

White-Box Cryptography: Hiding Keys in Software (2012) [pdf] - chetanahuja
http://www.whiteboxcrypto.com/files/2012_misc.pdf

======
xnull2guest
"Despite all the new constructions that have been presented, the security of
white-box cryptography is very unclear. Almost all of the presented
constructions have been shown insecure with academic cryptanalysis papers that
have been published. Only a few constructions remain ‘unbroken’, but they are
merely a minor tweak to existing constructions – hence the existing attacks
will apply with little effort."

Actually, the security is quite clear. If your application is important and
you have a motivated or funded attacker, white box cryptography isn't going to
do much for you.

That seems to be the overall point of the paper. You can add a small delay or
confuse those who are curious but not dedicated.

"These days, white-box cryptography is being used in real-world applications;
mainly DRM applications. While academic attacks have been published, as far as
we know, no attacks on commercial white-box implementations have been seen.
Instead, attackers focus on other parts of the system and exploit the
cryptographic functionality without attacking it."

This can also read "we do not know if they have been attacked or not". (It's
not fair that not knowing implies assuming none have). In addition there's
also other ways attackers circumvent the use of white-box-crypto without
needing to break it - they are aware of these but don't address them in the
paper.

 _Shrug_ Waiting for secure obfuscators to get small enough. Give it 25 years.
:)

------
csense
If the attacker is assumed to have access to every byte of your software's
code and data, how would it be possible to stop that attacker from breaking
off part of that software's functionality and turning it into a library?

It seems like that is the goal for white box cryptography, and I am very
skeptical about its feasibility.

