11

I googled it, but got no result. There is a binary executable of a white-box implementation of DES (scroll down), but no source code is provided.

The same page also links various papers about white-box cryptography, but these don't contain the implementation.

I want to study such an implementation to learn about the techniques used there.

Patriot
  • 3,162
  • 3
  • 20
  • 66
ir01
  • 4,092
  • 3
  • 22
  • 31

6 Answers6

12

I add my whitebox AES implementation on GitHub in:

C++ version implements both Chow's (mixing bijections, input/output encodings, external encodings) and Karroumi's (dual AES in each column) whitebox AES scheme plus Billet's key recovery attack on both schemes.

Java implements Chow's scheme only.

PS: Due to low reputation I post links to schemes to the comment below.

Community
  • 1
Dusan Klinec
  • 251
  • 2
  • 4
8

I've seen two implementations in the wild:

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Samuel Neves
  • 12,960
  • 46
  • 54
3

Adding my 2 cents, I would like to point out that many published methods for white-box cryptography have been broken. This includes…

  • white-box AES
    “Cryptanalysis of White Box AES Implementation”
    by Olivier Billet, Henri Gilbert, and Charaf Ech-Chatbi

  • white-box DES
    “Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings“
    by Brecht Wyseur and Wil Michiels and Paul Gorissen and Bart Preneel

… which have been crypto-analyzed and are known to be insecure ever since.

On the other hand, as long as you just plan to study implementation to learn about the techniques and not plan to actually implement them in practice, you should be fine. So, let's mention one of the implementations that haven’t been mentioned here yet – https://github.com/wbaes/wbaes

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
3

94 White-box AES implementations can be found at WhibOx contest website.

https://whibox-contest.github.io/

Have fun!

Junwei WANG
  • 371
  • 4
  • 8
0

I have a x86 assembly version of the basic AES algorithm I wrote when we briefly tried to remediate some 20 year old POS registers for PCI compliance. Turned out we didn't need it, but it was a great experience to write some assembler again.

I would be happy to share it if you feel it would be valuable. Please keep in mind that it is just the encryption portion, i.e. you supply it the Key and Data block and it returns the encrypted block. So you aren't getting anything that initializes a key, performs any salting, or any sort of rolling block encryption. Give it a 256-bit key, 256-bit data and get out 256-bit encrypted data.

I also have a version of it in .net c# which I wrote to prove my ASM.

Bill
  • 125
  • 2
-1

I'm not sure I get your Q? but do these links help

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
jspeshu
  • 17
  • 1