White-Box Cryptography: Formal Notions and (Im)possibility Results

A key research question in computer security is whether one can implement software that offers some protection against software attacks from its execution platform. While code obfuscation attempts to hide certain characteristics of a program P, white-box cryptography specifically focusses on software implementations of cryptographic primitives (such as encryption schemes); the goal of a white-box implementation is to offer a certain level of robustness against an adversary who has full access to and control over the implementation of the primitive. Several formal models for obfuscation have been presented before, but it is not clear if any of these definitions can capture the concept of white-box cryptography. In this paper, we discuss the relation between obfuscation and white-box cryptography, and formalize the notion of white-box cryptography by capturing the security requirement using a \u27White-Box Property\u27 (WBP). In the second part, we present positive and negative results on white-box cryptography. We show that for interesting programs (such as encryption schemes, and digital signature schemes), there are security notions that cannot be satisfied when adversaries have white-box access, while the notion is satisfied when the adversary has black-box access to its functionality. On the positive side, we show that there exists an obfuscator for a symmetric encryption scheme for which a useful security notion (such as CPA security) remains satisfied when an adversary has access to its white-box implementation

Revisiting software protection

We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions

Hybrid WBC: Secure and Efficient White-Box Encryption Schemes

White-box cryptography aims at providing security against an adversary that has access to the encryption process. Numerous white-box encryption schemes were proposed since the introduction of white-box cryptography by Chow et al. in 2002. However, most of them are slow, and thus, can be used in practice only to protect very small amounts of information, such as encryption keys. In this paper we present a new threat model for white-box cryptography which corresponds to the practical abilities of the adversary in a wide range of applications. Furthermore, we study design criteria for white-box primitives that are important from the industry point of view. Finally, we propose a class of new primitives that combine a white-box algorithm with a standard block cipher to obtain white-box protection for encrypting long messages, with high security and reasonable performance

Efficient Oblivious Transfer Protocols based on White-Box Cryptography

Oblivious transfer protocol is an important cryptographic primitive having numerous applications and particularly playing an essential role in secure multiparty computation protocols. On the other hand existing oblivious transfer protocols are based on computationally expensive public-key operations which remains the main obstacle for employing such protocols in practical applications. In this paper a novel approach for designing oblivious transfer protocols is introduced based on the idea of replacing public-key operations by white-box cryptography techniques. As a result oblivious transfer protocols based on white-box cryptography run several times faster and require less communication bandwidth compared with the existing protocols

White-Box Encryption Scheme Using a Quantum Memory

White-box cryptography is often used in embedded applications. Although white-box cryptography with provable security has been proposed recently, the circuit size is much larger than that of usual block ciphers. We address this problem in a different way from previous works. In particular, we propose a white-box symmetric cipher using quantum memory. The size of our cipher is a polynomial in input-length and output-length of an underlying function. The security against classical attacks is reduced to the security of the underlying classical pseudo-random function. We show that quantum attacks using the generalized Grover algorithm to our cipher are ineffective

White-Box Cryptography and SPN ciphers. LRC method.

The method of concealing a linear relationship between elements of a finite field (LRC method) is described. An LRC method based approach to the secure white-box implementations creating problem is considered. SPN cipher characteristics to create its secure White-Box implementation are revealed

On the Linear Transformation in White-box Cryptography

Linear transformations are applied to the white-box cryptographic implementation for the diffusion effect to prevent key-dependent intermediate values from being analyzed. However, it has been shown that there still exists a correlation before and after the linear transformation, and thus this is not enough to protect the key against statistical analysis. So far, the Hamming weight of rows in the invertible matrix has been considered the main cause of the key leakage from the linear transformation. In this study, we present an in-depth analysis of the distribution of intermediate values and the characteristics of block invertible binary matrices. Our mathematical analysis and experimental results show that the balanced distribution of the key-dependent intermediate value is the main cause of the key leakage

화이트 박스 및 격자 암호 분석 도구

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2016. 2. 김명환.In crypto world, the existence of analytic toolbox which can be used as the measure of security is very important in order to design cryptographic systems. In this thesis, we focus on white-box cryptography and lattice based cryptography, and present analytic tools for them. White-box cryptography presented by Chow et al. is an obfuscation technique for protecting secret keys in software implementations even if an adversary has full access to the implementation of the encryption algorithm and full control over its execution platforms. Despite its practical importance, progress has not been substantial. In fact, it is repeated that as a proposal for a whitebox implementation is reported, an attack of lower complexity is soon announced. This is mainly because most cryptanalytic methods target specific implementations, and there is no general attack tool for white-box cryptography. In this thesis, we present an analytic toolbox on white-box implementations of the Chow et al.s style using lookup tables. Our toolbox could be used to measure the security of white-box implementations. Lattice based cryptography is very interesting field of cryptography nowadays. Many hard problems on lattice can be reduced to some specific form of the shortest vector problem or closest vector problem, and hence related to problem of finding a short basis for given lattice. Therefore, good lattice reduction algorithm can play a role of analytic tools for lattice based cryptography. We proposed an algorithm for lattice basis reduction which uses block reduction. This provides some trade-off of reduction time and quality. This can gives a guideline for the parameter setting of lattice based cryptography.CHAPTER 1 Introduction 1 1.1 Contributions 5 1.2 Organization 8 CHAPTER 2 Preliminaries 9 2.1 SLT Cipher 10 2.2 White-box Implementations 11 2.2.1 Chow et al.'s implementation 12 2.2.2 BGE Attack 13 2.2.3 Michiels et al.'s Cryptanalysis for SLT cipher 14 2.3 Lattice Basis Reduction 15 2.3.1 Lattice 15 2.3.2 LLL Algorithm 16 CHAPTER 3 Analytic Tools for White-box Cryptography 20 3.1 General Model for CEJO framework 21 3.2 Attack Toolbox for White-Box Implementation 24 3.2.1 Recovering Nonlinear Encodings 24 3.2.2 Ane Equivalence Algorithm with Multiple S-boxes 30 3.3 Approaches for Resisting Our Attack Tools 38 3.3.1 Limitation of White-Box Implementation 38 3.3.2 Perspective of White-Box Implementation 40 3.4 A Proposal for a White-Box Implementation of the AES Cipher 42 CHAPTER 4 New Lattice Basis Reduction Algorithm 48 4.1 Nearest Plane Algorithm 51 4.2 Blockwise LLL Algorithm 56 CHAPTER 5 Conclusions 61 Abstract (in Korean) 69Docto