6

I am learning white-box cryptography. So far, I find the following historical research or implementations, for examples:

  • Published white-box AES algorithms

E.g., Chow's WB AES and WB DES (2002), WB AES Dual Ciphers (2010), Lai's WB AES (2009), and more papers.

  • White-box crypto included challenges

    E.g., NoSuchCon 2013, CHES 2017, and more red/blue team challenges on white-box

  • Published cryptoanalysis or tutorials

    E.g., cryptoanalysis on WB AES and DES, WB AES tutorial, NXP's options, and much more.

  • Published individual projects on GitHub and another website

After I read this white-box related information, I have these questions:

  1. All the white-box crypto are designed on symmetric-key algorithms (AES & DES). Is there any asymmetric-key based white-box algorithms?

  2. Many published white-box algorithms had been broken (see my another post). It seems that the white-box is not widely adopted by industries. How white-box could be implemented (aka opportunities) in the real industrial applications? For example, protect secrets hardcoded in the non-free code?

  3. What are the latest white-box crypto design/development trends? no matter for academic research or industrial implementation.

R1w
  • 1,952
  • 4
  • 20
  • 45
TJCLK
  • 497
  • 5
  • 19
  • 2
    What does a white-box asymmetric encryption algorithm protect? If the encryption key is already public, it's not clear to me what having a white box version of the algorithm would accomplish. – Ella Rose Jun 27 '19 at 02:47
  • 1
    @ella: maybe use white-box to hide the private key from extraction – TJCLK Jun 27 '19 at 03:31
  • 1
    To do what? In symmetric key crypto, you want to give away a program that has the secret key hardcoded and encrypts messages, so that the program can be used to encrypt, but not to decrypt. With asymmetric crypto, this is possible by definition: you can encrypt with the public key, and it does not help you to decrypt. If you want, you can think of the public key of an asymmetric scheme as a white-box obfuscation of the encryption program with the secret key hardcoded in it, but not extractable from it. – Geoffroy Couteau Jun 27 '19 at 11:03
  • 1
    White-box is definitely deployed by the industry, you can also buy libraries containing white-box implementations of RSA and elliptic curves cryptography, even if from a purely theoretical standpoint the latter might not make sense. For the latest trends you can take a look at the slides of the workshop https://www.cryptoexperts.com/whibox2019/ A good paper you didn't mention is ia.cr/2018/049 – j.p. Jun 27 '19 at 14:31
  • @j.p.: this is helpful. one question: i cannot find published "white-box implementations of RSA and elliptic curves cryptography", could u share the resource? one of my idea is use symmetric white-box AES to encrypt or decrypt asymmetric private key. – TJCLK Jun 28 '19 at 02:17
  • 1
    @LiDong: To my knowledge white-box implementations of RSA and elliptic curves are only commercially availble, i.e., you have to pay for it. I do not know of any open source implementations. – j.p. Jun 28 '19 at 05:16
  • white-box cryptography may be used to bind the cryptographic operation to a given device. So, asymmetric white-box cryptography makes sense. Avoiding key-extraction and force the user to use a given device to do something and avoid him doing the same on a "standard pc with a open source crypto library". – ddddavidee Jun 28 '19 at 07:17
  • Apparently there were some industrial implementations of AES at the WhibOx competitions 2017 and 2019 ( https://whibox-contest.github.io/2017/dashboard https://whibox-contest.github.io/2019/dashboard ), but everything submitted was broken during or after the competition. – Fractalice Feb 14 '21 at 16:02
  • 1
    I've closed this question as it consists of (at least) 3 topics. Although they are all about white box cryptography, they are far enough apart that they warrant their own question; many persons knowing about white box crypto could possibly only answer one or two questions of above. – Maarten Bodewes Feb 14 '21 at 18:02

0 Answers0