====== White-box Cryptography / Mobile Cryptography / Fully Homomorphic Encryption ======

===== Reviews and overviews =====
  * (2012) The Many Facades of DRM: http://www.whiteboxcrypto.com/files/2012_MISC_DRM.pdf
  * (2009) Brecht Wyseur (COSIC) Ph.D. thesis, (2009), http://www.cosic.esat.kuleuven.be/publications/thesis-152.pdf
  * IBM research lab in Zurich http://www.zurich.ibm.com/security/mobile/
  * Brecht Wyseur (COSIC), http://www.whiteboxcrypto.com/
  * M. Green, Cryptographic obfuscation and 'unhackable' software http://blog.cryptographyengineering.com/2014/02/cryptographic-obfuscation-and.html


===== Fully homomorphic schemes =====
  * (2012) Nice intro and review of existing work in FHE: http://www.americanscientist.org/issues/id.15906,y.2012,no.5,content.true,page.2,css.print/issue.aspx
    * 2.7GB key & 2h computation for every re-encryption (every ~10 multiplication) (how often needed, what is complete time for AES-like function?)
  * Schemes based on integer latices
    * (2011) Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers, http://eprint.iacr.org/2011/440.pdf
      * technique allowing to reduce the public-key size of the van Dijk et al. scheme to 600 KB
    * (2010) Dijk et al., Fully Homomorphic Encryption over the Integers
      * http://eprint.iacr.org/2009/616.pdf
    * (2008) Computing Arbitrary Functions of Encrypted Data, http://crypto.stanford.edu/craig/easy-fhe.pdf
  * Schemes based on Learning-with-errors
    * FIXME
    * 

  * (2005) D. Boneh, E. Goh, and K. Nissim, Evaluating 2-DNF Formulas on Ciphertexts: http://crypto.stanford.edu/~dabo/abstracts/2dnf.html



===== White-box cryptography =====
  * (2012) A Method for Secure and Efficient Block Cipher using White-Box Cryptography, http://dl.acm.org/ft_gateway.cfm?id=2184856&type=pdf
    * citation of our SecureFM
  * (2012) Tutorial for whitebox AES : http://www.ccsl.carleton.ca/~jamuir/papers/wb-aes-tutorial.pdf
  * (2012) Brecht Wyseur, "white-box cryptography: hiding keys in software" http://www.whiteboxcrypto.com/files/2012_misc.pdf
  * (2012) Practical cracking of white-box implementations, http://www.phrack.org/issues.html?issue=68&id=8#article  (Very comprehensive practical cracking of WB AES, low level - assembler.)
  * (2011) Protecting White-Box AES with Dual Ciphers, www.springerlink.com/index/N2555L37310P3358.pdf
  * (2010) Park et al., Methods for Practical Whitebox Cryptography, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05674789
  * (2009) A Secure Implementation of White-Box AES, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05404239
    * (2012) cryptoanalysis: Cryptanalysis of the Xiao - Lai White-Box AES Implementation, http://www.cosic.esat.kuleuven.be/publications/article-2268.pdf
  * (2002) A White-box DES Implementation for DRM Applications : http://crypto.stanford.edu/DRM2002/whitebox.pdf
  * (2002) White-Box Cryptography and an AES Implementation:  http://www.cs.colorado.edu/~jrblack/class/csci7000/s05/project/oorschot-whitebox.pdf

Dual AES, algebraic AES:
  * (2002) Elad Barkan , Eli Biham, In How Many Ways Can You Write Rijndael, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.20.2563 http://www.iacr.org/archive/asiacrypt2002/25010159/25010159.pdf 
  * (2003) Alex Biryukov, Christophe De Canni´ere, An Braeken and Bart Preneel, "A toolbox for cryptanalysis: linear and affine equivalence algorithms," Advances in Cryptology — Eurocrypt 2003, LNCS 2656, Springer-Verlag, 2003, pp. 33–50. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.5225 (Defined 61200 Dual AES ciphers)
  * (2005) Håvard Raddum, More Dual Rijndaels, http://www.springerlink.com/content/djdq65c1ulam05m5/fulltext.pdf (Another way of finding Dual AES)
  * Design of AES Based on Dual Cipher and Composite Field, http://www.springerlink.com/content/ynp9xwge6bxakwrp/fulltext.pdf
  * On algebraic and statistical properties of AES-like ciphers, http://eprints-phd.biblio.unitn.it/151/1/Provatemplate.pdf
  * (2005) Representations and Rijndael Descriptions, https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=13371
  * An Algebraic Interpretation of AES 128, http://link.springer.com/book/10.1007/b137765/page/1
===== Cryptoanalysis =====
  * (2012) Cryptanalysis of the Xiao - Lai White-Box AES Implementation: http://www.cosic.esat.kuleuven.be/publications/article-2268.pdf
  * (2009) Cryptanalysis of a Perturbated White-Box AES Implementation http://www.cosic.esat.kuleuven.be/publications/article-1503.pdf
  * (2009) Cryptoanalysis of generic class White-box implementations: http://www.springerlink.com/content/c563487414362w82/, http://eprint.iacr.org/2008/105.pdf
  * (2005) Cryptanalysis of a White Box AES Implementation, http://bo.blackowl.org/papers/waes.pdf

===== Implementations =====
  * (2004) Svenda, WBACR AES http://www.fi.muni.cz/~xsvenda/securefw.html
  * So far, AES, DES, Serpent (citace)

===== Ideas =====
  * Manipulation of tables via "fault induction"
  * Implementation of Chow, DualAES, Xiao 10MB,  + attacks
  * Clustering of DualAES
  * perf. test on mobile phone
  * scenarios with SC simulated by Whitebox (RKE..)
  * Automatic modification of source code with whitebox techniques
    * detection of suitable code chunks
    * precomputation of tables
    * replace in code
    * support for programmer to identify functions for modification
  * Additional mechanisms needed for cipher engine (CBC-friendly encoding, AE...)
  * Whitebox crypto as defense mechanism against power analysis (smart card code transformed, even when power analysis is successful, only whitebox implementation is recovered)

===== Crypto scanners =====
  * PEiD with the Krypto Analyzer (KANAL) plugin
  * IDA Pro with the Findcrypt plugin
  * OllyDbg with the SnD Crypto Scanner
  * x3chun's Crypto Searcher
  * Keygener Assistant
  * Hash & Crypto Detector (HCD)
  * Draft Crypto Analyzer (DRACA)
  * Sigscan: http://www.xp-dev.com/sc/browse/59556/
  * Signsrch: http://aluigi.org/mytoolz.htm