====== White-box Cryptography / Mobile Cryptography / Fully Homomorphic Encryption ====== ===== Reviews and overviews ===== * (2012) The Many Facades of DRM: http://www.whiteboxcrypto.com/files/2012_MISC_DRM.pdf * (2009) Brecht Wyseur (COSIC) Ph.D. thesis, (2009), http://www.cosic.esat.kuleuven.be/publications/thesis-152.pdf * IBM research lab in Zurich http://www.zurich.ibm.com/security/mobile/ * Brecht Wyseur (COSIC), http://www.whiteboxcrypto.com/ * M. Green, Cryptographic obfuscation and 'unhackable' software http://blog.cryptographyengineering.com/2014/02/cryptographic-obfuscation-and.html ===== Fully homomorphic schemes ===== * (2012) Nice intro and review of existing work in FHE: http://www.americanscientist.org/issues/id.15906,y.2012,no.5,content.true,page.2,css.print/issue.aspx * 2.7GB key & 2h computation for every re-encryption (every ~10 multiplication) (how often needed, what is complete time for AES-like function?) * Schemes based on integer latices * (2011) Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers, http://eprint.iacr.org/2011/440.pdf * technique allowing to reduce the public-key size of the van Dijk et al. scheme to 600 KB * (2010) Dijk et al., Fully Homomorphic Encryption over the Integers * http://eprint.iacr.org/2009/616.pdf * (2008) Computing Arbitrary Functions of Encrypted Data, http://crypto.stanford.edu/craig/easy-fhe.pdf * Schemes based on Learning-with-errors * FIXME * * (2005) D. Boneh, E. Goh, and K. Nissim, Evaluating 2-DNF Formulas on Ciphertexts: http://crypto.stanford.edu/~dabo/abstracts/2dnf.html ===== White-box cryptography ===== * (2012) A Method for Secure and Efficient Block Cipher using White-Box Cryptography, http://dl.acm.org/ft_gateway.cfm?id=2184856&type=pdf * citation of our SecureFM * (2012) Tutorial for whitebox AES : http://www.ccsl.carleton.ca/~jamuir/papers/wb-aes-tutorial.pdf * (2012) Brecht Wyseur, "white-box cryptography: hiding keys in software" http://www.whiteboxcrypto.com/files/2012_misc.pdf * (2012) Practical cracking of white-box implementations, http://www.phrack.org/issues.html?issue=68&id=8#article (Very comprehensive practical cracking of WB AES, low level - assembler.) * (2011) Protecting White-Box AES with Dual Ciphers, www.springerlink.com/index/N2555L37310P3358.pdf * (2010) Park et al., Methods for Practical Whitebox Cryptography, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05674789 * (2009) A Secure Implementation of White-Box AES, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05404239 * (2012) cryptoanalysis: Cryptanalysis of the Xiao - Lai White-Box AES Implementation, http://www.cosic.esat.kuleuven.be/publications/article-2268.pdf * (2002) A White-box DES Implementation for DRM Applications : http://crypto.stanford.edu/DRM2002/whitebox.pdf * (2002) White-Box Cryptography and an AES Implementation: http://www.cs.colorado.edu/~jrblack/class/csci7000/s05/project/oorschot-whitebox.pdf Dual AES, algebraic AES: * (2002) Elad Barkan , Eli Biham, In How Many Ways Can You Write Rijndael, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.20.2563 http://www.iacr.org/archive/asiacrypt2002/25010159/25010159.pdf * (2003) Alex Biryukov, Christophe De Canni´ere, An Braeken and Bart Preneel, "A toolbox for cryptanalysis: linear and affine equivalence algorithms," Advances in Cryptology — Eurocrypt 2003, LNCS 2656, Springer-Verlag, 2003, pp. 33–50. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.5225 (Defined 61200 Dual AES ciphers) * (2005) Håvard Raddum, More Dual Rijndaels, http://www.springerlink.com/content/djdq65c1ulam05m5/fulltext.pdf (Another way of finding Dual AES) * Design of AES Based on Dual Cipher and Composite Field, http://www.springerlink.com/content/ynp9xwge6bxakwrp/fulltext.pdf * On algebraic and statistical properties of AES-like ciphers, http://eprints-phd.biblio.unitn.it/151/1/Provatemplate.pdf * (2005) Representations and Rijndael Descriptions, https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=13371 * An Algebraic Interpretation of AES 128, http://link.springer.com/book/10.1007/b137765/page/1 ===== Cryptoanalysis ===== * (2012) Cryptanalysis of the Xiao - Lai White-Box AES Implementation: http://www.cosic.esat.kuleuven.be/publications/article-2268.pdf * (2009) Cryptanalysis of a Perturbated White-Box AES Implementation http://www.cosic.esat.kuleuven.be/publications/article-1503.pdf * (2009) Cryptoanalysis of generic class White-box implementations: http://www.springerlink.com/content/c563487414362w82/, http://eprint.iacr.org/2008/105.pdf * (2005) Cryptanalysis of a White Box AES Implementation, http://bo.blackowl.org/papers/waes.pdf ===== Implementations ===== * (2004) Svenda, WBACR AES http://www.fi.muni.cz/~xsvenda/securefw.html * So far, AES, DES, Serpent (citace) ===== Ideas ===== * Manipulation of tables via "fault induction" * Implementation of Chow, DualAES, Xiao 10MB, + attacks * Clustering of DualAES * perf. test on mobile phone * scenarios with SC simulated by Whitebox (RKE..) * Automatic modification of source code with whitebox techniques * detection of suitable code chunks * precomputation of tables * replace in code * support for programmer to identify functions for modification * Additional mechanisms needed for cipher engine (CBC-friendly encoding, AE...) * Whitebox crypto as defense mechanism against power analysis (smart card code transformed, even when power analysis is successful, only whitebox implementation is recovered) ===== Crypto scanners ===== * PEiD with the Krypto Analyzer (KANAL) plugin * IDA Pro with the Findcrypt plugin * OllyDbg with the SnD Crypto Scanner * x3chun's Crypto Searcher * Keygener Assistant * Hash & Crypto Detector (HCD) * Draft Crypto Analyzer (DRACA) * Sigscan: http://www.xp-dev.com/sc/browse/59556/ * Signsrch: http://aluigi.org/mytoolz.htm