Название: Indistinguishability Obfuscation from Well-Studied Assumptions
Автор: Aayush Jain
Издательство: ACM Books
Год: 2025
Страниц: 136
Язык: английский
Формат: pdf (true), epub
Размер: 10.1 MB

Software obfuscation is used in cryptography to transform source code to make it unintelligible without altering what it computes. As a software security mechanism, it is essential that software obfuscation has a firm mathematical foundation.

The research described in this book, for which the author won the ACM Dissertation Award, establishes the feasibility of mathematically rigorous software obfuscation from well-studied hardness conjectures. The mathematical object that the author constructs, indistinguishability obfuscation, is considered a theoretical "master tool" in the context of cryptography: not only in helping to achieve long-desired cryptographic goals such as functional encryption, but also in expanding the scope of the field of cryptography itself. For example, indistinguishability obfuscation aids in goals related to software security that were previously entirely in the domain of software engineering.

Software protection: The most intuitive application of obfuscation is software protection. Intuitively, since an obfuscation scheme provides unintelligibility, it makes it provably hard for an attacker to learn sensitive information from obfuscated software while still allowing an honest client to use the software on any inputs of their choice.

Consider the following example. Let us suppose that Alice is a software developer and has constructed a really powerful software that she wants to monetize. For doing that she needs to construct a demo version or an evaluation version. Doing this “from scratch” is not a good idea: naively, one will have to go over the code line by line and remove fragments that are not supposed to be used in the demo version. This is not an easy task because one can never be sure that in this process of removal no sensitive information is leaked out. This task also involves effort and is sensitive to the judgment of the demo creator. Using obfuscation, we can propose an extremely systematic solution: One can take the software and simply “deactivate” certain branches by forming an external wrapper, and then obfuscate the resulting program. This notion is called crippleware. Since the sensitive branches are commented out in the obfuscated code, it is as if those branches never existed due to the security of the obfuscation scheme.

Obfuscating Machine Learning: A natural application of obfuscation in the machine learning world is to obfuscate classifiers. For instance, it’s plausible that with advances in Machine Learning technology we might be able to build classifiers that achieve human level accuracy in performing medical diagnosis. Such a classifier could take as input a medical test result and identify if there is a disease. If that happens, we would like to make the code of the classifier accessible to everyone so that they could be deployed in places where there is a lack of doctors. Unfortunately, classifiers are trained using large datasets, and revealing the parameters of a classifier can give rise to data privacy issues. Moreover, revealing sensitive medical data is simply against the law (such as HIPAA compliance). Obfuscation is a natural tool to immunize against many such attacks. One could consider obfuscating such classifiers before making the code available. Formalizing the appropriate security guarantees for obfuscation schemes useful for this purpose as well as properties of the classifiers that are compatible with those obfuscation schemes is an interesting open problem.






ОТСУТСТВУЕТ ССЫЛКА/ НЕ РАБОЧАЯ ССЫЛКА ЕСТЬ РЕШЕНИЕ, ПИШЕМ СЮДА!