International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Towards a Theory of White-Box Security

Amir Herzberg
Haya Shulman
Amitabh Saxena
Bruno Crispo
Search ePrint
Search Google
Abstract: Program hardening for secure execution in remote untrusted environment is an important yet elusive goal of security, with numerous attempts and efforts of the research community to produce secure solutions. Obfuscation is the prevailing practical technique employed to tackle this issue. Unfortunately, no provably secure obfuscation techniques currently exist. Moreover, Barak et al., showed that not all programs can be obfuscated. We present a rigorous approach to {\em program hardening}, based on a new white box primitive, the {\em White Box Remote Program Execution (WBRPE)}, whose security specifications include confidentiality and integrity of both the local and the remote hosts. We then show how the {\em WBRPE} can be used to address the needs of a wide range of applications, e.g. grid computing and mobile agents. Next, we construct a specific program and show that if there exists a secure {\em WBRPE} for that program, then there is a secure {\em WBRPE} for {\em any} program, reducing its security to the underlying {\em WBRPE} primitive. This reduction among two white box primitives introduces new techniques that employ program manipulation.
  title={Towards a Theory of White-Box Security},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / obfuscation, white box security, provable security},
  note={; 13936 received 27 Feb 2008, last revised 27 Feb 2008},
  author={Amir Herzberg and Haya Shulman and Amitabh Saxena and Bruno Crispo},