Home - xbacinsk/White-box_cipher_java GitHub Wiki

In the white-box context we expect the attacker is able to see the memory during computation, change it, change the application itself or pause the computation in any time and resume it later. For example, the AES algorithm consists of several rounds, so an attacker can run only one exact round and see the memory, where the encryption key and round keys are stored (in some steps of computation) and is thus able to obtain the encryption key. When an attacker is so powerful, there is need to hide all the important stuff. Basic idea is to split the computation into two parts. One, that is critical and needs to be run in secure environment, but is small enough to run not very long and is performed only once, because the secure devices are usually slow. And the second part consists of the very encryption, that is secure in white-box context.

White-box_cipher_java is java implementation of cipher WBAES+. This cipher is based on WBAES, just few modifications were made to make it resistant against known white-box attacks.

Implementation includes a JCE Provider, so after creating the .jar file from source code, basic Java Crypto API can be used to encryption/decryption.