Paper 2019/1014

Security Reductions for White-Box Key-Storage in Mobile Payments

Estuardo Alpirez Bock, Chris Brzuska, Marc Fischlin, Christian Janson, and Wil Michiels


The goal of white-box cryptography is to provide security even when the cryptographic implementation is executed in adversarially controlled environments. White-box implementations nowadays appear in commercial products such as mobile payment applications, e.g., those certified by Mastercard. Interestingly, there, white-box cryptography is championed as a tool for secure storage of payment tokens, and importantly, the white-boxed storage functionality is bound to a hardware functionality to prevent code-lifting attacks. In this paper, we show that the approach of using hardware binding and obfuscation for secure storage is conceptually sound. Following security specifications by Mastercard, we first define security for a white-box key derivation functions (WKDF) that is bound to a hardware functionality. WKDFs with hardware-binding model a secure storage functionality, as the WKDFs in turn can be used to derive encryption keys for secure storage. We then provide a proof-of-concept construction of WKDFs based on pseudorandom functions (PRF) and obfuscation. To show that our use of cryptographic primitives is sound, we perform a cryptographic analysis and reduce the security of our WKDF to the cryptographic assumptions of indistinguishability obfuscation and PRF-security. The hardware-functionality that our WKDF is bound to is a PRF-like functionality. Obfuscation helps us to hide the secret key used for the verification, essentially emulating a signature functionality as is provided by the Android key store. We rigorously define the required security properties of a hardware-bound white-box payment application (WPAY) for generating and encrypting valid payment requests. We construct a WPAY, which uses a WKDF as a secure building block. We thereby show that a WKDF can be securely combined with any secure symmetric encryption scheme, including those based on standard ciphers such as AES.

Available format(s)
Publication info
A minor revision of an IACR publication in ASIACRYPT 2020
White-box cryptographysecure key storagehardware-bindingmobile payment
Contact author(s)
estuardo alpirezbock @ gmail com
marc fischlin @ cryptoplexity de
chris brzuska @ gmail com
christian janson @ cryptoplexity de
wil michiels @ nxp com
2020-11-28: revised
2019-09-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Estuardo Alpirez Bock and Chris Brzuska and Marc Fischlin and Christian Janson and Wil Michiels},
      title = {Security Reductions for White-Box Key-Storage in Mobile Payments},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1014},
      year = {2019},
      doi = {10.1007/978-3-030-64837-4_8},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.