On the Security Goals of White-box Cryptography

06.09.2018 16:30-17:30

On the Security Goals of White-box Cryptography

06.09.2018, 16:30 – 17:30

Speaker: Estuardo Alpírez Bock, Aalto University, Finland | Location: Mornewegstraße 32 (S4|14), Room 3.1.01, Darmstadt

Organizer: Christian Janson, CROSSING


Abstract

The wide deployment of white-box cryptography in payment applications requires applied and foundational academic research to clarify the state-of-the-art. In the recent CHES 2017 White-Box Competition, most white-box candidates of AES were broken within 2 days and all have been broken eventually.

Thus, feasibility studies (or impossibility studies) for white-box cryptography are needed to understand whether white-box cryptography with long-term security can be built. To undertake such a study, we as a community need to clarify which security notions we deem worthwhile studying in this context. Towards this goal, we should take into consideration how application designers might use and implicitly conceive of the security of white-box cryptography.

In this talk, we make the following proposal: The goal of white-box cryptography is to prevent using the cryptographic algorithm beyond the intended usage.

In light of this idea, we discuss limits of the usefulness of the popular security notions of traceability, incompressibility and security against key extraction in the context of payment applications. We then discuss requirements by Mastercard and Visacard for payment applications that they certify.


Short bio

Estuardo Alpírez Bock is a PhD student of Chris Brzuska at the department of Mathematics and Systems Analysis at the Aalto University in Finland. His research focuses on the design of automated attacks on white-box cryptographic implementations, and also on feasibility studies for white-box cryptography. Before, Estuardo was an employee at the Leibniz Institute for High Performance Microelectronics IHP, where he worked on the design and implementation of elliptic curve cryptographic algorithms in the light of side channel analysis attacks.

zur Liste