[144490] in cryptography@c2.net mail archive
Re: white-box crypto Was: consulting question....
daemon@ATHENA.MIT.EDU (James Muir)
Fri May 29 10:11:09 2009
Date: Thu, 28 May 2009 09:54:35 -0400
From: James Muir <muir.james.a@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <TheMailAgent.6aa416663d1efc@3c69c7854b4385c1a2eb9>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig263CB0FAB4CBAC19F9D1B2E9
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Alexander Klimov wrote:
> On Tue, 26 May 2009, James Muir wrote:
>> There is some academic work on how to protect crypto in software from
>> reverse engineering. Look-up "white-box cryptography".
>>
>> Disclosure: the company I work for does white-box crypto.
>=20
> Could you explain what is the point of "white-box cryptography" (even
> if it were possible)?
The introduction to the following paper (from SAC 2002) gives a very
good overview of white-box crypto:
http://www.scs.carleton.ca/%7Epaulv/papers/whiteaes.lncs.ps
> If I understand correctly, the only plausible result is to be able to
> use the secret key cryptography as if it were the public-key one, for
> example, to have a program that can do (very slow, btw) AES
> encryption, but be unable to deduce the key (unable to decrypt). If
> this is the case, then why not use normal public-key crypto (baksheesh
> aside)?
You're right -- a white-box implementation of a symmetric cipher
essentially creates an asymmetric cipher. Despite this, there are still
situations where you might want a whitebox AES implementation running on
a client. Consider a server that sends out updates to several hundred
clients (each client has its own key). The clients are subject to
whitebox attacks but the server is not. Rather than force the server to
do several hundred public-key operations when it needs to push out an
update, we might be able to save the server some work if use a symmetric
cipher.
-James
--------------enig263CB0FAB4CBAC19F9D1B2E9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKHper4Arkm0Hw/FIRAimiAKChUubEVSyoaO9yeEYxg4W8YaQ45QCgiP1I
9RezOBP2IJjsje9OtlmsOOk=
=TjmB
-----END PGP SIGNATURE-----
--------------enig263CB0FAB4CBAC19F9D1B2E9--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
