Paper 2024/077

OBSCURE: Versatile Software Obfuscation from a Lightweight Secure Element

Darius Mercadier, Google, Munich, Germany
Viet Sang Nguyen, Université Jean Monnet, Saint-Étienne, France
Matthieu Rivain, CryptoExperts, Paris, France
Aleksei Udovenko, SnT, University of Luxembourg, Luxembourg
Abstract

Software obfuscation is a powerful tool to protect the intellectual property or secret keys inside programs. Strong software obfuscation is crucial in the context of untrusted execution environments (e.g., subject to malware infection) or to face potentially malicious users trying to reverse-engineer a sensitive program. Unfortunately, the state-of-the-art of pure software-based obfuscation (including white-box cryptography) is either insecure or infeasible in practice. This work introduces OBSCURE, a versatile framework for practical and cryptographically strong software obfuscation relying on a simple stateless secure element (to be embedded, for example, in a protected hardware chip or a token). Based on the foundational result by Goyal et al. from TCC 2010, our scheme enjoys provable security guarantees, and further focuses on practical aspects, such as efficient execution of the obfuscated programs, while maintaining simplicity of the secure element. In particular, we propose a new rectangular universalization technique, which is also of independent interest. We provide an implementation of OBSCURE taking as input a program source code written in a subset of the C programming language. This ensures usability and a broad range of applications of our framework. We benchmark the obfuscation on simple software programs as well as on cryptographic primitives, hence highlighting the possible use cases of the framework as an alternative to pure software-based white-box implementations.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published by the IACR in TCHES 2024
DOI
10.46586/tches.v2024.i2.588-629
Keywords
ObfuscationSecure ElementWhite-Box CryptographyVBB Security
Contact author(s)
dmercadier @ google com
viet sang nguyen @ univ-st-etienne fr
matthieu rivain @ cryptoexperts com
aleksei @ affine group
History
2024-07-27: revised
2024-01-17: received
See all versions
Short URL
https://ia.cr/2024/077
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/077,
      author = {Darius Mercadier and Viet Sang Nguyen and Matthieu Rivain and Aleksei Udovenko},
      title = {{OBSCURE}: Versatile Software Obfuscation from a Lightweight Secure Element},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/077},
      year = {2024},
      doi = {10.46586/tches.v2024.i2.588-629},
      url = {https://eprint.iacr.org/2024/077}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.