Cryptology ePrint Archive: Report 2008/273

White-Box Cryptography: Formal Notions and (Im)possibility Results

Amitabh Saxena and Brecht Wyseur and Bart Preneel

Abstract: A key research question in computer security is whether one can implement software that offers some protection against software attacks from its execution platform. While code obfuscation attempts to hide certain characteristics of a program P, white-box cryptography specifically focusses on software implementations of cryptographic primitives (such as encryption schemes); the goal of a white-box implementation is to offer a certain level of robustness against an adversary who has full access to and control over the implementation of the primitive. Several formal models for obfuscation have been presented before, but it is not clear if any of these definitions can capture the concept of white-box cryptography. In this paper, we discuss the relation between obfuscation and white-box cryptography, and formalize the notion of white-box cryptography by capturing the security requirement using a 'White-Box Property' (WBP). In the second part, we present positive and negative results on white-box cryptography. We show that for interesting programs (such as encryption schemes, and digital signature schemes), there are security notions that cannot be satisfied when adversaries have white-box access, while the notion is satisfied when the adversary has black-box access to its functionality. On the positive side, we show that there exists an obfuscator for a symmetric encryption scheme for which a useful security notion (such as CPA security) remains satisfied when an adversary has access to its white-box implementation.

Category / Keywords: foundations / obfuscation, white-box cryptography, white-box property, universal white-box property, virtual black-box property

Publication Info: none

Date: received 12 Jun 2008, last revised 2 Apr 2009

Contact author: amitabh123 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20090402:182648 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]