White-Box Cryptography: A Time-Security Trade-Off for the SPNbox Family

  • Federico Cioschi
  • Nicolò Fornari
  • Andrea ViscontiEmail author
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 27)


White-box cryptography aims to ensure the security of cryptographic algorithms in an untrusted environment where the adversary has full access to their implementations. Typical applications are DRM, Pay Tv boxes, and smartphones. A number of white-box implementations for standard cryptographic algorithms—e.g., AES and DES—have been published in the literature. Unfortunately, such implementations are subjected to algebraic attacks, side channel attacks, etc. and thus researchers developed new ciphers—e.g., SPACE and the SPNbox family—with a dedicated design approach for white-box implementations. In this chapter, we focus on the SPNbox family. Our aim is to modify the small internal block cipher used in SPNbox in order to increase the number of bits of the key used in each round. This approach provides us the possibility to reduce the number of rounds of about 25%, making the algorithm faster than the previous one.


  1. 1.
    S. Chow, P. Eisen, H. Johnson, P.C. Van Oorschot, White-box cryptography and an AES implementation, in: International Workshop on Selected Areas in Cryptography (Springer, Berlin, 2002), pp. 250–270zbMATHGoogle Scholar
  2. 2.
    Sky Go, Accessed 13 Nov 2018
  3. 3.
    Netflix, Accessed 13 Nov 2018
  4. 4.
    Spotify, Accessed 13 Nov 2018
  5. 5.
    B. Wyseur, White-Box Cryptography. Ph.D. Thesis, KU Leuven, Department of Mathematics (2009)Google Scholar
  6. 6.
    S. Chow, P. Eisen, H. Johnson, P.C. Van Oorschot, A white-box DES implementation for DRM applications, in ACM Workshop on Digital Rights Management (Springer, Berlin, 2002), pp. 1–15zbMATHGoogle Scholar
  7. 7.
    M. Karroumi, Protecting white-box AES with dual ciphers, in International Conference on Information Security and Cryptology (Springer, Berlin, 2010), pp. 278–291zbMATHGoogle Scholar
  8. 8.
    Y. Xiao, X. Lai, A secure implementation of white-box AES, in 2nd International Conference on Computer Science and its Applications, 2009, CSA’09 (IEEE, Piscataway, 2009), pp. 1–6CrossRefGoogle Scholar
  9. 9.
    O. Billet, H. Gilbert, C. Ech-Chatbi, Cryptanalysis of a white box AES implementation, in International Workshop on Selected Areas in Cryptography (Springer, Berlin, 2004), pp. 227–240zbMATHGoogle Scholar
  10. 10.
    Y. De Mulder, P. Roelse, B. Preneel, Cryptanalysis of the Xiao–Lai white-box AES implementation, in International Conference on Selected Areas in Cryptography (Springer, Berlin, 2012), pp. 34–49zbMATHGoogle Scholar
  11. 11.
    W. Michiels, P. Gorissen, H.D. Hollmann, Cryptanalysis of a generic class of white-box implementations, in International Workshop on Selected Areas in Cryptography (Springer, Berlin, 2008), pp. 414–428zbMATHGoogle Scholar
  12. 12.
    T. Lepoint, M. Rivain, Y. De Mulder, P. Roelse, B. Preneel, Two attacks on a white-box AES implementation, in International Conference on Selected Areas in Cryptography (Springer, Berlin, 2013), pp. 265–285zbMATHGoogle Scholar
  13. 13.
    E.A. Bock, J.W. Bos, C. Brzuska, C. Hubain, W. Michiels, C. Mune, E.S. Gonzalez, P. Teuwen, A. Treff, White-box cryptography: don’t forget about grey box attacks. Cryptology ePrint Archive, Report 2017/355 (2017)Google Scholar
  14. 14.
    S. Banik, A. Bogdanov, T. Isobe, M. Jepsen, Analysis of software countermeasures for whitebox encryption. IACR Trans. Symmetric Cryptol. 2017(1), 307–328 (2017)Google Scholar
  15. 15.
    A. Biryukov, C. Bouillaguet, D. Khovratovich, Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract), in P. Sarkar, T. Iwata (eds.) Advances in Cryptology – ASIACRYPT 2014 (Springer, Berlin, 2014), pp. 63–84CrossRefGoogle Scholar
  16. 16.
    A. Bogdanov, T. Isobe, White-box cryptography revisited: space-hard ciphers, in Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (ACM, New York, 2015), pp. 1058–1069Google Scholar
  17. 17.
    A. Bogdanov, T. Isobe, E. Tischhauser, Towards practical whitebox cryptography: optimizing efficiency and space hardness, in International Conference on the Theory and Application of Cryptology and Information Security (Springer, Berlin, 2016), pp. 126–158zbMATHGoogle Scholar
  18. 18.
    P. Dusart, G. Letourneux, O. Vivolo, Differential fault analysis on AES, in International Conference on Applied Cryptography and Network Security (Springer, Berlin, 2003), pp. 293–306zbMATHGoogle Scholar
  19. 19.
    P. Kocher, J. Jaffe, B. Jun, P. Rohatgi, Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)CrossRefGoogle Scholar
  20. 20.
    H. Feistel, Cryptography and computer privacy. Sci. Am. 228(5), 15–23 (1973)CrossRefGoogle Scholar
  21. 21.
    K. Moriarty, B. Kaliski, A. Rusch, PKCS# 5: Password-Based Cryptography Specification Version 2.1. RFC 8018 (2017)Google Scholar
  22. 22.
    A. Visconti, S. Bossi, H. Ragab, A. Calò, On the weaknesses of PBKDF2, in ed. by M. Reiter, D. Naccache. Cryptology and Network Security (Springer, Berlin, 2015), pp. 119–126Google Scholar
  23. 23.
    A. Visconti, F. Gorla, Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2. IEEE Trans. Dependable Secure Comput. (2018).
  24. 24.
    A. Biryukov, D. Dinu, D. Khovratovich, Argon2 (version 1.2). Accessed 13 Nov 2018
  25. 25.
    C. Percival, S. Josefsson, The scrypt Password-Based Key Derivation Function. RFC 7914 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Federico Cioschi
    • 1
  • Nicolò Fornari
    • 2
  • Andrea Visconti
    • 1
    Email author
  1. 1.Department of Computer ScienceUniversità degli Studi di MilanoMilanoItaly
  2. 2.The AkkademyGenevaSwitzerland

Personalised recommendations