On Security of a White-Box Implementation of SHARK

  • Yang Shi
  • Hongfei Fan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9290)


In a white-box attack context, an attacker has full visibility of the implementation of a cipher and full control over its execution environment. As a countermeasure against the threat of a key exposure in this context, a white-box implementation of the block cipher SHARK, i.e., the white-box SHARK, was proposed in a piece of prior work in 2013. However, based on our observation and investigation, it has been derived that the white-box SHARK is insufficiently secure, where the hidden key and external encodings can be extracted with a work factor of approximately 1.5 * (2 ^ 47).


White-box attack contexts Symmetric encryption Key exposure SHARK Cryptanalysis 



This research has been supported by the National Natural Science Foundation of China (No. 61202382), the Fundamental Research Funds for the Central Universities, and the Scientific Research Foundation for the Returned Overseas Chinese Scholars. The authors would like to extend their appreciation to the PC members and anonymous reviewers for their valuable comments and suggestions.


  1. 1.
    Wyseur, B.: White-box cryptography. Katholieke Universiteit, Doctoral Dissertation, B-3001 Heverlee (Belgium) (2009)Google Scholar
  2. 2.
    Michiels, W.: Opportunities in white-box cryptography. IEEE Secur. Priv. 8, 64–67 (2010)CrossRefGoogle Scholar
  3. 3.
    Chow, S., Eisen, P., Johnson, H., Van Orschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A white-box DES implementation for DRM applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Shi, Y., Liu, Q., Zhao, Q.: A secure implementation of a symmetric encryption algorithm in white-box attack contexts. J. Appl. Math. 2013 Article ID 431794, 9 p. (2013). doi: 10.1155/2013/431794
  6. 6.
    Shi, Y., Xiong, G.Y.: An undetachable threshold digital signature scheme based on conic curves. Appl. Math. Inform. Sci. 7, 823–828 (2013)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Babamir, F.S., Norouzi, A.: Achieving key privacy and invisibility for unattended wireless sensor networks in healthcare. Comput. J. 57, 624–635 (2014)CrossRefGoogle Scholar
  8. 8.
    Tague, P., Li, M.Y., Poovendran, R.: Mitigation of control channel jamming under node capture attacks. IEEE Trans. Mob. Comput. 8, 1221–1234 (2009)CrossRefGoogle Scholar
  9. 9.
    Hwang, S.O.: Content and service protection for IPTV. IEEE Trans. Broadcast. 55, 686 (2009)CrossRefGoogle Scholar
  10. 10.
    Nishimoto, Y., Imaizumi, H., Mita, N.: Integrated digital rights management for mobile IPTV using broadcasting and communications. IEEE Trans. Broadcast. 55, 419–424 (2009)CrossRefGoogle Scholar
  11. 11.
    Razzaque, M.A., Ahmad Salehi, S., Cheraghi, S.M.: Security and privacy in vehicular ad-hoc networks: survey and the road ahead. In: Khan, S., Khan Pathan, A.-S. (eds.) Wireless Networks and Security. SCT, vol. 2, pp. 107–132. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Yang, W.: Security in vehicular Ad Hoc networks (VANETs). In: Chen, L., Ji, J., Zhang, Z. (eds.) Wireless Network Security, pp. 95–128. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Mejri, M.N., Ben-Othman, J., Hamdi, M.: Survey on VANET security challenges and possible cryptographic solutions. Veh. Commun. 1, 53–66 (2014)CrossRefGoogle Scholar
  14. 14.
    He, S., Lin, L., Letong, F., Yuan Xiang, G.: Introducing code assets of a new white-box security modeling language. In: 2014 IEEE 38th International Computer Software and Applications Conference Workshops (COMPSACW), pp. 116–121 (2014)Google Scholar
  15. 15.
    Xiao, Y., Lai, X.: A secure implementation of white-box AES. In: 2nd International Conference on Computer Science and its Applications, CSA 2009, pp. 1–6. IEEE (2009)Google Scholar
  16. 16.
    Shi, Y., Lin, J., Zhang, C.: A white-box encryption algorithm for computing with mobile agents. J. Internet Technol. 12, 981–993 (2011)Google Scholar
  17. 17.
    Shi, Y., He, Z.: A lightweight white-box symmetric encryption algorithm against node capture for WSNs. In: 2014 IEEE Wireless Communications and Networking Conference (WCNC), pp. 3058–3063. IEEE (2014)Google Scholar
  18. 18.
    Link, H.E., Neumann, W.D.: Clarifying obfuscation: improving the security of white-box DES. In: ITCC 2005: International Conference on Information Technology: Coding and Computing, vol. 1, pp. 679–684 (2005)Google Scholar
  19. 19.
    Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Bringer, J., Chabanne, H., Dottax, E.: White Box Cryptography: Another Attempt (2006)Google Scholar
  21. 21.
    Jacob, M., Boneh, D., Felten, E.W.: Attacking an obfuscated cipher by injecting faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Goubin, L., Masereel, J.-M., Quisquater, M.: Cryptanalysis of white box DES implementations. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 278–295. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box aes implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Michiels, W., Gorissen, P., Hollmann, H.D.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Tolhuizen, L.: Improved cryptanalysis of an AES implementation. In: Proceedings of the 33rd WIC Symposium on Information Theory in the Benelux, Boekelo, The Netherlands, 24–25 May 2012. WIC (Werkgemeenschap voor Inform.-en Communicatietheorie) (2012)Google Scholar
  27. 27.
    De Mulder, Y., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 292–310. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  28. 28.
    De Mulder, Y., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao – Lai white-box AES implementation. In: Kn udsen, L., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 34–49. Springer, Heidelberg (2013)Google Scholar
  29. 29.
    Biryukov, A., Cannière, C.D., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–286. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  31. 31.
    Hohl, F.: Time limited blackbox security: protecting mobile agents from malicious hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  32. 32.
    Rijmen, V., Daemen, J., Preneel, B., Bosselaers, A.: The cipher SHARK. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 99–111. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  33. 33.
    Doerksen, M., Solomon, S., Thulasiraman, P.: Designing APU oriented scientific computing applications in OpenCL. In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), pp. 587–592 (2011)Google Scholar
  34. 34.
    Manocha, D.: General-purpose computations using graphics processors. Computer 38, 85–88 (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Software EngineeringTongji UniversityShanghaiChina

Personalised recommendations