The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed
in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and
access to the full text.
On the second hand, it deals with Ph.D. subjects
currently under investigation. This way, we provide a timely
map of contemporary research in cryptology.
All entries or changes need to be approved by an editor. You can contact them via phds (at) iacr.org.
Brecht Wyseur (#428)
Topic of his/her doctorate.
White-box cryptography, obfuscation, software security
Year of completion
This thesis studies the topic of white-box cryptography (WBC), which focuses on software implementations of cryptographic primitives (such as encryption schemes). Traditionally, cryptographic primitives are designed to protect data and keys against black-box attacks. In such a context, an adversary has knowledge of the algorithm and may examine various inputs to and outputs from the system, but has no access to the internal details of the execution of a key instantiated primitive. In contrast, the goal of white-box implementations is to provide a degree of robustness against attacks from the execution environment. In such an environment, an adversary has unrestricted access to the software implementation.
The main part of this dissertation covers the security assessment of white-box implementations. This contribution is two-fold: we study practical white-box techniques and perform a theoretical study. First, a study is conducted on the practical white-box implementations of DES and AES encryption algorithms, which includes their cryptanalysis. Subsequently, generic cryptanalysis results are described, which opens a discussion towards white-box design strategies.
Since no formal definitions of white-box cryptography were presented before and the proposed white-box implementations did not come with any proof of security, we initiate a study towards a theoretical model for white-box cryptography. The study on formal models of obfuscation and provable security leads to a
definition where we capture the security requirements of WBC defined over some cryptographic scheme and a security notion. This new theoretical model provides a context to investigate the security of white-box implementations, which leads to a number of positive and negative results.
Considering the practical interest of research in WBC, we conclude with an overview of a selection of applications and related research ?elds that might bene?t from and contribute to this research topic.