On the Linear Transformation in White-Box Cryptography

A linear transformation is applied to the white-box cryptographic implementation for the diffusion effect to prevent key-dependent intermediate values from being analyzed. However, it has been shown that there still exists a correlation before and after the linear transformation, and thus this is not enough to protect the key against statistical analysis. So far, the Hamming weight of rows in the invertible matrix has been considered the main cause of the key leakage from the linear transformation. In this study, we present an in-depth analysis of the distribution of intermediate values and the characteristics of block invertible binary matrices. Our mathematical analysis and experimental results show that the balanced distribution of the key-dependent intermediate value is the main cause of the key leakage.