Alexander Klimov wrote: > On Tue, 26 May 2009, James Muir wrote: >> There is some academic work on how to protect crypto in software from >> reverse engineering. Look-up "white-box cryptography". >> >> Disclosure: the company I work for does white-box crypto. > > Could you explain what is the point of "white-box cryptography" (even > if it were possible)?
The introduction to the following paper (from SAC 2002) gives a very good overview of white-box crypto: http://www.scs.carleton.ca/%7Epaulv/papers/whiteaes.lncs.ps > If I understand correctly, the only plausible result is to be able to > use the secret key cryptography as if it were the public-key one, for > example, to have a program that can do (very slow, btw) AES > encryption, but be unable to deduce the key (unable to decrypt). If > this is the case, then why not use normal public-key crypto (baksheesh > aside)? You're right -- a white-box implementation of a symmetric cipher essentially creates an asymmetric cipher. Despite this, there are still situations where you might want a whitebox AES implementation running on a client. Consider a server that sends out updates to several hundred clients (each client has its own key). The clients are subject to whitebox attacks but the server is not. Rather than force the server to do several hundred public-key operations when it needs to push out an update, we might be able to save the server some work if use a symmetric cipher. -James
Description: OpenPGP digital signature