White-Box Cryptography with Global Device Binding from Message-Recoverable Signatures and Token-Based Obfuscation.

Device binding for white-box cryptography ensures that a white-box program is only executable on one specific device and is unusable elsewhere. In this paper we ask the following: is it possible to design a global white-box program which is compiled once, but can be securely shared with multiple users and bound to each of their devices? Acknowledging this question, we define different flavours of security for such global white-boxes and provide corresponding constructions. We first consider families of strong global white-boxes which can be securely distributed and bound to users' devices without the need of sharing secrets between compiling entities and users. We then show how such strong global white-boxes can be constructed based on message recoverable signatures (MRS). To this end, we introduce puncturable MRS which we build based on puncturable pseudorandom functions and indistinguishability obfuscation. We later consider the use of Token-Based Obfuscation for constructing a simpler family of global white-boxes, and show new ways of building white-box crypto, from more accepted assumptions as previously considered in the literature.