editors, SAC 2013. LNCS, vol. 8282 (Springer, Heidelberg, Germany, Burnaby, BC, Canada, Aug. 14–16, 2014), pp. 265–285Google Scholar
  51. 51.
    X. Li, K. Li, Defeating the transparency features of dynamic binary instrumentation. BlackHat US (2014).
  52. 52.
    Y. Li, K. Sakiyama, S. Gomisawa, T. Fukunaga, J. Takahashi, K. Ohta, Fault sensitivity analysis, in S. Mangard and F.-X. Standaert, editors, CHES 2010. LNCS, vol. 6225 (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, Aug. 17–20, 2010), pp. 320–334Google Scholar
  53. 53.
    H.E. Link, W.D. Neumann, Clarifying obfuscation: improving the security of white-box DES, in International Symposium on Information Technology: Coding and Computing (ITCC 2005). IEEE Computer Society (2005), pp. 679–684Google Scholar
  54. 54.
    C. Linn, S.K. Debray. Obfuscation of executable code to improve resistance to static disassembly, in S. Jajodia, V. Atluri, and T. Jaeger, editors, Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003. ACM (2003), pp. 290–299Google Scholar
  55. 55.
    C. Luk, R.S. Cohn, R. Muth, H. Patil, A. Klauser, P.G. Lowney, S. Wallace, V.J. Reddi, K.M. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, in V. Sarkar and M. W. Hall, editors, Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation. ACM (2005), pp. 190–200Google Scholar
  56. 56.
    A. Maillet, Nosuchcon 2013 challenge—write up and methodology. Online (2013).
  57. 57.
    S. Mangard, E. Oswald, F. Standaert, One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  58. 58.
    F. Marceau, F. Perigaud, A. Tillequin, Challenge SSTIC 2012. Online (2012).
  59. 59.
    E. Alpirez Bock, C. Brzuska, W. Michiels, A. Treff, On the ineffectiveness of internal encodings—revisiting the dca attack on white-box cryptography. Cryptology ePrint Archive, Report 2018/301 (2018).
  60. 60.
    T.S. Messerges, Using second-order power analysis to attack DPA resistant software, in Çetin Kaya. Koç and C. Paar, editors, CHES 2000. LNCS, vol. 1965 (Springer, Heidelberg, Germany, Worcester, Massachusetts, USA, Aug. 17–18, 2000), pp. 238–251Google Scholar
  61. 61.
    W. Michiels, Opportunities in white-box cryptography. IEEE Secur. Priv., 8(1), 64–67 (2010)CrossRefGoogle Scholar
  62. 62.
    W. Michiels, P. Gorissen, Mechanism for software tamper resistance: an application of white-box cryptography, in M. Yung, A. Kiayias, and A. Sadeghi, editors, Proceedings of the Seventh ACM Workshop on Digital Rights Management. ACM (2007), pp. 82–89Google Scholar
  63. 63.
    W. Michiels, P. Gorissen, H.D.L. Hollmann, Cryptanalysis of a generic class of white-box implementations, in R.M. Avanzi, L. Keliher, and F. Sica, editors, SAC 2008. LNCS, vol. 5381 (Springer, Heidelberg, Germany, Sackville, New Brunswick, Canada, Aug. 14–15, 2009), pp. 414–428Google Scholar
  64. 64.
    A. Moradi, O. Mischke, C. Paar, Y. Li, K. Ohta, K. Sakiyama, On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting, in B. Preneel and T. Takagi, editors, CHES 2011. LNCS, vol. 6917 (Springer, Heidelberg, Germany, Nara, Japan, Sept. 28–Oct. 1, 2011), pp. 292–311Google Scholar
  65. 65.
    C. Mougey, F. Gabriel, Désobfuscation de DRM par attaques auxiliaires, in Symposium sur la sécurité des technologies de l’information et des communications (2014).
  66. 66.
    J.A. Muir, A tutorial on white-box AES, in E. Kranakis, editor, Advances in Network Analysis and its Applications, volume 18 of Mathematics in Industry (Springer Berlin Heidelberg, 2013), pp. 209–229Google Scholar
  67. 67.
    Y.D. Mulder, P. Roelse, B. Preneel, Cryptanalysis of the Xiao-Lai white-box AES implementation, in L.R. Knudsen and H. Wu, editors, SAC 2012. LNCS, vol. 7707 (Springer, Heidelberg, Germany, Windsor, Ontario, Canada, Aug. 15–16, 2013), pp. 34–49Google Scholar
  68. 68.
    Y.D. Mulder, B. Wyseur, B. Preneel, Cryptanalysis of a perturbated white-box AES implementation, in G. Gong and K. C. Gupta, editors, INDOCRYPT 2010. LNCS, vol. 6498 (Springer, Heidelberg, Germany, Hyderabad, India, Dec. 12–15, 2010), pp. 292–310Google Scholar
  69. 69.
    N. Nethercote, J. Seward, Valgrind: a framework for heavyweight dynamic binary instrumentation, in J. Ferrante and K.S. McKinley, editors, Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation. ACM (2007), pp. 89–100Google Scholar
  70. 70.
    S. Nikova, C. Rechberger, V. Rijmen, Threshold implementations against side-channel attacks and glitches, in P. Ning, S. Qing, and N. Li, editors, Information and Communications Security, ICICS. LNCS, vol. 4307 (Springer, 2006), pp. 529–545Google Scholar
  71. 71.
    J. Patarin, L. Goubin, Asymmetric cryptography with S-boxes, in Y. Han, T. Okamoto, and S. Qing, editors, ICICS 97. LNCS, vol. 1334 (Springer, Heidelberg, Germany, Beijing, China, Nov. 11–14, 1997), pp. 369–380Google Scholar
  72. 72.
    G. Piret, J.-J. Quisquater, A differential fault attack technique against SPN structures, with application to the AES and KHAZAD, in C.D. Walter, Çetin Kaya. Koç, and C. Paar, editors, CHES 2003. LNCS, vol. 2779 (Springer, Heidelberg, Germany, Cologne, Germany, Sept. 8–10, 2003), pp. 77–88Google Scholar
  73. 73.
    M.L. Polla, F. Martinelli, D. Sgandurra, A survey on security for mobile devices. IEEE Commun. Surv. Tutor., 15(1), 446–471 (2013)CrossRefGoogle Scholar
  74. 74.
    M. Rivain, Differential fault analysis of DES, in Joye and Tunstall [42], pp. 37–54Google Scholar
  75. 75.
    P. Sasdrich, A. Moradi, T. Güneysu, White-box cryptography in the gray box—a hardware implementation and its side channels, in T. Peyrin, editor, FSE 2016. LNCS, vol. 9783 (Springer, Heidelberg, Germany, Bochum, Germany, Mar. 20–23, 2016), pp. 185–203Google Scholar
  76. 76.
    A. Saxena, B. Wyseur, B. Preneel, Towards security notions for white-box cryptography, in P. Samarati, M. Yung, F. Martinelli, and C.A. Ardagna, editors, ISC 2009. LNCS, vol. 5735 (Springer, Heidelberg, Germany, Pisa, Italy, Sept. 7–9, 2009), pp. 49–58Google Scholar
  77. 77.
    F. Scrinzi, Behavioral analysis of obfuscated code. Master’s thesis, University of Twente, Twente, Netherlands (2015).
  78. 78.
    A. Souchet, AES whitebox unboxing: no such problem. Online (2013).
  79. 79.
    SysK, Practical cracking of white-box implementations. Phrack 68, 14.
  80. 80.
    P. Teuwen, CHES2015 writeup. Online (2015).
  81. 81.
    P. Teuwen, NSC writeups. Online (2015).
  82. 82.
    L. Tolhuizen, Improved cryptanalysis of an AES implementation, in Proceedings of the 33rd WIC Symposium on Information Theory. Werkgemeenschap voor Inform.-en Communicatietheorie (2012)Google Scholar
  83. 83.
    M. Tunstall, D. Mukhopadhyay, S. Ali, Differential fault analysis of the advanced encryption standard using a single fault, in C.A. Ardagna and J. Zhou, editors, WISTP 2011. Lecture Notes in Computer Science, vol. 6633. (Springer, 2011), pp. 224–233Google Scholar
  84. 84.
    U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology. Data Encryption Standard (DES) Google Scholar
  85. 85.
    E. Vanderbéken, Hacklu reverse challenge write-up. Online (2009).
  86. 86.
    B. Wyseur, W. Michiels, P. Gorissen, B. Preneel, Cryptanalysis of white-box DES implementations with arbitrary external encodings, in C.M. Adams, A. Miri, and M.J. Wiener, editors, SAC 2007. LNCS, vol. 4876 (Springer, Heidelberg, Germany, Ottawa, Canada Aug. 16–17, 2007), pp. 264–277Google Scholar
  87. 87.
    Y. Xiao, X. Lai, A secure implementation of white-box AES, in 2nd International Conference on Computer Science and its Applications, 2009. CSA ’09 (2009), pp. 1–6Google Scholar
  88. 88.
    Y. Zhou, S. Chow, System and method of hiding cryptographic private keys (Dec. 15 2009). US Patent 7,634,091Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Estuardo Alpirez Bock
    • 1
  • Joppe W. Bos
    • 2
    Email author
  • Chris Brzuska
    • 1
  • Charles Hubain
    • 3
  • Wil Michiels
    • 2
    • 4
  • Cristofaro Mune
    • 5
  • Eloi Sanfelix Gonzalez
    • 5
  • Philippe Teuwen
    • 3
  • Alexander Treff
    • 6
  1. 1.Aalto UniversityEspooFinland
  2. 2.NXP SemiconductorsLeuvenBelgium
  3. 3.QuarkslabParisFrance
  4. 4.Technische Universiteit EindhovenEindhovenThe Netherlands
  5. 5.RiscureDelftThe Netherlands
  6. 6.Hamburg University of TechnologyHamburgGermany

Personalised recommendations