What is a “black-box” cryptosystem?
Cryptovirology relies heavily on the notion of a “black-box” cryptosystem when it comes to developing provably secure malware attacks against cryptosystems. A black-box cryptosystem is both a theoretical abstraction as well as a common everyday reality. In short, a black-box cryptosystem is a cryptosystem that is implemented in such a way that the underlying implementation (source code or circuitry) cannot be scrutinized. A black-box cryptosystem has a public I/O specification and its general functionality is disclosed (though the true functionality could differ). By definition then, a black-box cryptosystem can only be used without verifying the correctness of its implementation. A smartcard is a black-box cryptosystem unless the user disassembles it, verifies the circuitry and the data that resides in memory, and then reassembles it. Similarly, a cryptosystem that is implemented in software is a black-box cryptosystem unless its code is disassembled and verified. Note that this defin
