Both have received similar scepticism on its feasibility and lack of theoretic foundations. Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities. Chand Gupta, and G. It makes sense to define white-box cryptography accordingly since it reflects more reality. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09]. The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions. Shafi Goldwasser and Yael Tauman Kalai.

Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities. Resources Slides March — slides PhD defense. For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert. Shafi Goldwasser and Yael Tauman Kalai. Ran Canetti and Mayank Varia. On the Im possibility of Obfuscating Programs.

White-box implementations and cryptanalysis results A selection of the state of the art: Jan 13, version: Resources Slides March — slides PhD defense.

Theory White-box cryptography is often linked with code obfuscation, since both aim to protect software implementations. Wyseur, and Bart Preneel: On the Impossibility of Obfuscation with Auxiliary Input. Obfuscation for Cryptographic Purposes.

On Obfuscating Point Functions. Attacking an obfuscated cipher by injecting faults.

## Whiteboxcrypto

ITCC 1pages Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al. Indeed, it does not suffice to only protect an application against extraction of embedded secret keys.

Wee [Wee05] presented a provably secure obfuscator for a point function, preneel can be exploited in practice to construct authentication functionalities. Positive Results and Techniques for Obfuscation.

# Bart Preneel | SBA Research

Chand Gupta, and G. Research Academic research in white-box cryptography can be categorized into three activities. The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions.

Both have received similar scepticism on its feasibility and lack of theoretic foundations. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09].

## Bart Preneel

Shafi Goldwasser and Yael Tauman Kalai. For example, a batt is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

Ran Canetti and Mayank Varia. Nevertheless, this result does not exclude the existence of secure code obfuscators: It makes sense to define white-box cryptography accordingly since it reflects more reality.

# White-box cryptography

On the Im possibility of Obfuscating Programs. A security notion is a formal description of the security of a cryptographic scheme.

For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert.