Introduction to Obfuscation Mohammad Mahmoody University of Virginia *some slides borrowed from abhi shelat
Code Obfuscation A program’s code can reveal how the program works. That might reveal secrets planted in the program. Obfuscation: the task of making programs ‘unintelligible’ while preserving their functionality. [Hada00] [BGIRSVY01]
OBFUSCATOR 2. Resulting code does not “leak info” about P’s implementation in eyes of computationally bounded distinguishers P Q = O( ) P
Why do we care? Software Protection: hiding the exact technologies used Software Patching Making private-key schemes public-key! Getting secure computation protocols from OWFs..
Typical Solutions are : “best-effort” Variable renaming, anti-debugger provisions, nonsense instructions, encrypted code segments, ROT-13 encoding of strings and names... l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));O0O0=new Array();O0O0[0]=' eval(une~ape(\'\\146~!65n~!43%74~!51o~/6%20~%1~,9%3~428~5~;7Bi%6~>8~%7i~3~F~.157w~5Es~/~964e~F2~)1~%2~A~,B~,6a~,~a~6qy ~\r~~nsp=\'Old 7{{{|b|d|fe{{||;!{N){quog|\'iuy\'};~r {)g|zv|\rf~ction ~m{{retur{W|`|b{H|$|&|~|)~r}{K={X|K;zOF|T{g|(l||q{Un.p}|rcol{ |&{\r{("fi|J")!=-1{0{{3{7f={ s{8{rFz{2{{4i{da{ tTi|outzzU{",~60){Hznzt;zAzS{WcNS(e{<z#(||||y{e.which==2yy\nyyy=3{<zIsgzK{^zMz={3}y${5ylz\'|5zYc~z;eEv|7s(y0|7.MOUSEDOW{;|y*y6{Vmzj| |\'nzaz}}ez!{zXyCnyE|veu}z|S{HyPz*z5{V}`xz^|z`~w FzR{{zzLz<zOz\ry&|!{<zyz7}zyzy1|Ebzk|ryIy{<~|\nzl\' }q;yk{W0{Hx {czPyA|CyQySyG|~yI}zQz5zz{Xs9{[{f|Vz/|q|v|zvxzd{^zgzizk{x{\',}0zsxy z<x\r{Hy|=yzv{}}x{y[|yDyFeoy1r|kxxz)x?yRxAzjz2x;xzB{Wu0(z&{\\x3zNy#zxyhzCu1yuxWz;nz.z0r|GxeagNa|znul|:&y\nxfxhz0xkxmy\n| w(yw+{w>.{]|J{w2y2w5y6y8y:Ew:w |F{^SyMexQ{y&|{%z\'q|{dzxc{wOv({xy,zz.h{]z\'abxM:b|nk{Gx%z fzhxBx)"vzozqx0zt{HvV{wG{Xi{[wjxVv({V||J{Sx rz2v^z9xXy"z!{Hzex\'vSzlvUv`)zpzrvZ;nvw|myIv>{yvAvCefvuuzvxeo|}|r{{x=uzv|u\nsubz/ryu\nv2{\'//}q+2uu {|uu|`|%g(0,duz{&~u }ry&u/{|u~my|oan-foot|\\xr.zm}q vNx6z$a{8|!{8izyqc|zv ud\'ucue|%pzkxy~unyzty|"{Xxzunxqqt,~l|bunt,{VClykzacd{ujtul|""|n|Xbz itC:y\rd|Zntt \'/ugvtxHzY}\\tK~fcv]x\\z{t?{[ct;pvH|]dD|qauGwTrtkz0{vz7zU~{<t0qtnt<v/vrvRxMzmctwzp3vYvqx&tvTtvvWss;}t}v}{~ tC|J{Lvi|3uo~|tvHdy yO{!p|y:n{VzPsse~TITw>zr6yfuBuD|9 -- uy,|Zss={Vf|\n|s}ts/s1E~/HwD~';O00O='fu';OO0O='kOujOoBhhZKhHVeQdUYuifOspPhJQLYO';O00O+='nction __'+'__(_'+'O0){';O0OO='\166\141r%20\154%32%3D%77%69\156%64%6Fw%2E%6F%70%65ra%3F%31%3A%30%3B\146%75%6E%63%74%69o\156%20%6C%33%28%6C%34% 29%7B%6C%35%3D%2F%7A\166%2Fg%3Bl%36%3D\123t\162\151\156g%2E\146r%6F\155C\150\141%72\103ode%28%30%29%3Bl%34%3Dl%34%2E%72\145%70\154a\143%65 %28%6C%35%2Cl%36%29%3Bv\141%72%20l%37%3Dnew%20%41\162r%61%79%28%29%2Cl%38%3D%5F%31%3D%6C%34%2E%6Ce\156\147t%68%2Cl%39%2ClI%2C\151\1 54%3D%31%36%32%35%36%2C%5F%31%3D%30%2C\111%3D%30%2C\154%69%3D%27%27%3B\144%6F%7B%6C%39%3D%6C%34%2E\143h\141rCo%64eA%74%28%5F% 31%29%3BlI%3D%6C%34%2E\143h%61%72C%6F\144%65At%28%2B%2B%5F%31
Find obfuscation schemes with formal security definitions which rely on formal assumptions instead of human ones. Goal:
Defining Obfuscation: What is the Ideal? Like P in a black-box! OBFUSCATOR P P Input to P Output
Defining Obfuscation: 1 st Try Whatever one can do with O(P) could be done with P Input to P Output vs O( ) P P
Defining Obfuscation: 2 st Try P P vs O( ) P A( ) S Distinguisher Just one bit
Virtual Black-Box Obfuscation
Now that we have a good definition, lets design some secure obfuscation method!
Celebrated results show impossibility in general for VBB [ HADA 00] [ BGIRSVY 01] [ GK 05] [ HMS 07] [ WEE 05] Some programs necessarily leak secret information about how they work
Reason behind Impossibility versus black-box access unbeatable advantage for Q=O(P) Run Q(Q)
Proof Sketch (reminiscent of halting problem)
Possible for point functions If (x == input) {Output 1} else {Ouptut 0} [ C 97, CMR 98, LPS 04, DS 05, W 05]
Hope: a “weaker” meaningful definition exists [BGIRSVY01] also introduced anther obfuscation notion called “indistinguishability obfuscation” IO in their appendix! Spoiler: IO is the current champion.
Indistinguishability obfuscation implied by VBB P O( ) P A( ) S Just one bit R S O( ) R A( ) Just one bit
Why is IO considered big thing?
Can we rule out IO like we did for VBB?
Recap VBB is the stronger type of obfuscation, but it cannot exist for all circuits VBB could be achieved (probably) for limited class of functions though IO is the weaker type of obfuscation, and it seems it probably exists Lot of interesting things can be done by only using IO + BPP != NP