White-Box Security Notions for Symmetric Encryption Schemes

White-box cryptography has attracted a growing interest from researchers in the last decade. Several white-box implementations of standard block-ciphers DES, AES have been proposed but they have all been broken. On the other hand, neither evidence of existence nor proofs of impossibility have been provided for this particular setting. This might be in part because it is still quite unclear what white-box cryptography really aims to achieve and which security properties are expected from white-box programs in applications. This paper builds a first step towards a practical answer to this question by translating folklore intuitions behind white-box cryptography into concrete security notions. Specifically, we introduce the notion of white-box compiler that turns a symmetric encryption scheme into randomized white-box programs, and we capture several desired security properties such as one-wayness, incompressibility and traceability for white-box programs. We also give concrete examples of white-box compilers that already achieve some of these notions. Overall, our results open new perspectives on the design of white-box programs that securely implement symmetric encryption.

[1]  Louis Goubin,et al.  Cryptanalysis of white box DES implementations , 2007, IACR Cryptol. ePrint Arch..

[2]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[3]  Mohamed Karroumi,et al.  Protecting White-Box AES with Dual Ciphers , 2010, ICISC.

[4]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[5]  Marc Joye,et al.  Basics of Side-Channel Analysis , 2009, Cryptographic Engineering.

[6]  Abhi Shelat,et al.  Securely Obfuscating Re-Encryption , 2007, Journal of Cryptology.

[7]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[8]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[9]  Bart Preneel,et al.  Two Attacks on a WhiteBox AES Implementation ? , 2013 .

[10]  Amos Fiat,et al.  Tracing Traitors , 1994, CRYPTO.

[11]  Dennis Hofheinz,et al.  Obfuscation for Cryptographic Purposes , 2007, TCC.

[12]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[13]  Li Yang White Box Cryptography , 2022 .

[14]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[15]  Bart Preneel,et al.  Condensed White-Box Implementations , 2005 .

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[18]  Bart Preneel,et al.  Cryptanalysis of the Xiao - Lai White-Box AES Implementation , 2012, Selected Areas in Cryptography.

[19]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[20]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[21]  Pankaj Rohatgi Improved Techniques for Side-Channel Analysis , 2009, Cryptographic Engineering.

[22]  Julien Bringer,et al.  White Box Cryptography: Another Attempt , 2006, IACR Cryptol. ePrint Arch..

[23]  Bart Preneel,et al.  Towards Security Notions for White-Box Cryptography , 2009, ISC.

[24]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[25]  Bart Preneel,et al.  Cryptanalysis of a Perturbated White-Box AES Implementation , 2010, INDOCRYPT.

[26]  Dan Boneh,et al.  Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[27]  Xuejia Lai,et al.  A Secure Implementation of White-Box AES , 2009, 2009 2nd International Conference on Computer Science and its Applications.

[28]  Vinod Vaikuntanathan,et al.  Functional Re-encryption and Collusion-Resistant Obfuscation , 2012, TCC.

[29]  Hamilton E. Link,et al.  Clarifying obfuscation: improving the security of white-box DES , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[30]  Wil Michiels,et al.  Cryptanalysis of a Generic Class of White-Box Implementations , 2009, Selected Areas in Cryptography.

[31]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[32]  Bart Preneel,et al.  Two Attacks on a White-Box AES Implementation , 2013, Selected Areas in Cryptography.