ph4r05 / Whitebox-crypto-AES

Whitebox AES implementation in C++. Chow, Karroumi.
https://is.muni.cz/th/325219/fi_m/
337 stars 112 forks source link

Practical usage of this implementation #16

Closed nemirst closed 7 years ago

nemirst commented 7 years ago

Hi! I was wondering if this implementation aims to provide practical protection of keys / data. Currently it seems to me that implementation does not generate any code but it generates tables which hide internal key. And tables (WBAES object) could be serialized to file. But attacker could easily read tables and use it for decryption of ciphertext previously encrypted by same tables. So it looks like tables themself act like a key in a sense that ciphertext can be decrypted if you have them. Of course it's difficult to extract embedded key but attacker would not need it as tables (WBAES object) could be used directly for decryption. And tables themselves are not hidden. Am I missing something?

ph4r05 commented 7 years ago

This is the core idea & problem of the white-box cryptography in general. In order to use it you need to know how to use it and if it suits your use-case.

To make life of the attacker harder you can use external input/output mappings as described in the literature or my diploma thesis (links in readme on main page)