Within the context of this discussion: WBC on AES would mean that one would be able to execute a white-box AES software implementation, but would not be able to "read"/extract the secret key that is used.
Basically, WBC is a set of very dedicated obfuscation techniques to implement a cryptographic scheme in a "secure" way.
IMHO, The main disction with "usual" obfuscation is the following:
* Obfuscation is a computer science term that refers to hardening a given application, such that it is difficult to reverse engineer. That is, to make it difficult to understand what functionalities are implemented, and how.
* In white-box cryptography on the other hand, an adverary will know that a specific scheme (such as the AES) is implemented, and how it is implemented: the compiler and program specifications are public; the cryptographic key, and the randomness that is used at compilation-phase is private. This is similar to the Kerckhoffs-principle in cryptography, where the security of a scheme should not break down when the specifications of a scheme are known.
If you have any further questions, feel free to contact me.
In the near future, I plan to setup a webpage on http://www.whiteboxcrypto.com where I will adress these issues, and explain how WBC works.
Basically, WBC is a set of very dedicated obfuscation techniques to implement a cryptographic scheme in a "secure" way.
IMHO, The main disction with "usual" obfuscation is the following:
* Obfuscation is a computer science term that refers to hardening a given application, such that it is difficult to reverse engineer. That is, to make it difficult to understand what functionalities are implemented, and how.
* In white-box cryptography on the other hand, an adverary will know that a specific scheme (such as the AES) is implemented, and how it is implemented: the compiler and program specifications are public; the cryptographic key, and the randomness that is used at compilation-phase is private. This is similar to the Kerckhoffs-principle in cryptography, where the security of a scheme should not break down when the specifications of a scheme are known.
There have been some attempts to formalize white-box cryptography. See https://www.cosic.esat.kuleuven.be/publications/article-1260...
If you have any further questions, feel free to contact me. In the near future, I plan to setup a webpage on http://www.whiteboxcrypto.com where I will adress these issues, and explain how WBC works.
Best regards, Brecht Wyseur