Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Obfuscation Mohammad Mahmoody University of Virginia *some slides borrowed from abhi shelat.

Published byEthan Riley Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Obfuscation Mohammad Mahmoody University of Virginia *some slides borrowed from abhi shelat."— Presentation transcript:

1 Introduction to Obfuscation Mohammad Mahmoody University of Virginia *some slides borrowed from abhi shelat

2 Code Obfuscation A program’s code can reveal how the program works. That might reveal secrets planted in the program. Obfuscation: the task of making programs ‘unintelligible’ while preserving their functionality. [Hada00] [BGIRSVY01]

3 OBFUSCATOR 2. Resulting code does not “leak info” about P’s implementation in eyes of computationally bounded distinguishers P Q = O( ) P

4 Why do we care? Software Protection: hiding the exact technologies used Software Patching Making private-key schemes public-key! Getting secure computation protocols from OWFs..

5 Typical Solutions are : “best-effort” Variable renaming, anti-debugger provisions, nonsense instructions, encrypted code segments, ROT-13 encoding of strings and names... l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));O0O0=new Array();O0O0[0]=' eval(une~ape(\'\\146~!65n~!43%74~!51o~/6%20~%1~,9%3~428~5~;7Bi%6~>8~%7i~3~F~.157w~5Es~/~964e~F2~)1~%2~A~,B~,6a~,~a~6qy ~<7~<D~5~n2~n3B~8~l3~@3DS~%4~h~Wn~F~rEfr~2~P5C~F~I~"~97~]103o~N~)5~5~z~93~+2} 3}0~b~u~)~$~P7r}~E~{~<}"}$~P}}~a}~<}3}6~v}0~5~d2}<~BBq~!7}~r~d~{~w~<~@7~p}/4~6F~)3u~FD~[6Et~Tw})69t~[~?~,1~x~r~B~p}K~<}@~:~<~H}#B\'))</~~~~ ~\r~~nsp=\'Old b}wser!\';dl=document.lay|\ns;oe=win|w.o~ra?1:0|a|||||~l&&!|!;g|"||||.|@tEle|DtById;||#|%|\'.sidebar?true:f~|;tN=navigator.u| rA|@|E|rLow|\nCa|();iz|j|i.|UexOf~~t~~}q>=0|_|a|c|el|gzis={\n{{{\'m|Xe 7{{{|b|d|fe{{||;!{N){quog|\'iuy\'};~r {)g|zv|\rf~ction ~m{{retur{W|`|b{H|$|&|~|)~r}{K={X|K;zOF|T{g|(l||q{Un.p}|rcol{ |&{\r{("fi|J")!=-1{0{{3{7f={ s{8{rFz{2{{4i{da{ ez@{R{TzCcc{[z(|L{iz|{\rt|Du=zEE;| tTi|outzzU{",~60){Hznzt;zAzS{WcNS(e{<z#(||||y{e.which==2yy\nyyy=3{<zIsgzK{^zMz={3}y${5ylz\'|5zYc~z;eEv|7s(y0|7.MOUSEDOW{;|y*y6{Vmzj| |\'nzaz}}ez!{zXyCnyE|veu}z|S{HyPz*z5{V}`xz^|z`~w FzR{{zzLz<zOz\ry&|!{<zyz7}zyzy1|Ebzk|ryIy{<~|\nzl\' }q;yk{W0{Hx {czPyA|CyQySyG|~yI}zQz5zz{Xs9{[{f|Vz/|q|v|zvxzd{^zgzizk{x{\',}0zsxy z<x\r{Hy|=yzv{}}x{y[|yDyFeoy1r|kxxz)x?yRxAzjz2x;xzB{Wu0(z&{\\x3zNy#zxyhzCu1yuxWz;nz.z0r|GxeagNa|znul|:&y\nxfxhz0xkxmy\n| |]y~^(INPUT|TEXTAREA|BwTON|y;LECT)$}qzzzwyrx]2x`yyy\ryy1{<x{hy,~{`y/yx{y4w3y7y9y;y8VE{w-|(x@yTyEy1=xSy%w"xR3w%yy w(yw+{w>.{]|J{w2y2w5y6y8y:Ew:w |F{^SyMexQ{y&|{%z\'q|{dzxc{wOv({xy,zz.h{]z\'abxM:b|nk{Gx%z fzhxBx)"vzozqx0zt{HvV{wG{Xi{[wjxVv({V||J{Sx rz2v^z9xXy"z!{Hzex\'vSzlvUv`)zpzrvZ;nvw|myIv>{yvAvCefvuuzvxeo|}|r{{x=uzv|u\nsubz/ryu\nv2{\'//}q+2uu {|uu|`|%g(0,duz{&~u }ry&u/{|u~my|oan-foot|\\xr.zm}q vNx6z$a{8|!{8izyqc|zv ud\'ucue|%pzkxy~unyzty|"{Xxzunxqqt,~l|bunt,{VClykzacd{ujtul|""|n|Xbz itC:y\rd|Zntt \'/ugvtxHzY}\\tK~fcv]x\\z{t?{[ct;pvH|]dD|qauGwTrtkz0{vz7zU~{<t0qtnt<v/vrvRxMzmctwzp3vYvqx&tvTtvvWss;}t}v}{~ tC|J{Lvi|3uo~|tvHdy yO{!p|y:n{VzPsse~TITw>zr6yfuBuD|9 -- uy,|Zss={Vf|\n|s}ts/s1E~/HwD~';O00O='fu';OO0O='kOujOoBhhZKhHVeQdUYuifOspPhJQLYO';O00O+='nction __'+'__(_'+'O0){';O0OO='\166\141r%20\154%32%3D%77%69\156%64%6Fw%2E%6F%70%65ra%3F%31%3A%30%3B\146%75%6E%63%74%69o\156%20%6C%33%28%6C%34% 29%7B%6C%35%3D%2F%7A\166%2Fg%3Bl%36%3D\123t\162\151\156g%2E\146r%6F\155C\150\141%72\103ode%28%30%29%3Bl%34%3Dl%34%2E%72\145%70\154a\143%65 %28%6C%35%2Cl%36%29%3Bv\141%72%20l%37%3Dnew%20%41\162r%61%79%28%29%2Cl%38%3D%5F%31%3D%6C%34%2E%6Ce\156\147t%68%2Cl%39%2ClI%2C\151\1 54%3D%31%36%32%35%36%2C%5F%31%3D%30%2C\111%3D%30%2C\154%69%3D%27%27%3B\144%6F%7B%6C%39%3D%6C%34%2E\143h\141rCo%64eA%74%28%5F% 31%29%3BlI%3D%6C%34%2E\143h%61%72C%6F\144%65At%28%2B%2B%5F%31

6 Find obfuscation schemes with formal security definitions which rely on formal assumptions instead of human ones. Goal:

7 Defining Obfuscation: What is the Ideal? Like P in a black-box! OBFUSCATOR P P Input to P Output

8 Defining Obfuscation: 1 st Try Whatever one can do with O(P) could be done with P Input to P Output vs O( ) P P

9 Defining Obfuscation: 2 st Try P P vs O( ) P A( ) S Distinguisher Just one bit

10 Virtual Black-Box Obfuscation

11 Now that we have a good definition, lets design some secure obfuscation method!

12 Celebrated results show impossibility in general for VBB [ HADA 00] [ BGIRSVY 01] [ GK 05] [ HMS 07] [ WEE 05] Some programs necessarily leak secret information about how they work

13 Reason behind Impossibility versus black-box access unbeatable advantage for Q=O(P) Run Q(Q)

14 Proof Sketch (reminiscent of halting problem)

15 Possible for point functions If (x == input) {Output 1} else {Ouptut 0} [ C 97, CMR 98, LPS 04, DS 05, W 05]

16 Hope: a “weaker” meaningful definition exists [BGIRSVY01] also introduced anther obfuscation notion called “indistinguishability obfuscation” IO in their appendix! Spoiler: IO is the current champion.

17 Indistinguishability obfuscation implied by VBB P O( ) P A( ) S Just one bit R S O( ) R A( ) Just one bit

18 Why is IO considered big thing?

19 Can we rule out IO like we did for VBB?

20

21 Recap VBB is the stronger type of obfuscation, but it cannot exist for all circuits VBB could be achieved (probably) for limited class of functions though IO is the weaker type of obfuscation, and it seems it probably exists Lot of interesting things can be done by only using IO + BPP != NP

Download ppt "Introduction to Obfuscation Mohammad Mahmoody University of Virginia *some slides borrowed from abhi shelat."

Similar presentations

Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.

Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)

Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.

New Results on PA/CCA Encryption Carmine Ventre and Ivan Visconti Università di Salerno.
1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.

Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.
Nir Bitansky and Omer Paneth. Interactive Proofs.

Nir Bitansky and Omer Paneth. Interactive Proofs.
On Virtual Grey-Box Obfuscation for General Circuits Nir Bitansky Ran Canetti Yael Tauman-Kalai Omer Paneth.

On Virtual Grey-Box Obfuscation for General Circuits Nir Bitansky Ran Canetti Yael Tauman-Kalai Omer Paneth.
Private Programs: Obfuscation, a survey Guy Rothblum Barak, Goldreich, Impagliazzo, Rudich, Sahai, Vadhan and Yang Lynn, Prabhakaran and Sahai Goldwasser.

Private Programs: Obfuscation, a survey Guy Rothblum Barak, Goldreich, Impagliazzo, Rudich, Sahai, Vadhan and Yang Lynn, Prabhakaran and Sahai Goldwasser.
1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.

1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.

The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.
Perfect and Statistical Secrecy, probabilistic algorithms, Definitions of Easy and Hard, 1-Way FN -- formal definition.

Perfect and Statistical Secrecy, probabilistic algorithms, Definitions of Easy and Hard, 1-Way FN -- formal definition.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Similar presentations

Ads by Google