中文摘要：

传统的密码模型都假设密码系统的运行终端和计算环境是可信任的，但是，随着攻击方式的发展，这样的模型显得越来越脆弱．而白盒攻击环境是指攻击者除了能够获得与传统密码模型同样的资源以外，还对密码系统的内部运行完全可见，并完全掌控执行环境．因此，能够抵抗白盒攻击的密码算法具有更高层次的安全意义．2009年提出的SMS4算法的白盒实现，其目标是在白盒攻击环境下能够防止SMS4算法的密钥被恢复．在回顾已有研究的基础上，针对该SMS4算法的白盒实现提出了一种有效的攻击，并详细解释了如何以低于2。’的时间复杂度找出嵌入其中的轮密钥，说明了该白盒设计方法的不可靠性，并为设计安全的白盒实现提供了一种参考．

英文摘要：

In traditional cryptographic model, it is assumed that the communication end points and computing environments of a cryptosystem are trusted. But this model becomes increasingly frailer with the development of the attack method. In the white-box attack model, the adversary can get not only access to the same resources as in the traditional cryptographic model but also total visibility of the internal implementation of the cryptosystem and full control over its execution environment, so it has the higher level of secure significance. The white-box SMS4 implementation, which was proposed in 2009, is aimed at protecting SMS4 operated in the white box context against key exposure. In this paper, based on the review of previous research, we propose an efficient attack and explain in detail how to extract the round key embedded in such a white box SMS4 implementation, with worst time complexity 247. As a result, we show that the white-box method is unreliable and provide reference for the secure white-box implementation.