Results 1 to 11 of 11

Thread: White-Box Cryptography

  1. #1

    White-Box Cryptography

    "White-box cryptography is a technique to hide a secret key into a cryptographic software implementation in a white-box model. In such a model, an adversary has full control over the execution environment.

    A white-box DES encryption binary with embedded secret key. If you like, try to extract the secret key, using all information you can find from this implementation (input-ouput attacks, so called black box attacks, are not allowed). "

    here is there demo link (cygwin1.dll is needed):
    https://www.cosic.esat.kuleuven.be/sopro/wbc/wbDES.exe

    here is there website:
    https://www.cosic.esat.kuleuven.be/sopro/
    https://www.cosic.esat.kuleuven.be/sopro/wbc/

    i'm currently working on this and look at the attached file that i have made :P

    come and join to reverse this protection ... sooner the better

    regards,
    LaBBa.
    Attached Files Attached Files

  2. #2
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Cloakware brags about this white boy stuffs on their website, and yet I wonder how effective it is in the real world... to prevent your softie from getting cracked.

  3. #3
    bwyseur
    Guest

    White-Box DES Cryptanalysis

    The implementations you refer to, are implemented according to the description of white-box DES implementations by Chow et al. [http://crypto.stanford.edu/DRM2002/whitebox.pdf], with some minor improvements [`clarifying obfuscation'-paper, by Link et al.; and some personal improvements].

    I implemented this binary, to test my cryptanalysis results mid 2006. The details of the cryptanalysis are published at SAC'07, and is mentioned on the website you refer to. See also http://eprint.iacr.org/2007/104 for technical details. A different cryptanalysis result has been published at SA'07 too (See http://eprint.iacr.org/2007/035).

    More information on white-box cryptography will appear on a to-be-launched website: http://www.whiteboxcrypto.com. This will include a PhD thesis on this topic, which I'm writing at this very moment.


    You mention that input-output (black-box) attacks are not allowed. I disagree. Every cryptographic implementation should at least be able to withstand black-box attacks. Given full control over the implementation and its execution environment, an adversary could just execute the implementation as black-box as many times as he wishes to. Why would an adversary bother to deploy an more sophisticated white-box attack when simple is possible?

    Protection against implementation attacks (side-channel and white-box) is an extra level of defense, on top of black-box protection. Hence, it only makes sense to implement "secure" ciphers (DES, AES, ...).

    Best regards,
    Brecht Wyseur
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Dmitry
    Guest

    Another White Box scheme

    The scheme presented at link below is not a Rijndael. But this scheme has a similar principle. I'll publish a white box tables generator a little bit later if it is interesting for somebody.
    http://rapidshare.de/files/46842216/wb_sample.rar.html
    Last edited by Dmitry; April 21st, 2009 at 14:51.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    nice ... i will look at this and will respond later..

  6. #6
    I am interested in it
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  7. #7
    Dmitry
    Guest
    http://rapidshare.de/files/47171162/white_box.zip.html
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Thank you!! the code looks VERY interesting, I will have to study it in detail (work permitting), many thanks.
    This looks like to be a very interesting technique, I'm happy to learn it with a 'live' example, thanks again
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  9. #9
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Anyone still have the white box files dmitry posted? Or are they lost for all of time

  10. #10
    Dmitry
    Guest
    Quote Originally Posted by rendari View Post
    Anyone still have the white box files dmitry posted? Or are they lost for all of time
    A paper which describes my approach is presented here: http://eprint.iacr.org/2010/419.pdf.
    Source code and sample are presented here: http://www.guardant.ru/download/personal/white_box.zip.
    Last edited by Dmitry; March 23rd, 2011 at 05:40.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Thank you very much Dmitry!

    And kayaker too

Similar Threads

  1. GPU Cryptography
    By Monk in forum RCE Cryptographics
    Replies: 1
    Last Post: March 23rd, 2010, 11:45
  2. Online Cryptography Course, Washington Uni
    By osirisone in forum RCE Cryptographics
    Replies: 0
    Last Post: November 16th, 2006, 16:59
  3. Handbook of Applied Cryptography
    By Silver in forum RCE Cryptographics
    Replies: 1
    Last Post: August 10th, 2006, 10:47
  4. Cryptography challenge ;)
    By stealthFIGHTER in forum RCE Cryptographics
    Replies: 2
    Last Post: February 15th, 2002, 20:33
  5. Basics of Cryptography
    By Aimless in forum RCE Cryptographics
    Replies: 14
    Last Post: November 1st, 2001, 10:00

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •