Advanced White-Box Cryptographic Protection

White-Box Works - A Code Generator

Security Leaders Keep their Code In-house

data being encrypted by a white-box

White-Box Works is a new solution for adding white-box cryptography to applications which store algorithms, cryptographic keys and other critical IP. It has been designed to be more resistant to advanced attacks such as Side Channel and Statistical Analysis. The flexibility of White-Box Works in platform and cryptographic key agnosticism, gives developers and architects greater freedom to develop even more secure applications. White-Box Works is delivered as a tool-kit and is completely deployable in-house.

More Than Just a White-Box Cryptography Library

Instead of a single monolithic white-box library, White-Box Works creates a network of interconnecting protected code. Functions are split into several components, located throughout the run-time, and are networked while interacting. This makes it difficult for bad actors to analyze.

Standard Encryption

Standard encryption algorithm

A standard encryption algorithm requires that the key be present. The key is visible in a debugger at run-time. 

Traditional White-Box Cryptography

First Generation White-Box Cryptography

White-box technology hides the key. Second-generation white-box tools attempt to randomize execution behavior. The basic flow of the algorithm is unchanged and is susceptible to side-channel attacks.

PACE White-Box Works Code Generator

White-Box Works - third generation white-box cryptography

PACE's White-Box Works third-generation white-box tool hides the key and randomises ALL execution behaviors. It provides greater depth and strength of security and therefore is not susceptible to side-channel attacks. 

What Makes White-Box Works Different?

White-Box Works gives the customer complete, independent control over their protected code, ensuring their encryption keys and proprietary algorithms never leave the customer’s premises.

EMVCo Certified

White-Box Works gives the customer complete, independent control over their protected code, ensuring their encryption keys and proprietary algorithms never leave the customer’s premises.

Algorithm Agnostic

White-Box Works can transform any C-code into a protected white-box variant in a single step, offering unparalleled flexibility, security, and efficiency

Advanced Architecture

White-Box Works is significantly more performant than previous generations of white-box tools in large complex applications, such as our internal conductor use case.

Code Stays In-House

Customers can replace and update their deployed encryption keys and algorithms at will, with no need to re-engage PACE Anti-Piracy, or any other third-party vendor, to do so.

White-Box Works is Resistant to Modern Cryptographic Attacks

White-box implementations generated with White-Box Works can detect attacks and intentionally produce incorrect output to confuse attackers.

Continuous in-house and external security evaluations ensure that white-box implementations generated with White-Box Works are resistant to modern white-box attacks including reverse engineering, side channel analysis (memory trace analysis), register trace analysis, and fault injection.

White-Box Works is a new, unique solution for adding white-box cryptography to applications. It provides significantly better protection against attacks than existing solutions and is more flexible, without compromising ease of use or performance. 

Advanced Attacks

White-Box Works Defends Against


Recreating a program's binary code to trace it back to the original source code


Exploitation of statistical weaknesses in a targeted algorithm


Class of active physical attacks for the purposes of cryptographic key extraction


Exploits collisions occuring on internal variables of the implementation

Why Choose
PACE Anti-Piracy?

PACE Anti-Piracy employs a consultative approach to understand the unique security, compliance and business needs of our customers. We have helped hundreds of companies meet and exceed security requirements.

Advanced Products

Sophisticated products made by engineers for engineers.

Our Experience

Nearly four decades of experience protecting and licensing software.


Consistently updated products offering cross platform support.

World-Class Support

Customers receive the highest level access to our engineering team.

"Riscure’s security analysts had full access to White-Box Works and generated white-box instances, while no external protections such as obfuscation or anti-instrumentation were applied, and successfully tested it through advanced key extraction attacks. 

The technology brings a unique security capability to solutions developers as it allows to create white-box instances of any algorithm, allowing for optimal flexibility and developer freedom where protection of cryptographic keys is vital. This makes it not only useful in Payment, but also in other fields such as DRM, eHealth, IoT, Automotive, etc.”

Security Expert

Director of Mobile Payment Security, Riscure

Riscure has pioneered in assessing the security of mobile technology. Among their accreditations, is the ability to perform security assessments for a wide variety of organizations including EMVCo.

Read Press Release

We are Software Security Experts

Evaluate our products with full engineering support. Start your trial today!

What is White-Box Cryptography?

A secure white-box protects cryptographic secrets against an attacker with full access to the implementation. The input and output of a white-box are the same as with a standard crypto operation, but in the transformed white-box version the protected cryptographic secrets are not visible to an attacker.

What is a White-Box Code Generator?

A white-box code generator is not simply a library of protected cryptographic operations. It is a tool that transforms any algorithm or dataflow operation into a protected white-box implementation. It can generate or update an unlimited number of unique implementations on-demand.

Where is White-Box Cryptography Used?

White-box cryptography is most often deployed to protect cryptographic implementations in apps that are executed on open devices, such as PCs, tablets, or smartphones when the developer needs to achieve the highest level of security with no dependency on hardware secure elements.

In these open devices, an attacker can observe the encrypt/decrypt operations using reverse engineering tools and easily extract an unencrypted copy of the data. More importantly, the attacker can also easily extract the encryption key being used, allowing the attacker to decrypt all data that is encrypted with that key. This makes unprotected crypto implementations in open devices extremely vulnerable to attacks.

White-box cryptography is also an excellent solution where periodic updates to the cryptographic implementation are required to prevent class breaks. These breaks would render costly hardware obsolete if it relied solely on hardware-based security.

Why Should We Choose PACE's White-Box Works White-Box Code Generator?

White-Box Works is the newest thinking in the white-box space. It provides significantly better protection against attacks than other solutions and is more flexible, allowing its use in a wider range of contexts. It achieves this without compromising ease of use or performance compared to other solutions.

Its usability advantages include the ability to create a white-box implementation in a single step, eliminating the need to write a simulation harness. This approach also allows developers to easily combine cryptographic operations into a single white-box, unlike other solutions which provide pre-made combinations to provide useful functionality such as dynamic keys. White-Box Works makes it easy for developers to combine operations in ways that best suit their requirements, making it a lighter weight solution in many applications.

White-Box Works brochure teaser

White-Box Works brochure

Download the White-Box Works product brochure to learn more about how PACE's white-box cryptography tool protects your algorithms, data, credentials and cryptographic keys.

What Makes White-Box Works Different?

Contact Us!

To learn more about how PACE Anti-Piracy can add a layer of protection to your on-device cryptographic solution, contact our team of security experts today.

Traditional white-box library products are monolithic and inflexible DLLs. This means they force developers to compromise on their creativity, while leaving them reliant on the vendor for updates. The ability for the developer to simultaneously serve multiple platforms and to add ancillary services (such as Loyalty) delivers far more value to the PSP or Merchant and subsequently the consumer.

PACE Anti-Piracy’s White-Box Works developer tools quickly and efficiently deliver critical components of the cryptographic architecture required for secure implementations - while allowing the developer the freedom to create innovative software for retailers.

Key Benefits

Strong Security

Leave software protection to us - that's what we do. Your focus can be on developing great products.

Keep Code In-House

Your code stays in-house with full support from our engineering team.

EMVCo Certified

PACE Anti-Piracy has completed rigorous penetration testing and received certification from EMVCo.

Flexible Implementation

Ability to create unique White-Box Cryptographic networks and architecture.

Developer Freedom

Full freedom to build upon PCI,  EMVCo, MPoC and SPoC standards.

Operating System Agnostic

Operating System agnostic - allowing for non-Mobile-centric development

PCI Compliant

PCI Develops the underlying security structure for payments generally. They are developing new flexible standards for SoftPOS.

Customer Support

Our customers receive full documentation, quality support, and access to our engineering team.

Proven Track Record

PACE brings nearly 4 decades of security and licensing experience.
homelicensemove linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram