Towards Security Notions for White-Box Cryptography
While code obfuscation attempts to hide certain characteristics of a program independently of an application, white-box cryptography (WBC) specifically focuses on software implementations of cryptographic primitives in an application. The aim of WBC is to resist attacks from an adversary having access to some ‘executable’ code with an embedded secret key. WBC, if possible, would have several applications. However, unlike obfuscation, it lacks a theoretical foundation. We present a first step towards a theoretical model of WBC via white-box security notions. We also present some positive and negative results on WBC and obfuscation. In particular, we show that for most interesting programs (such as an encryption algorithm), there are security notions that cannot be satisfied when the adversary has white-box access, while they are satisfied when it has black-box access. On the positive side, we show that there exists an obfuscator for a symmetric encryption scheme in the context of a useful security-notion (such as IND-CPA).
KeywordsEncryption Scheme Random Oracle Security Notion Weil Pairing Challenge Ciphertext
Unable to display preview. Download preview PDF.
- 8.Goldwasser, S., Kalai, Y.T.: On the Impossibility of Obfuscation with Auxiliary Input. In: Proceedings of the 46th Symposium on Foundations of Computer Science (FOCS 2005), Washington, DC, USA, pp. 553–562. IEEE Computer Society, Los Alamitos (2005)Google Scholar
- 10.Wee, H.: On Obfuscating Point Functions. In: Proceedings of the 37th ACM Symposium on Theory of Computing (STOC 2005), pp. 523–532. ACM Press, New York (2005)Google Scholar
- 17.Goldwasser, S., Micali, S.: Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information. In: Proceedings of the 14th ACM Symposium on Theory of Computing (STOC 1982), pp. 365–377. ACM Press, New York (1982)Google Scholar
- 19.Saxena, A., Wyseur, B., Preneel, B.: White-box cryptography: Formal notions and (im)possibility results. Cryptology ePrint Archive, Report 2008/273 (2008), http://eprint.iacr.org/