White-box implementations and cryptanalysis results A selection of the state of the art: Attacking an obfuscated cipher by injecting faults. It makes sense to define white-box cryptography accordingly since it reflects more reality. Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities. On Obfuscating Point Functions. For example, a scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered. For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert.

Positive Results and Techniques for Obfuscation. Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al. A security notion is a formal description of the security of a cryptographic scheme. ITCC 1 , pages Shafi Goldwasser and Yael Tauman Kalai. For example, a scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

Nevertheless, this result does not exclude the existence of secure code obfuscators: Indeed, it does not suffice to only protect an application against extraction of embedded secret keys. A security notion is a formal description of the security of a cryptographic scheme.

Chand Gupta, and G.

Both have received similar scepticism on its feasibility and lack of theoretic foundations. On Obfuscating Point Functions. Obfuscation for Cryptographic Purposes. For example, a scheme is defined CPA-secure if an attacker ohd compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

# White-box cryptography

Theory White-box cryptography is often linked with code obfuscation, since both aim to protect software implementations. On the Im possibility of Obfuscating Programs. Resources Slides March — slides PhD defense. ITCC 1pages Thess 13, version: It makes sense to define white-box cryptography accordingly since it reflects more reality.

Research Academic research in white-box cryptography can be categorized into three activities. Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al. Attacking an obfuscated cipher by injecting faults.

# Bart Preneel | SBA Research

For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert.

The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions.

Wyseur, and Bart Preneel: White-box implementations and cryptanalysis results A selection of the state of the art: Ran Canetti and Mayank Varia. On the Impossibility of Obfuscation with Auxiliary Input. Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities.

## Bart Preneel

Shafi Goldwasser and Yael Tauman Kalai. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09]. Positive Results and Techniques for Obfuscation.