Cryptology ePrint Archive: Report 2020/104

On the Security Goals of White-Box Cryptography

Estuardo Alpirez Bock and Alessandro Amadori and Chris Brzuska and Wil Michiels

Abstract: We discuss existing and new security notions for white-box cryptography and comment on their suitability for Digital Rights Management and Mobile Payment Applications, the two prevalent use-cases of white-box cryptography. In particular, we put forward indistinguishability for white-box cryptography with hardware-binding (IND-WHW) as a new security notion that we deem central. We also discuss the security property of application-binding and explain the issues faced when defining it as a formal security notion. Based on our proposed notion for hardware-binding, we describe a possible white-box competition setup which assesses white-box implementations w.r.t. hardware-binding. Our proposed competition setup allows us to capture hardware-binding in a practically meaningful way.

While some symmetric encryption schemes have been proven to admit plain white-box implementations, we show that not all secure symmetric encryption schemes are white-boxeable in the plain white-box attack scenario, i.e., without hardware-binding. Thus, even strong assumptions such as indistinguishability obfuscation cannot be used to provide secure white-box implementations for arbitrary ciphers. Perhaps surprisingly, our impossibility result does not carry over to the hardware-bound scenario. In particular, Alpirez Bock, Brzuska, Fischlin, Janson and Michiels (ePrint 2019/1014) proved a rather general feasibility result in the hardware-bound model. Equally important, the apparent theoretical distinction between the plain white-box model and the hardware-bound white-box model also translates into practically reduced attack capabilities as we explain in this paper.

Category / Keywords: applications / White-box cryptography, Hardware-binding, Application-binding, Security Notions, Feasibility, AES

Original Publication (in the same form): IACR-CHES-2020

Date: received 2 Feb 2020, last revised 18 Nov 2020

Contact author: estuardo alpirezbock at gmail com, chris brzuska at aalto fi

Available format(s): PDF | BibTeX Citation

Note: This paper will appear in the proceedings of TCHES Volume 2020, Issue 2. Both versions of the paper are essentially identical and differ only in their formatting. We have corrected some typos which appeared on Construction 1.

Version: 20201118:141323 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]