Cryptanalysis of White Box DES Implementations

  • Louis Goubin
  • Jean-Michel Masereel
  • Michaël Quisquater
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4876)


Obfuscation is a method consisting in hiding information of some parts of a computer program. According to the Kerckhoffs principle, a cryptographical algorithm should be kept public while the whole security should rely on the secrecy of the key. In some contexts, source codes are publicly available, while the key should be kept secret; this is the challenge of code obfuscation. This paper deals with the cryptanalysis of such methods of obfuscation applied to the DES. Such methods, called the “naked-DES” and “nonstandard-DES”, were proposed by Chow et al. [5] in 2002. Some methods for the cryptanalysis of the “naked-DES” were proposed by Chow et al. [5], Jacob et al. [6], and Link and Neuman [7]. In their paper, Link and Neuman [7] proposed another method for the obfuscation of the DES.

In this paper, we propose a general method that applies to all schemes. Moreover, we provide a theoretical analysis. We implemented our method with a C code and applied it successfully to thousands of obfuscated implementations of DES (both “naked” and “non-standard” DES). In each case, we recovered enough information to be able to invert the function.


Obfuscation cryptanalysis DES symmetric cryptography block cipher 


  1. 1.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Billet, O.: Cryptologie Multivariable Ph.D. thesis University of Versailles (December 2005)Google Scholar
  3. 3.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Chow, S., Eisen, P., Johnson, H., van Oorschot, P.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Chow, S., Johnson, H., van Oorschot, P., Eisen, P.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003)Google Scholar
  6. 6.
    Jacob, M., Boneh, D., Felten, E.: Attacking an obfuscated cipher by injecting faults. In: Proceedings 2002 ACM Workshop on Digital Rights Management, November 18, 2002, Washington DC, USA (2002)Google Scholar
  7. 7.
    Link, H.E., Neumann, W.D.: Clarifying obfuscation: Improving the security of white-box encoding (2004),
  8. 8.
    Patarin, J., Goubin, L.: Asymmetric cryptography with S-boxes. In: Proc. 1st International Information and Communications Security Conference, pp. 369–380 (1997)Google Scholar
  9. 9.
    Patarin, J., Goubin, L., Courtois, N.: Improved Algorithms for Isomorphisms of Polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
  11. 11.
    Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings. Cryptology ePrint Archive, Report 2007/104 (2007),
  12. 12.
  13. 13.
  14. 14.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Louis Goubin
    • 1
  • Jean-Michel Masereel
    • 1
  • Michaël Quisquater
    • 1
  1. 1.Versailles St-Quentin-en-Yvelines University, 45 avenue des Etats-Unis, F-78035 Versailles Cedex 

Personalised recommendations