Navigation

Talk by Estuardo Alpirez Bock: „White-Box Cryptography: Use Cases and Foundations“

On 5 February 2021 at 14:00 CET, Estuardo Alpirez Bock of Aalto University Finland will give a talk on „White-Box Cryptography: Use Cases and Foundations“.

You can join the Zoom meeting with the links provided here.

You will find the abstract of the talk below.

The white-box attack model was introduced in 2002 by Chow, Eisen, Johnson and van Oorschot. In this attack model, we consider an adversary who gets access to the implementation code of a cryptographic algorithm with an embedded secret key. Additionally, the adversary is assumed to be in control of the execution environment of the implementation. White-box cryptography aims to maintain an implementation secure, even in the presence of such a strong adversary. White-box crypto has been widely deployed to protect digital rights management (DRM) and mobile payment applications. Since its introduction, a number of candidate designs for white-box AES and DES have been proposed. Unfortunately, all of these candidates have been subject to key extraction attacks, and it is not clear which level of security white-box cryptographic implementations achieve in real life.

In this talk, we will have a look at the security goals of white-box cryptography.  As we will see, the security properties expected from a white-box program may vary depending on the use case we are considering. In this line, we will study formal security notions for white-box cryptography introduced in the literature and discuss their usefulness. Additionally, we will take a look at provably secure constructions which achieve security in these white-box models. Finally, we will take a look at popular attack strategies on real life implementations of white-box AES.