Paper 2008/273

White-Box Cryptography: Formal Notions and (Im)possibility Results

Amitabh Saxena, Brecht Wyseur, and Bart Preneel


A key research question in computer security is whether one can implement software that offers some protection against software attacks from its execution platform. While code obfuscation attempts to hide certain characteristics of a program P, white-box cryptography specifically focusses on software implementations of cryptographic primitives (such as encryption schemes); the goal of a white-box implementation is to offer a certain level of robustness against an adversary who has full access to and control over the implementation of the primitive. Several formal models for obfuscation have been presented before, but it is not clear if any of these definitions can capture the concept of white-box cryptography. In this paper, we discuss the relation between obfuscation and white-box cryptography, and formalize the notion of white-box cryptography by capturing the security requirement using a 'White-Box Property' (WBP). In the second part, we present positive and negative results on white-box cryptography. We show that for interesting programs (such as encryption schemes, and digital signature schemes), there are security notions that cannot be satisfied when adversaries have white-box access, while the notion is satisfied when the adversary has black-box access to its functionality. On the positive side, we show that there exists an obfuscator for a symmetric encryption scheme for which a useful security notion (such as CPA security) remains satisfied when an adversary has access to its white-box implementation.

Available format(s)
Publication info
Published elsewhere. none
obfuscationwhite-box cryptographywhite-box propertyuniversal white-box propertyvirtual black-box property
Contact author(s)
amitabh123 @ gmail com
2009-04-02: last of 2 revisions
2008-06-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amitabh Saxena and Brecht Wyseur and Bart Preneel},
      title = {White-Box Cryptography: Formal Notions and (Im)possibility Results},
      howpublished = {Cryptology ePrint Archive, Paper 2008/273},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.