Positive Results and Techniques for Obfuscation. A security notion is a formal description of the security of a cryptographic scheme. Obfuscation for Cryptographic Purposes. Ran Canetti and Mayank Varia. Wyseur, and Bart Preneel: The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions. For example, a scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert. Nevertheless, this result does not exclude the existence of secure code obfuscators: It makes sense to define white-box cryptography accordingly since it reflects more reality. On the Impossibility of Obfuscation with Auxiliary Input. Theory White-box cryptography is often linked with code obfuscation, since both aim to protect software implementations.

## Whiteboxcrypto

On Obfuscating Point Functions. Ran Canetti and Mayank Varia.

ITCC 1pages On the Im possibility of Obfuscating Programs. Research Academic research in white-box cryptography can be categorized into three activities. A security notion is a formal description of the security of a cryptographic scheme. Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities.

# Bart Preneel | SBA Research

Attacking an obfuscated cipher by injecting faults. It makes sense to define white-box cryptography accordingly since it reflects more reality.

On the Impossibility of Obfuscation with Auxiliary Input. Jan 13, version: Shafi Goldwasser and Yael Tauman Kalai.

White-box implementations and cryptanalysis results A selection of the state of the art: Indeed, it does not suffice to only protect an application against extraction of embedded secret keys. Resources Slides March — slides PhD defense. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09]. For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert.

# White-box cryptography

Positive Results and Techniques for Obfuscation. The main difference between code obfuscation and white-box cryptography is bwrt the security of the latter needs to be validated with respect to security notions. Nevertheless, this result does not exclude the existence of secure code obfuscators: Chand Gupta, and G. For example, a scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

Theoretic research on code obfuscation gained momentum with the seminal hhesis of Barak et al.

Theory White-box cryptography is often linked with code obfuscation, since both aim to protect software implementations. Both have received similar scepticism on its feasibility and lack of theoretic foundations.

Wyseur, and Bart Preneel: Obfuscation for Cryptographic Purposes.