The goal of white-box cryptography is to protect cryptographic keys in a public implementation of encryption algorithms, primarily in the context of Pay-TV and tamper-resistant software. I present an overview of the white-box cryptography concept along with the most common applications and proposed designs. I discuss the subtle difference between white-box cryptography, public-key cryptography, and obfuscation.
The informal notion of white-box cryptography was coined by Chow et al. 2002 as a method to protect cryptographic keys in a public implementation of encryption algorithms, which is fully accessed by an adversary. White-box implementations of the AES and DES ciphers were presented, but they were all badly broken. Subsequent attempts were no better. Whereas some theoretical foundations of white-box cryptography have been given recently in Wyseur's PhD thesis, so far they have not lead to any practical scheme. I present an overview of the white-box cryptography concept along with the most common applications and proposed designs. I discuss the subtle difference between white-box cryptography, public-key cryptography, and obfuscation. I try to answer the question if the security of a white-box scheme can be relied on public scrutiny in contrast to the hardness assumptions behind RSA and other public-key schemes. Alongside the theoretical results, I present some well-known attempts to construct a white-box cryptographic scheme from the AES and DES ciphers, and show their inherent weaknesses. Finally, I discuss some potential methods to construct a secure white-box cipher from scratch using the results from finite fields theory and public-key cryptography.
Speakers: Dmitry Khovratovich