White-box cryptographic software is software which performs cryptographic functions in a white-box attack context; that is, in an environment in which at least portions of a software application, and potentially the entire implementation, is potentially exposed to an attacker who has at least some degree of control, and possibly complete control, of the platform on which the software is running.
Such a context arises, for example, in connection with cryptographic applications such as digital rights management (DRM), where television programs, movies, music, and the like, are shown on a personal computer (PC) or other similar commodity computational device, rather than on a conventional television via broadcast or via a DVD player. While many owners of such commodity devices will respect copyright laws, there are others who will attempt to make a profit on media directed to PCs or similar devices by stealing the content without paying its owners for their use by making and selling illicit copies of the media content. PCs are a particularly exposed environment: a knowledgeable attacker can gain complete control of the device and can watch the software running in detail and control, halt, or modify its execution using a debugger, and can repeatedly execute the same code looking for patterns of behavior which can be exploited, and the like.
White-box cryptographic software is designed to run in such a context. A cryptographic function targeted to the white-box attack context, while it may well implement a conventional cipher, implements it in profoundly unconventional ways, in order to impede the understanding of the attacker of the way in which the software operates. For example, typically, the keys are either embedded in the remainder of the white-box cryptographic software by partial evaluation, or they are encoded. Moreover, the input and output texts of the cipher are typically encoded to make the attacker's knowledge of conventional implementations of the cipher much less useful in mounting an attack on a white-box cryptographic implementation.
In the past, a user would be required to determine and specify security parameters which would be incorporated within user defined software which also includes API calls used to access white box library tools. In other words, in the past white-box cryptographic operations have been injected into software applications by including constructed white-box implementations into the software and then optionally securing their interface data (e.g., for an encryption, this typically comprises the key and plaintext inputs and the ciphertext output) using an obfuscating and/or tamper-proofing tool, such as the Cloakware Transcoder™. The responsibility for correctly connecting together the software employing the cryptographic functionality and the software implementing it, the key (or keys, in the case of public key cryptography), the text input, and the text output, lies with the programmer using the cryptographic functionality (the programmer/user).
Because every step is under the control of the programmer/user, it has all of the problems that come from expecting perfect performance from human beings. When the programmer/user succeeds, the result is that the functionality is as intended. If the programmer/user misses a step, or performs a step incorrectly, the functionality may differ in gross or subtle ways from what is intended. The latter is far more dangerous: gross errors are usually caught in testing; subtle errors can easily be missed.
It is evident, therefore, that, while the advent of white-box cryptographic implementations, has made DRM content distribution systems more viable, nevertheless, a large problem remains with what we might call the peri-cryptic (where unenciphered text enters or leaves the white-box implementation) and inter-cryptic (where enciphered text moves from one form of encipherment to another) aspects of the implementation. We have determined that as well as the white-box ciphers or cryptographic hashes themselves, there is a need to improve the construction of the software in which the white-box ciphers or cryptographic hashes reside, and of the construction of connections among different cryptographic components where a system employs multiple encryptions and hashes which form the ‘plumbing’ of the information pipes along which enciphered or hashed content travels, where the peri-cryptic and inter-cryptic parts of the software formerly had to be hand-constructed in detail by a knowledgeable user.