Man Working

What is White-Box Crypto?

A cryptographic White-Box protects cryptographic secrets against an attacker with full access to the implementation. The input and output of a White-Box are the same as with a standard crypto operation, but in the transformed White-Box version the protected cryptographic secrets are not visible to an attacker.

What is a White-Box Crypto Code Generator?

A White-Box code generator is not simply a library of protected cryptographic operations. It’s a tool that transforms any algorithm or dataflow operation into a protected White-Box implementation. It can generate or update an unlimited number of unique implementations on-demand.

Where is White-Box Cryptography Used?

keyboard

White-Box Cryptography is most often deployed to protect cryptographic implementations in apps that are executed on open devices, such as PCs, tablets, or smartphones when the developer needs to achieve the highest level of security with no dependency on hardware secure elements.

In these open devices, an attacker can observe the encrypt/decrypt operations using reverse engineering tools and easily extract an unencrypted copy of the data. More importantly, the attacker can also easily extract the encryption key being used, allowing the attacker to decrypt all data that is encrypted with that key. This makes unprotected crypto implementations in open devices extremely vulnerable to attacks.

White-Box Cryptography is also an excellent solution where periodic updates to the crypto implementation are required to prevent class breaks that would otherwise render obsolete costly hardware that relied solely on hardware-based security.

Why should I select the PACE White-Box Works White-Box Code Generator?

keyboard

White-Box Works is the newest thinking in the White-Box space. It provides significantly better protection against attacks than other solutions and is more flexible, allowing its use in a wider range of contexts. It achieves this without compromising ease of use or performance compared to other solutions.

Its usability advantages include the ability to create a White-Box Implementation in a single step, eliminating the need to write a simulation harness. This approach also allows developers to easily combine cryptographic operations into a single White-Box, unlike other solutions which provide pre-made combinations to provide useful functionality such as dynamic keys. White-Box Works makes it easy for developers to combine operations in ways that best suit their requirements, making it a lighter weight solution in many applications.

Algorithm Agnostic

White-Box Works is tested with - RSA, ECC, AES, Threefish, Sha2/3

Full support for non-deterministic algorithms

Flexible Execution Path

Supports floating point

Resistant to modern cryptographic attacks

keyboard

Continuous in-house and external security evaluations ensure White-Box implementations generated with the White-Box Works are resistant to modern White-Box attacks including reverse engineering, side channel analysis (memory trace analysis), register trace analysis, and fault injection.

White-Box implementations generated with White-Box Works can detect attacks and intentionally produce incorrect output.

White-Box Works is a new, unique solution for adding White-Box Cryptography to applications. It provides significantly better protection against attacks than existing solutions and is more flexible without compromising ease of use or performance. Click below to schedule your demo today!


We look forward to hearing from you

Please reach out and let us know how we can help with your software security.