White-Box Cryptography: The Patents on Hiding a Key in Plain Sight

Standard cryptography assumes the endpoints are safe and only the channel between them is hostile. White-box cryptography throws that assumption out. Its threat model is a device fully under the attacker's control — a set-top box, a mobile app, a piece of DRM-protected media software — where the adversary can step through the code, dump memory, and watch every key the program loads. The goal is to keep the secret key safe even then.

The trick is to never have the key exist as a clean, extractable value. Instead the key is baked into a tangle of lookup tables and encodings that compute the right cryptographic function without the key ever appearing in the clear in memory. US10567159B2, “CMAC computation using white-box implementations with external encodings,” granted to NXP B.V. on February 18, 2020, is a clean example: it claims a white-box implementation of CMAC, a message-authentication code, using external encodings so the surrounding software composes correctly without exposing internal values.

Irdeto's US10546155B2, “Protecting an item of software,” granted January 28, 2020 under G06F 21/629, comes at the same problem from the software-protection side. Irdeto is a long-standing DRM and anti-piracy vendor, and the patent reflects that lineage: protect the software so that even a fully privileged attacker cannot lift its secrets or tamper with its behavior undetected.

It is worth being honest about what white-box cryptography buys you. It is not a mathematical impossibility result the way standard cryptography is; a determined attacker with unlimited effort can, in principle, attack an obfuscated implementation, and the academic literature has broken many white-box schemes. The patents are about raising the cost — making extraction expensive enough that, combined with renewability, the economics favor the defender.

Both are granted patents (B2), not applications, and both are method/implementation claims rather than product claims. The external-encodings detail in the NXP grant is the kind of specific that separates a real white-box technique from a hand-wave: the encodings are what let an obfuscated primitive slot into a larger program without leaking at the boundaries.

For the portfolio reader, white-box is a reminder that not all cryptography IP is about new algorithms. A large, durable slice of the field is about deploying known algorithms in hostile environments — phones, media devices, payment apps — and that deployment problem has its own dense, defensible patent landscape.