White-Box Cryptography

Create your own unique white-box cryptography architecture.
Contact us

White-Box Works

White-Box Works is a developer tool that generates White-Box implementations of cryptographic algorithms based on the customer's desired algorithm and secret key. 

What is White-Box Cryptography?

A secure White-Box protects cryptographic secrets against an attacker with full access to the implementation. The input and output of a White-Box are the same as with a standard crypto operation, but in the transformed White-Box version the protected cryptographic secrets are not visible to an attacker.

What is a White-Box Crypto Code Generator?

A White-Box code generator is not simply a library of protected cryptographic operations. It’s a tool that transforms any algorithm or dataflow operation into a protected White-Box implementation. It can generate or update an unlimited number of unique implementations on-demand.

Where is White-Box Cryptography Used?

White-Box Cryptography is most often deployed to protect cryptographic implementations in apps that are executed on open devices, such as PCs, tablets, or smartphones when the developer needs to achieve the highest level of security with no dependency on hardware secure elements.

In these open devices, an attacker can observe the encrypt/decrypt operations using reverse engineering tools and easily extract an unencrypted copy of the data. More importantly, the attacker can also easily extract the encryption key being used, allowing the attacker to decrypt all data that is encrypted with that key. This makes unprotected crypto implementations in open devices extremely vulnerable to attacks.

White-Box Cryptography is also an excellent solution where periodic updates to the crypto implementation are required to prevent class breaks. These breaks would render costly hardware obsolete if it relied solely on hardware-based security.

Why should we choose the PACE White-Box Works White-Box Code Generator?

White-Box Works is the newest thinking in the White-Box space. It provides significantly better protection against attacks than other solutions and is more flexible, allowing its use in a wider range of contexts. It achieves this without compromising ease of use or performance compared to other solutions.

Its usability advantages include the ability to create a White-Box Implementation in a single step, eliminating the need to write a simulation harness. This approach also allows developers to easily combine cryptographic operations into a single White-Box, unlike other solutions which provide pre-made combinations to provide useful functionality such as dynamic keys. White-Box Works makes it easy for developers to combine operations in ways that best suit their requirements, making it a lighter weight solution in many applications.

White-Box Works is resistant to modern cryptographic attacks

White-Box implementations generated with White-Box Works can detect attacks and intentionally produce incorrect output.
Continuous in-house and external security evaluations ensure that White-Box implementations generated with White-Box Works are resistant to modern White-Box attacks including reverse engineering, side channel analysis (memory trace analysis), register trace analysis, and fault injection.
White-Box Works is a new, unique solution for adding White-Box Cryptography to applications. It provides significantly better protection against attacks than existing solutions and is more flexible, without compromising ease of use or performance. 


Create a White-Box Implementation in a single step, eliminating the need to write a simulation harness.


Combine cryptographic operations into a single White-Box, without forcing pre-made combinations.


Combine operations in ways that best suit your requirements. 

Algorithm Agnostic

White-Box Works can transform any algorithm including (but not limited to) RSA, ECC, AES, Threefish, Sha2/3.
  • Press Release

    White-Box Works Receives EMVCo Certification
    Read On

We are Software Security Experts

Evaluate our products with full engineering support. Start your trial today!
Free Trial
Riscure’s security analysts had full access to White-Box Works and generated White-Box instances, while no external protections such as obfuscation or anti-instrumentation were applied, and successfully tested it through advanced key extraction attacks. 

The technology brings a unique security capability to solution developers as it allows to create White-Box instances of any algorithm, allowing for optimal flexibility and developer freedom where protection of cryptographic keys is vital. This makes it not only useful in Payment, but also in other fields such as DRM, eHealth, IoT, Automotive, etc.”

Security Expert

Director of Mobile Payment Security, Riscure
Riscure has pioneered in assessing the security of mobile technology. Among their accreditations, is the ability to perform security assessments for a wide variety of organizations including EMVCo.
Read Press Release
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram