Programm 30C3

The goal of white-box cryptography is to protect cryptographic keys in a public implementation of encryption algorithms, primarily in the context of Pay-TV and tamper-resistant software. I present an overview of the white-box cryptography concept along with the most common applications and proposed designs. I discuss the subtle difference between white-box cryptography, public-key cryptography, and obfuscation.

The informal notion of white-box cryptography was coined by Chow et al. 2002 as a method to protect cryptographic keys in a public implementation of encryption algorithms, which is fully accessed by an adversary. White-box implementations of the AES and DES ciphers were presented, but they were all badly broken. Subsequent attempts were no better. Whereas some theoretical foundations of white-box cryptography have been given recently in Wyseur's PhD thesis, so far they have not lead to any practical scheme.

I present an overview of the white-box cryptography concept along with the most common applications and proposed designs. I discuss the subtle difference between white-box cryptography, public-key cryptography, and obfuscation. I try to answer the question if the security of a white-box scheme can be relied on public scrutiny in contrast to the hardness assumptions behind RSA and other public-key schemes.

Alongside the theoretical results, I present some well-known attempts to construct a white-box cryptographic scheme from the AES and DES ciphers, and show their inherent weaknesses. Finally, I discuss some potential methods to construct a secure white-box cipher from scratch using the results from finite fields theory and public-key cryptography.

Info

Tag: 29.12.2013
Anfang: 17:15 Uhr
Dauer: 01:00
Room: Saal 2
Track: Security & Safety
Sprache: en

Links:

• iCalendar

Dateien

• Slides
• Datei

Feedback

Uns interessiert deine Meinung! Wie fandest du diese Veranstaltung?