A Secure White Box Implementation of AES Against First Order DCA

  • Ana Clara Serpa UNICAMP
  • Giuliano Sider UNICAMP
  • Hayato Fujii UNICAMP
  • Félix Rodrigues UNICAMP
  • Ricardo Dahab UNICAMP
  • Julio López UNICAMP


The white box threat model considers an attacker with complete access to the implementation and execution environment of a cryptographic algorithm. Aiming towards secure implementation of cryptographic algorithms in this context, several implementations of the AES cipher were proposed in the literature. However, they were proven vulnerable to implementation specific attacks, as well as to refined side-channel and more robust attacks that do not rely on implementation knowledge of the cipher, such as DCA (differential computation analysis). In this paper we present a white box implementation of the AES cipher with recently proposed DCA countermeasures [Lee et al. 2018]. We provide a comparison of the performance difference these countermeasures incur in practice and report some preliminary experimental results on the security of our implementation.


Billet, O., Gilbert, H., and Ech-Chatbi, C. (2005). Cryptanalysis of a white box AES implementation. In Handschuh, H. and Hasan, M. A., editors, Selected Areas in Cryptography, pages 227–240, Berlin, Heidelberg. Springer.

Bos, J. W., Hubain, C., Michiels, W., and Teuwen, P. (2016). Differential computation analysis: Hiding your white-box designs is not enough. In Gierlichs, B. and Poschmann, A. Y., editors, Cryptographic Hardware and Embedded Systems – CHES 2016, pages 215–236, Berlin, Heidelberg. Springer.

Chow, S., Eisen, P., Johnson, H., and Van Oorschot, P. C. (2003). White-box cryptography and an AES implementation. In Nyberg, K. and Heys, H., editors, Selected Areas in Cryptography, pages 250–270, Berlin, Heidelberg. Springer.

Karroumi, M. (2011). Protecting white-box AES with dual ciphers. In Rhee, K.-H. and Nyang, D., editors, ICISC 2010, pages 278–291, Berlin, Heidelberg. Springer.

Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Wiener, M., editor, Advances in Cryptology — CRYPTO' 99, pages 388–397, Berlin, Heidelberg. Springer.

Lee, S., Kim, T., and Kang, Y. (2018). A masked white-box cryptographic implementation for pro- tecting against differential computation analysis. IEEE Transactions on Information Forensics and Security, 13(10):2602–2615.

Lepoint, T., Rivain, M., De Mulder, Y., Roelse, P., and Preneel, B. (2014). Two attacks on a white-box AES implementation. In Lange, T., Lauter, K., and Lisonek, P., editors, Selected Areas in Cryptography – SAC 2013, pages 265–285, Berlin, Heidelberg. Springer.

NIST (2001). Announcing the Advanced Encryption Standard (AES). National Institute of Standards and Technology. Federal Information Processing Standards 197, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

Rivain, M. and Wang, J. (2019). Analysis and improvement of differential computation attacks against internally-encoded white-box implementations. Cryptology ePrint Archive, Report 2019/076. https://eprint.iacr.org/2019/076.

Zeyad, M., Maghrebi, H., Alessio, D., and Batteux, B. (2019). Another look on bucketing attack to defeat white-box implementations. In Constructive Side-Channel Analysis and Secure Design, pages 99–117, Cham. Springer. https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_lee_case1
SERPA, Ana Clara; SIDER, Giuliano; FUJII, Hayato; RODRIGUES, Félix; DAHAB, Ricardo; LÓPEZ, Julio. A Secure White Box Implementation of AES Against First Order DCA. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2019 . p. 385-390. DOI: https://doi.org/10.5753/sbseg.2019.13986.