WEM: A New Family of White-Box Block Ciphers Based on the Even-Mansour Construction

  • Jihoon Cho
  • Kyu Young Choi
  • Itai DinurEmail author
  • Orr Dunkelman
  • Nathan Keller
  • Dukjae Moon
  • Aviya Veidberg
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10159)


White-box cryptosystems aim at providing security against an adversary that has access to the encryption process. As a countermeasure against code lifting (in which the adversary simply distributes the code of the cipher), recent white-box schemes aim for ‘incompressibility’, meaning that any useful representation of the secret key material is memory-consuming.

In this paper we introduce a new family of white-box block ciphers relying on incompressible permutations and the classical Even-Mansour construction. Our ciphers allow achieving tradeoffs between encryption speed and white-box security that were not obtained by previous designs. In particular, we present a cipher with reasonably strong space hardness of \(2^{15}\) bytes, that runs at less than 100 cycles per byte.


Security Level Block Cipher Digital Right Management Provable Security Collision Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Berlin (2004). doi: 10.1007/978-3-540-30564-4_16 CrossRefGoogle Scholar
  2. 2.
    Biryukov, A.: The boomerang attack on 5 and 6-round reduced AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2004. LNCS, vol. 3373, pp. 11–15. Springer, Berlin (2005). doi: 10.1007/11506447_2 CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Berlin (2014). doi: 10.1007/978-3-662-45611-8_4 Google Scholar
  4. 4.
    Biryukov, A., Wagner, D.: Advanced slide attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Berlin (2000). doi: 10.1007/3-540-45539-6_41 CrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Isobe, T.: White-box cryptography revisited: space-hard ciphers. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–6 October 2015, pp. 1058–1069. ACM (2015).
  6. 6.
    Chow, S., Eisen, P., Johnson, H., Oorschot, P.C.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Berlin (2003). doi: 10.1007/3-540-36492-7_17 CrossRefGoogle Scholar
  7. 7.
    Daemen, J.: Limitations of the Even-Mansour construction. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 495–498. Springer, Berlin (1993). doi: 10.1007/3-540-57332-1_46 CrossRefGoogle Scholar
  8. 8.
    Delerablée, C., Lepoint, T., Paillier, P., Rivain, M.: White-box security notions for symmetric encryption schemes. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 247–264. Springer, Berlin (2014). doi: 10.1007/978-3-662-43414-7_13 CrossRefGoogle Scholar
  9. 9.
    Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Key recovery attacks on iterated Even-Mansour encryption schemes. J. Cryptology 29(4), 697–728 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Dunkelman, O., Keller, N., Shamir, A.: Slidex attacks on the Even-Mansour encryption scheme. J. Cryptology 28(1), 1–28 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151–162 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Fisher, R.A., Yates, F.: Statistical Tables for Biological, Agricultural and Medical Research. Oliver and Boyd, London (1938)zbMATHGoogle Scholar
  13. 13.
    Fouque, P., Karpman, P., Kirchner, P., Minaud, B.: Efficient and Provable White-Box Primitives. IACR Cryptology ePrint Archive 2016, 642 (2016).
  14. 14.
    Gilbert, H., Plût, J., Treger, J.: Key-recovery attack on the ASASA cryptosystem with expanding S-boxes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 475–490. Springer, Berlin (2015). doi: 10.1007/978-3-662-47989-6_23 CrossRefGoogle Scholar
  15. 15.
    Lange, T., Lauter, K.E., Lisonek, P.: Selected Areas in Cryptography – SAC 2013. LNCS, vol. 8282. Springer, Berlin (2014). doi: 10.1007/978-3-662-43414-7 CrossRefzbMATHGoogle Scholar
  16. 16.
    Lepoint, T., Rivain, M., Mulder, Y., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 265–285. Springer, Berlin (2014). doi: 10.1007/978-3-662-43414-7_14 CrossRefGoogle Scholar
  17. 17.
    Minaud, B., Derbez, P., Fouque, P.-A., Karpman, P.: Key-recovery attacks on ASASA. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 3–27. Springer, Berlin (2015). doi: 10.1007/978-3-662-48800-3_1 CrossRefGoogle Scholar
  18. 18.
    Tiessen, T., Knudsen, L.R., Kölbl, S., Lauridsen, M.M.: Security of the AES with a secret S-box. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 175–189. Springer, Berlin (2015). doi: 10.1007/978-3-662-48116-5_9 CrossRefGoogle Scholar
  19. 19.
    Wyseur, B., Michiels, W., Gorissen, P., Preneel, B.: Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 264–277. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-77360-3_17 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Jihoon Cho
    • 1
  • Kyu Young Choi
    • 1
  • Itai Dinur
    • 2
    Email author
  • Orr Dunkelman
    • 3
  • Nathan Keller
    • 4
  • Dukjae Moon
    • 1
  • Aviya Veidberg
    • 4
  1. 1.Security Research GroupSamsung SDS, Inc.SeoulRepublic of Korea
  2. 2.Computer Science DepartmentBen-Gurion UniversityBeershebaIsrael
  3. 3.Computer Science DepartmentUniversity of HaifaHaifaIsrael
  4. 4.Department of MathematicsBar-Ilan UniversityRamat GanIsrael

Personalised recommendations