International Association for Cryptologic Research (IACR)
Abstract
A key research question in computer security is whether
one can implement software that offers some protection
against software attacks from its execution platform. While
code obfuscation attempts to hide certain characteristics of
a program P, white-box cryptography specifically focusses
on software implementations of cryptographic primitives
(such as encryption schemes); the goal of a white-box implementation
is to offer a certain level of robustness against
an adversary who has full access to and control over the
implementation of the primitive. Several formal models for
obfuscation have been presented before, but it is not clear if
any of these definitions can capture the concept of white-box
cryptography. In this paper, we discuss the relation between
obfuscation and white-box cryptography, and formalize the
notion of white-box cryptography by capturing the security
requirement using a \u27White-Box Property\u27 (WBP). In
the second part, we present positive and negative results on
white-box cryptography. We show that for interesting programs
(such as encryption schemes, and digital signature
schemes), there are security notions that cannot be satisfied
when adversaries have white-box access, while the notion
is satisfied when the adversary has black-box access to its
functionality. On the positive side, we show that there exists
an obfuscator for a symmetric encryption scheme for which
a useful security notion (such as CPA security) remains satisfied
when an adversary has access to its white-box implementation
