Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [software-obfuscation]

Software obfuscation is the deliberate act of creating obfuscated code by making source or machine code difficult to understand from a human point of view. This may be by either ad-hoc heuristic techniques, or by cryptographic techniques based on hard problems.

Software obfuscation refers to one of two subjects:

  • The deliberate act of creating obfuscated code by making source or machine code difficult to understand from a human point of view in an ad-hoc manner.
  • A cryptographic approach to obfuscation e.g. Indistinguishability Obfuscation

Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. Programs known as obfuscators transform readable code into obfuscated code using various techniques; including cryptographic techniques. This approach (at best) increases the time and effort required to reverse-engineer the program, but it does not make doing so infeasible.

The cryptographic approach to obfuscation attempts to build obfuscated programs from cryptographic hardness assumptions, such that de-obfuscating the program is infeasible.

33 questions
11
votes
3 answers

What is the state of cryptographic obfuscation in 2015?

Cryptographic Obfuscation is a technique that allows one to obfuscate source code in a secure way (as opposed to insecurely mangling it into spaghetti code.) For example, here is a way to protect a piece of data with a password: cipher_text =…
Christopher King
  • 819
  • 5
  • 19
7
votes
2 answers

Why do we use multilinear maps for obfuscation?

I have recently developed interest about obfuscation, and I see that (all?) the proposals use multilinear maps. What's the reason to this? As I also that many of the multilinear map proposals get broken too. Are there any other approaches to achieve…
typos
  • 809
  • 6
  • 11
6
votes
1 answer

Intuitively what makes indistinguishability obfuscation useful?

I am reading some papers about the application of indistinguishability obfuscators (IO). As far as I know, there are two techniques which enables the application of IO: shell game of secrets and punctured programs. It seems to me obfuscators are…
user50394
  • 295
  • 1
  • 6
4
votes
1 answer

Is obfuscation always reversable?

Let's say we have a program that only accepts numerical inputs and the output is simply an increment by one of the input. Example with input "a" and output "b": $$Input: a = 7$$ $$Output: b= a+1 = 8$$ So it would be easy to know what the program is…
AleksanderCH
  • 6,435
  • 10
  • 29
  • 62
3
votes
1 answer

Does there exist an indistinguishability formal proof obfuscator?

A formal proof obfuscator is a mapping $\mathcal{O}$ such that whenever $P$ is a formal proof of a theorem $T$, then $\mathcal{O}(P)$ is a distribution of formal proofs of the same theorem $T$. An indistinguishability formal proof obfuscator is a…
Joseph Van Name
  • 1,235
  • 12
  • 19
2
votes
1 answer

Barak et al. proof that black-box obfuscation is impossible

I have been attempting to analyse the classic proof presented by Barak et al. that claims Black-Box Obfuscation is not possible for (what appears to be) most classes of programs. The proof is presented in such a manner where it is said that if there…
James
  • 201
  • 1
  • 10
2
votes
1 answer

Do reversible black box obfuscators exist?

We shall say that an obfuscator $\mathcal{O}$ is a reversible black box obfuscator if for each reversible program $P$ the obfuscated program $\mathcal{O}(P)$ is still reversible but does not reveal any more information than an oracle that computes…
Joseph Van Name
  • 1,235
  • 12
  • 19
1
vote
0 answers

Is it considered good security to give your variables unhelpful names?

I was exploring my company's codebase yesterday and I noticed one class which had three variables named m_p1, m_p2, and m_p3. These variables are used very often in this class and each has a different, specialized type. (By "specialized," I mean…
Jon McClung
  • 111
  • 2
1
vote
0 answers

Can you have partial cryptographic obfuscation (without a trusted setup)?

Cryptographic Obfuscation is a powerful cryptographic technique. My question is, can you do it partially? Instead of obfuscating an algorithm completely, you can have an algorithm with a couple of constants, such that an outside observer can verify…
Christopher King
  • 819
  • 5
  • 19