Cryptology ePrint Archive: Report 2004/025

Clarifying Obfuscation: Improving the Security of White-Box Encoding

Hamilton E. Link and William D. Neumann

Abstract: To ensure the security of software executing on malicious hosts, as in digital rights management (DRM) applications, it is desirable to encrypt or decrypt content using white-box encoded cryptographic algorithms in the manner of Chow et al. Such encoded algorithms must run on an adversaryís machine without revealing the private key information used, despite the adversaryís ability to observe and manipulate the running algorithm. We have implemented obfuscated (white-box) DES and 3DES algorithms along the lines of Chow et al., with alterations that improve the security of the key, eliminating attacks that extract the key from Chow et al.ís obfuscated DES. Our system is secure against two previously published attacks on Chow et al.ís system, as well as a new adaptation of a statistical bucketing attack on their system. During implementation of white-box DES we found that a number of optimizations were needed for practical generation and execution. On a typical laptop we can generate obfuscated DES functions in a Lisp environment in under a minute allocating 11 MB, including the space required for the resulting function. The resulting function occupies 4.5 MB and encrypts or decrypts each block in approximately 30 ms on an 800 MHz G4 processor; slight run-time performance of the obfuscated DES could be traded to further reduce our algorithmís representation to 2.3 MB. Although it is over an order of magnitude slower than typical DES systems, we believe it is fast enough for application to some DRM problems.

Category / Keywords: implementation / DES, Information Hiding

Date: received 30 Jan 2004

Contact author: wneuman at sandia gov

Available format(s): PDF | BibTeX Citation

Version: 20040202:165204 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]