Paper 2021/767

White-box cryptography with global device binding from message-recoverable signatures and token-based obfuscation

Shashank Agrawal
Estuardo Alpirez Bock
Yilei Chen
Gaven Watson

White-box cryptography has been proposed as a software protection technique for applications where limited or no hardware-based security is available. In recent years it has been crucial for enabling the security of mobile payment applications. In this paper we continue a recent line of research on device binding for white-box cryptography. Device binding ensures that a white-box program is only executable on one specific device and is unusable elsewhere. Building on this, we ask the following question: is it possible to design a {\em global} white-box program which is compiled once, but can be securely shared with multiple users and bound to each of their devices? Acknowledging this question, we define different flavours of security for such global white-boxes and provide corresponding constructions. We first consider families of \emph{strong} global white-boxes which can be securely distributed and bound to users' devices without the need of sharing secrets between the compiling entity and the users. We then show how such strong global white-boxes can be constructed based on message recoverable signatures (MRS). To this end, we introduce \emph{puncturable} MRS which we build based on puncturable PRFs and indistinguishability obfuscation. Later in the paper we consider the use of Token-Based Obfuscation (TBO) and show that TBO can provide us a direct way to construct global white-boxes, as long as we can securely share a token generation key between the users and compiling entities. While such global white-boxes have weaker security guarantees than their stronger counterparts, our results show that white-box crypto can be built from more accepted assumptions than previously considered. Moreover, TBO allows us to construct white-boxes for any functionality or encryption scheme and thus provides us a very general feasibility result for device binding.

Note: This paper was previously uploaded under the name "White-box Cryptography with Device-Binding from Token-Based Obfuscation and more". The new version of this paper additionally includes a construction of puncturable message-recoverable signatures which simplify the constructions for strong global white-boxes.

Available format(s)
Publication info
White-box cryptography Obfuscation Device-binding Mobile payments
Contact author(s)
estuardo alpirezbock @ gmail com
2022-10-21: revised
2021-06-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shashank Agrawal and Estuardo Alpirez Bock and Yilei Chen and Gaven Watson},
      title = {White-box cryptography with global device binding from message-recoverable signatures and token-based obfuscation},
      howpublished = {Cryptology ePrint Archive, Paper 2021/767},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.