Skip to main content
SpringerLink
Log in

Discussion on the theoretical results of white-box cryptography

对白盒密码理论结果的两个注释

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

White-box cryptography (WBC) aims to resist attacks from attackers who can control all the implementation details of cryptographic schemes. In 2009, Saxena et al. proposed a fundamental of white-box cryptography via the notion “white-box property” (WBP). Under this model, they proved that there do not exist obfuscators that can satisfy every security notion for a program (the negative result). On the other hand, they proved that there exists an obfuscator satisfying WBP for some security notion (the positive result). These contributions provide us a general cognition of WBC, which is big progress for the theoretical research. To better understand them, we make discussion on each result and achieve some new results. For the negative result, we prove that insufficiently secure obfuscator is the real cause of the negative result. We point out that the security of a white-box scheme cannot be guaranteed if it is instantiated by a less secure obfuscator, since the obfuscator used in their proof does not satisfy the “Virtual Black-box Property” with auxiliary input. From our proof, we also conclude that the notion WBP is equal to “Virtual Black-box Property with auxiliary input”. For the positive result, we prove that security notion under black-box model should not be used in white-box context without any modification; although the positive result is meaningful, it is unlikely to prove that an obfuscator satisfies WBP for IND-CPA, since the security notion “IND-CPA” is under black-box model, which has different adversary with WBP.

摘要

创新点

为了更好的理解Saxena等人提出的白盒密码的理论成果, 我们做出了两点注释。 对于其否定结论, 我们证明混淆器安全性的不足是导致白盒方案无法满足白盒性的真正原因, 例如不满足 “带辅助输入的虚拟黑盒性” 的混淆器。 从我们的证明中还得出, 概念 “白盒性” 与 “带辅助输入的虚拟黑盒性” 是等价的。 对于其肯定结论, 我们证明黑盒模型下的安全概念在不做修改的情况下不能够使用在白盒环境中; 由于安全概念 “IND-CPA” 是在黑盒模型下定义, 其对应的攻击者与 “白盒性” 所对应的攻击者具有不同的攻击能力, 所以不能证明一个混淆器能够对 “IND-CPA” 满足白盒性。

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Borghoff J, Canteaut A, Gneysu T, et al. Prince–a low-latency block cipher for pervasive computing applications. In: Advances in Cryptology–ASIACRYPT. Berlin: Springer, 2012. 49–58

    Google Scholar 

  2. Wang S B, Zhu Y, Ma D, et al. Lattice-based key exchange on small integer solution problem. Sci China Inf Sci, 2014, 57: 112111

    MathSciNet  Google Scholar 

  3. Chen Z X. Trace representation and linear complexity of binary sequences derived from Fermat quotients. Sci China Inf Sci, 2014, 57: 112109

    MathSciNet  Google Scholar 

  4. Chow S, Eisen P, Johnson H, et al. White-box cryptography and an AES implementation. In: Selected Areas in Cryptography. Berlin: Springer, 2003. 250–270

    Chapter  Google Scholar 

  5. Chow S, Eisen P, Johnson H, et al. A white-box DES implementation for DRM applications. In: Digital Rights Management. Berlin: Springer, 2003. 1–15

    Chapter  Google Scholar 

  6. Xiao Y Y, Lai X J. A secure implementation of white-box AES. In: Proceedings of the 2nd International Conference on Computer Science and its Applications, Jeju, 2009. 1–6

    Google Scholar 

  7. Karroumi M. Protecting white-box AES with dual ciphers. In: Information Security and Cryptology-ICISC. Berlin: Springer, 2011. 278–291

    Google Scholar 

  8. Bringer J, Chabanne H, Dottax E. White box cryptography: another attempt. IACR Cryptology ePrint Archive, 2006, 2011: 468

    Google Scholar 

  9. Xiao Y Y, Lai X J. White-box cryptography and a white-box implementation of the SMS4 algorithm. In: ChinaCrypt, Guangzhou, 2009. 24–34

    Google Scholar 

  10. Shi Y, Wei W, He Z. A lightweight white-box symmetric encryption algorithm against node capture forWSNs. Sensors, 2015, 15: 11928–11952

    Article  Google Scholar 

  11. Link H E, Neumann W D. Clarifying obfuscation: improving the security of white-box DES. In: Proceedings of IEEE International Conference on Information Technology: Coding and Computing, Las Vegas, 2005, 1: 679–684

    Google Scholar 

  12. Wyseur B, Michiels W, Gorissen P, et al. Cryptanalysis of white-box DES implementations with arbitrary external encodings. In: Selected Areas in Cryptography. Berlin: Springer, 2007. 264–277

    Chapter  Google Scholar 

  13. Goubin L, Masereel J M, Quisquater M. Cryptanalysis of white box DES implementations. In: Selected Areas in Cryptography. Berlin: Springer, 2007. 278–295

    Chapter  Google Scholar 

  14. Billet O, Gilbert H, Ech-Chatbi C. Cryptanalysis of a white box AES implementation. In: Selected Areas in Cryptography. Berlin: Springer, 2005. 227–240

    Google Scholar 

  15. Michiels W, Gorissen P, Hollmann H D L. Cryptanalysis of a generic class of white-box implementations. In: Selected Areas in Cryptography. Berlin: Springer, 2009. 414–428

    Chapter  Google Scholar 

  16. De Mulder Y, Roelse P, Preneel B. Cryptanalysis of the Xiao-Lai white-box AES Implementation. In: Selected Areas in Cryptography. Berlin: Springer, 2013. 34–49

    Chapter  Google Scholar 

  17. Lepoint T, Rivain M, De Mulder Y, et al. Two attacks on a white-box AES implementation. In: Selected Areas in Cryptography–SAC 2013. Berlin: Springer, 2014. 265–285

    Chapter  Google Scholar 

  18. De Mulder Y, Wyseur B, Preneel B. Cryptanalysis of a perturbated white-box AES implementation. In: Progress in Cryptology-INDOCRYPT. Berlin: Springer, 2010. 292–310

    Google Scholar 

  19. Lin T T, Lai X J. Efficient attack to white-box SMS4 implementation. J Softw, 2013, 24: 2238–2249

    Article  MathSciNet  Google Scholar 

  20. Gilbert H, Plt J, Treger J. Key-recovery attack on the ASASA cryptosystem with expanding S-boxes. In: Advances in Cryptology–CRYPTO 2015. Berlin: Springer, 2015. 475–490

    Chapter  Google Scholar 

  21. Herzberg A, Shulman H, Saxena A, et al. Towards a theory of white-box security. In: Emerging Challenges for Security, Privacy and Trust. Berlin: Springer, 2009. 342–352

    Chapter  Google Scholar 

  22. Saxena A, Wyseur B, Preneel B. Towards security notions for white-box cryptography. In: Information Security. Berlin: Springer, 2009. 49–58

    Chapter  Google Scholar 

  23. Saxena A, Wyseur B, Preneel B. White-box cryptography: formal notions and (im) possibility results. IACR Cryptology ePrint Archive, 2008, 2008: 273

    Google Scholar 

  24. Valiant L G. A theory of the learnable. Commun ACM, 1984, 27: 1134–1142

    Article  MATH  Google Scholar 

  25. Linial N, Mansour Y, Nisan N. Constant depth circuits, fourier transform, and learnability. J ACM (JACM), 1993, 40: 607–620

    Article  MathSciNet  MATH  Google Scholar 

  26. Lynn B, Prabhakaran M, Sahai A. Positive results and techniques for obfuscation. In: Advances in Cryptology- EUROCRYPT. Berlin: Springer, 2004. 20–39

    Google Scholar 

  27. Wee H. On obfuscating point functions. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing. New York: ACM, 2005. 523–532

    Google Scholar 

  28. Hada S. Zero-knowledge and code obfuscation. In: Advances in Cryptology A SIACRYPT. Berlin: Springer, 2000. 443–457

    Google Scholar 

  29. Barak B, Goldreich O, Impagliazzo R, et al. On the (im) possibility of obfuscating programs. In: Advances in cryptology CRYPTO 2001. Berlin: Springer, 2001. 1–18

    Chapter  Google Scholar 

  30. Canetti R, Dakdouk R R. Extractable perfectly one-way functions. In: Automata, Languages and Programming. Berlin: Springer, 2008. 449–460

    Chapter  Google Scholar 

  31. Canetti R, Rothblum G N, Varia M. Obfuscation of hyperplane membership. In: Theory of Cryptography. Berlin: Springer, 2010, 10: 72–89

    MathSciNet  MATH  Google Scholar 

  32. Barak B, Bitansky N, Canetti R, et al. Obfuscation for evasive functions. In: Theory of Cryptography. Berlin: Springer, 2014. 26–51

    Chapter  Google Scholar 

  33. Goldwasser S, Kalai Y T. On the impossibility of obfuscation with auxiliary input. In: Proceedings of IEEE 46th Annual Symposium on Foundations of Computer Science, Los Alamitos, 2005. 553–562

    Google Scholar 

  34. Garg S, Gentry C, Halevi S, et al. Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proceedings of IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS), Berkeley, 2013. 40–49

    Google Scholar 

  35. Sahai A, Waters B. How to use indistinguishability obfuscation: deniable encryption, and more. In: Proceedings of the 46th Annual ACM Symposium on Theory of Computing. New York: ACM, 2014. 475–484

    Google Scholar 

  36. Hohenberger S, Sahai A, Waters B. Replacing a random oracle: full domain hash from indistinguishability obfuscation. In: Advances in Cryptology-EUROCRYPT. Berlin: Springer, 2014. 201–220

    Google Scholar 

  37. Pandey O, Prabhakaran M, Sahai A. Obfuscation-based non-black-box simulation and four message concurrent zero knowledge for np. In: Theory of Cryptography. Berlin: Springer, 2015. 638–667

    Chapter  Google Scholar 

  38. Goldwasser S, Rothblum G N. On best-possible obfuscation. In: Theory of Cryptography. Berlin: Springer, 2007. 194–213

    Chapter  Google Scholar 

  39. Barak B, Goldreich O, Impagliazzo R, et al. On the (im) possibility of obfuscating programs. J ACM (JACM), 2012, 59: 6

    Article  MathSciNet  MATH  Google Scholar 

  40. Bitansky N, Canetti R, Cohn H, et al. The impossibility of obfuscation with auxiliary input or a universal simulator. In: Advances in Cryptology CRYPTO. Berlin: Springer, 2014. 71–89

    Google Scholar 

  41. Ananth P, Boneh D, Garg S, et al. Differing-inputs obfuscation and applications. IACR Cryptology ePrint Archive, 2013, 2013: 689

    Google Scholar 

  42. Boyle E, Chung K M, Pass R. On extractability obfuscation. In: Theory of Cryptography. Berlin: Springer, 2014. 52–73

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cryptography and Information Security Lab, Department of Computer Science, Shanghai Jiao Tong University, Shanghai, 200240, China

    Tingting Lin, Xuejia Lai, Weijia Xue & Geshi Huang

Authors
  1. Tingting Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xuejia Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weijia Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Geshi Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xuejia Lai.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lin, T., Lai, X., Xue, W. et al. Discussion on the theoretical results of white-box cryptography. Sci. China Inf. Sci. 59, 112101 (2016). https://doi.org/10.1007/s11432-015-5474-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-015-5474-8

Keywords

关键词

Search

Navigation