A team of researchers from IBM and Microsoft may
have just made a breakthrough in the quest for
unbreakable cryptography. The results produced by the
team from UCLA and MIT offer hope that encryption
could protect not just an output, but an entire program.
Once believed to be too powerful to exist in any real
sense, this new method of program obfuscation could
lead to ultra-secure software that keeps your personal
information safe from nefarious individuals.
The idea of obfuscating a program has been around for
decades — software companies have tried all sorts of
methods to distort their code in order to prevent others
from seeing how it worked. However, the security and
hacking communities have been able to defeat all these
measures. Cryptographic experts have long been
tinkering with stronger approaches, but it wasn’t until
the most recent collaboration that the pieces started
falling into place.
Cryptographers have been chasing the idea of a so-
called “black box obfuscator” for years. The idea is that
any program passed through the black box would be so
fundamentally garbled that no one would be able to
figure out how it worked or what secrets it might hold —
only inputs and outputs would be visible, which is
exactly what you want. This method could make
communications almost completely secure. All you
would need to do is create encryption keys with an
obfuscated program, then make that program available
to the other party — or everyone for that matter, since
no one would be able to figure out the decryption key
from examining the obfuscated program.
One member of the team, Amit Sahai worked on a
principle known as indistinguishability obfuscation a few
years back, which at the time was considered a weak
type of obfuscation. It involves passing a program
through said obfuscator to disguise the origin. Two
programs that do the same thing would be
indistinguishable from each other at the end of it.
Recent work has pointed to this as a surprisingly
powerful cryptographic tool, though. The only problem,
an indistinguishability obfuscator didn’t exist — until
now.
The obfuscator created by Sahai and his colleagues
appears to almost reach the level of broad protection
described by the theoretical black box obfuscator. The
tool, based on indistinguishability obfuscation, can be
used to generate digital signatures, encryption keys, and
more without leaking any of the inner workings of
applications. It works by splicing random bits of data
into the program’s code so that it cannot be extracted
in a functional state. However, when run as it is
supposed to be, the random junk cancels itself out and
you get the desired output.
After creating this obfuscation scheme, the team tried to
break it by deploying every tool and hack they could
come up with. The result? The obfuscator remains
undefeated . The team feels this is as close to
unbreakable as encryption gets right now, but it’s
possible some future advance in computing or lattice
mathematics could result in a breach.
While having access to strong cryptographic tools is
certainly desirable, remember that companies and
governments use encryption to protect sensitive data
and trade secrets too. Breaking the encryption on future
electronic devices might not be as easy as it was with
DVD or the PS3. The indistinguishability obfuscator is
still not ready for real world use, though. Right now it
turns efficient little apps into ungainly monstrosities
with all that random code inserted. It’s still a very big
step for cryptography.
No comments:
Post a Comment