In some cases, the threat model is augmented with the attacker’s ability to interact with the systems performing the crypto operation, via observation and/or alteration of system parts and processes. We refer to this model as the “Gray-Box” model, where the attacker has access to the system, but he is still not allowed to access the key and/or to tamper with the cryptographic algorithm and its implementation.
The digitalization of goods and services has allowed the economy to transit to a new “Internet” era, where immaterial goods are digitalized and exchanged over the Internet. Examples are products for entertainment, such as music and movies, or the money itself, which is now available in a digital form, and payments are performed utilizing cryptographic processes based on delivered payment keys (see Figure 1.3).