Whiteboxcrypto

News

August 2012
Yoni de Mulder has published his cryptanalysis of the Xiao-Lai white-box AES implementation.

ABSTRACT: In the white-box attack context, i.e., the setting where an implementation of a cryptographic algorithm is executed on an untrusted platform, the adversary has full access to the implementation and its execution environment. In 2002, Chow et al. presented a white-box AES implementation which aims at preventing key-extraction in the white-box attack context. However, in 2004, Billet et al. presented an efficient practical attack on Chow et al.'s white-box AES implementation. In response, in 2009, Xiao and Lai proposed a new white-box AES implementation which is claimed to be resistant against Billet et al.'s attack. This paper presents a practical cryptanalysis of the white-box AES implementation proposed by Xiao et al. The linear equivalence algorithm presented by Biryukov et al. is used as a building block. The cryptanalysis efficiently extracts the AES key from Xiao et al.'s white-box AES implementation with a work factor of about 2^32.

The paper:
April 2012
SysK has published his attack on my WB-DES challenge in Phrack. See http://phrack.org
An article with a general introduction to white-box cryptography has been published in MISC magazine, special edition on cryptography. An English version of the article on WBC is available here .

The magazine also includes an article on DRM security by Rod Schultz; an English version of which is also available here . His article covers some practical aspects related to white-box cryptography too.
March 2012
A tutorial on White-Box AES, published by James A. Muir




Contact me if pointers are missing! (yes, there are)