# BART PRENEEL THESIS

Nevertheless, this result does not exclude the existence of secure code obfuscators: For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09]. Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al. The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions. Shafi Goldwasser and Yael Tauman Kalai.

Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al. On Obfuscating Point Functions. On the Impossibility of Obfuscation with Auxiliary Input. Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09].

Wyseur, and Bart Preneel: On the Impossibility of Obfuscation with Auxiliary Input.

## Bart Preneel

Attacking an obfuscated cipher by injecting faults. Theory White-box cryptography is often linked with code obfuscation, since both aim to protect software implementations. For example, thesks scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

On Obfuscating Point Functions.

# Bart Preneel | SBA Research

It makes sense to define white-box cryptography accordingly since it reflects more reality. Both have received similar scepticism on its feasibility and lack of theoretic foundations. Research Academic research in white-box cryptography can be categorized into three activities.

Jan 13, version: ITCC 1pages A security notion is a formal description of the security of a cryptographic scheme. The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions.

For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be hard to invert.

Similar theoretic approaches have been conceived for white-box cryptography in [Sax09].

Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities. Shafi Goldwasser and Yael Tauman Kalai.

## Whiteboxcrypto

Obfuscation for Cryptographic Purposes. Chand Gupta, and G. Indeed, it does not suffice to only protect an application against extraction of embedded secret keys. Resources Slides March — slides PhD defense. On the Im possibility of Obfuscating Programs.

Ran Canetti and Mayank Varia. Positive Results and Techniques for Obfuscation. White-box implementations and cryptanalysis results A selection of the state of the art: Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al.

Nevertheless, this result does not exclude the existence of secure code obfuscators: