Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [white-box]

In cryptography, white box analysis means extracting a secret value from an implementation of a function that uses the value.

In cryptography, white box analysis means extracting a secret value from an implementation of a function that uses the value.

33 questions
46
votes
3 answers

What are the differences Between “White-Box Cryptography” and “Code Obfuscation”?

I have been reading the question "What is a white-box implementation of a cryptographic algorithm?" and it led to this short article / Q&A which states in question 2: Q2: What is the difference with code obfuscation? Related and complementary…
MByD
  • 688
  • 1
  • 6
  • 10
31
votes
2 answers

What is a white-box implementation of a cryptographic algorithm?

What is a white-box implementation? Does a white-box implementation have specific properties?
ir01
  • 4,092
  • 3
  • 22
  • 31
22
votes
6 answers

Are there cryptographic hash functions that can be computed using only paper and pen without leaking any information about the plaintext?

I am looking for a cryptographic hash function that can be computed by a human using only paper and pen without ever leaking any information about the plaintext on the paper. The cryptographic hash function should be computable by an algorithm…
Vincent Yu
  • 392
  • 4
  • 12
14
votes
4 answers

Why to try get key out of white box crypto? How can one protect WBC itself?

Help me understand the following. With WBC the question is mainly being stated as can one try to break WBC to identify the key. My question is: Why would one ever want to do that anyways? If one can locate the WBC itself it should be enough to…
WBC
  • 141
  • 3
13
votes
2 answers

How were the best AES whiteboxes in the CHES 2017 CTF challenge built and broken?

Along CHES 2017 was a Capture the Flag Challenge, aka The WhibOx Contest. Participants submit C source code with interface void AES_128_encrypt(unsigned char ciphertext[16], unsigned char plaintext[16]); that performs AES-128 encryption with some…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
13
votes
1 answer

Where is the key in white-box AES cryptography?

After an initial study of white-box cryptography, specially around the first article (Chow et. al.), I understood each step of transforming the lookup tables of AES into new ones. If I understood it correctly, the purpose is to redefine the AES…
Andriel
  • 237
  • 2
  • 6
11
votes
6 answers

Is there any open-source white-box implementation of AES or DES?

I googled it, but got no result. There is a binary executable of a white-box implementation of DES (scroll down), but no source code is provided. The same page also links various papers about white-box cryptography, but these don't contain the…
ir01
  • 4,092
  • 3
  • 22
  • 31
9
votes
5 answers

Ways to make white-box cryptography AES implementation more difficult to be broken

Background: I want to use white-box cryptography to hide the keys stored in a client application. I am looking for existing implementations of white-box cryptography, such as AES 128 or 256. But I found that almost all the existing implementations…
TJCLK
  • 497
  • 5
  • 19
7
votes
3 answers

How to protect key in software

I need to encrypt/decrypt data from my software by AES, the problem is how to make the AES key secure, there is no HSM, should I hard code the key in my code? It seems that a hacker can read the key data by reverse engineering the software.
Gerry
  • 113
  • 2
  • 6
6
votes
0 answers

Any white-box cryptography for asymmetric-key? What is the latest status of white-box cryptography?

I am learning white-box cryptography. So far, I find the following historical research or implementations, for examples: Published white-box AES algorithms E.g., Chow's WB AES and WB DES (2002), WB AES Dual Ciphers (2010), Lai's WB AES (2009), and…
TJCLK
  • 497
  • 5
  • 19
6
votes
4 answers

Authenticating data generated by a particular build of an open source program

[I was torn between posting here or security.stackexchange.com. In the end, I felt that this was more of a design question, rather than an implementation question and so chose this forum.] My question is: How do I assure myself that the results data…
Ants
  • 181
  • 4
6
votes
1 answer

Status of whitebox cryptography in 2022

There has been a lot of discussion about whitebox cryptography in recent years. However, I haven't found any signs of real world applications using it. Are there any real world IT solutions depending on whitebox cryptography as of 2022? Is any kind…
vojta
  • 291
  • 1
  • 5
5
votes
0 answers

Is it possible to enhance white-box cryptography security by homomorphic encryption?

Background: Let's discussed based on published symmetric white-box crypto only, such as Chow's white-box AES. I only know basic concepts/objectives of homomorphic encryption, such as PHE and FHE. Bring ciphertext into calculation instead of…
TJCLK
  • 497
  • 5
  • 19
4
votes
2 answers

What are some use cases for white-box digital signatures?

There were 2 papers published in the last year, that describe 2 different white-box identity-based digital signature schemes: White-Box Implementation of the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography.…
MiltenPlescott
  • 53
  • 6
4
votes
2 answers

What do we need white box crypto for?

I am familiar with white box cryptography, but somehow I still fail to see its potential applications? Which situations would necessitate using it? Maybe you can even give me an example or two? I know it is used to protect keys, but one could say:…
user37229
1
2 3