Method and apparatus for implementing a white-box cipher

What is claimed: 1. A method for implementing a block cipher algorithm in a software application to create a secure whitebox protected software application having the same functionality as the software application, the block cipher including a non-linear S-box step, and other linear algebraic steps, the method comprising: re-expressing an S-box of the block cipher algorithm to hide and protect cryptographic keys used by the block cipher algorithm by: decomposing the S-box based on its field, into a linear part including only linear steps and a non-linear part including non-linear steps and linear steps; merging the linear part of the S-box with a preceding operation and creating a first set of lookup tables; applying threshold implementations and masks to the first set of lookup tables; obfuscating the non-linear part of the S-box by, for each round of the block cipher algorithm, creating a T-box comprising a second set of lookup tables by; adding one of the cryptographic keys into the non-linear part of the S-Box; applying an isomorphism to map the inversion computation corresponding to the S-box into a composite field to obtain a result that uses only elements of the composite field which include XOR, linear transformation and an inversion computation; combining a threshold implementation and masks with a last step of the inversion computation in the composite field of the S-box; mapping the result of the step of combining the threshold implementation step back into an original field of the S-box; and creating a third set of lookup tables comprising all non-S-box operations of the block cipher algorithm; applying further threshold implementations selectively to the third set of lookup tables and masks to the first, second, and third set of the lookup tables of the block cipher to generate and further obfuscate the first, second, and third set of lookup tables, whereby the inputs and outputs of all lookup tables of the first second, and third sets of lookup fables are obfuscated and the distribution of the masked values are uniform and independent of the original inputs; and applying the block cipher to at least a portion of the software application to create the secure whitebox protected software application and thereby increase security of a computing platform executing the secure whitebox protected software application. 2. The method of claim 1 , wherein the composite field comprises two 4-bit elements. 3. The method of claim 1 , wherein the isomorphism is constructed from elements in GF(2 8 ) to the composite field GF (2 4 ) 2 for the S-box and the threshold implementation is applied to the masks. 4. The method of claim 1 , wherein the threshold implementation generates the masks. 5. The method of claim 4 , wherein the masks are associated with one another through an inverted tree structure. 6. A system for implementing a block cipher algorithm in a software application to create a secure whitebox protected software application having the same functionality as the software application, the block cipher including a non-linear S-box step, and other linear algebraic steps, the system comprising: at least one processor; and at least one memory storing instructions which, when executed by the at least one processor, cause the at least one processor to carry out the method of: re-expressing the S-box of the block cipher algorithm to hide and protect cryptographic keys used by the algorithm by: decomposing the S-box based on its field, into a linear part including only linear steps and a non-linear part including non-linear steps and linear steps; merging the linear part of the S-box with a preceding operation and creating a first set of lookup tables; applying threshold implementations and masks to the first set of lookup tables; obfuscating the non-linear part of S-box by, for each round of the block cipher algorithm, creating a T-box comprising a second set of lookup tables by; adding one of the cryptographic keys into the non-linear part of the S-Box; applying an isomorphism to map the inversion computation corresponding to the S-box into a composite field to obtain a result that uses only the elements of the composite field which include XOR, linear transformation and inversion; combining a threshold implementation and masks with the last step of the inversion computation in the composite field of the S-box; mapping the result of the step of combining the threshold implementation step back into the original field of the S-box; and creating a third set of lookup tables comprising all non-S-box operations of the block cipher algorithm; applying further threshold implementations selectively to the third set of lookup tables and masks to the first, second, and third set of the lookup tables of the block cipher to generate and further obfuscate the first, second, and third set of lookup tables, whereby the inputs and outputs of all of the lookup table are obfuscated and the distribution of the masked values are uniform and independent of the original inputs; and applying the block cipher to at least a portion of the software application to create the secure whitebox protected software application and thereby increase security of a computing platform executing the secure whitebox protected software application. 7. The system of claim 6 , wherein the composite field comprises two 4-bit elements. 8. The system of claim 6 , wherein the isomorphism is constructed from elements in GF(2 8 ) to the composite field GF (2 4 ) 2 for the S-box and the threshold implementation is applied to the masks. 9. The system of claim 6 , wherein the threshold implementation generates the masks. 10. The system of claim 9 , wherein the masks are associated with one another through an inverted tree structure.