Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Scientists Develop 'Mathematical Jigsaw Puzzles' To Encrypt Software

Posted by samzenpus on from the looking-for-edges dept.

another random user writes "The claim here is that the encrypted software can be executed, but not reverse-engineered. To quote from the article: 'UCLA computer science professor Amit Sahai and a team of researchers have designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. According to Sahai, previously developed techniques for obfuscation presented only a "speed bump," forcing an attacker to spend some effort, perhaps a few days, trying to reverse-engineer the software. The new system, he said, puts up an "iron wall," making it impossible for an adversary to reverse-engineer the software without solving mathematical problems that take hundreds of years to work out on today's computers — a game-change in the field of cryptography.'"

2 of 245 comments (clear)

  1. I Call BS by MightyMartian · · Score: 5, Insightful

    I'm sure they can further obfuscate the actual code, but at the end of the day the processor is going to have to run machine code, and one way or the other you can tap the processor's activity to read the "decrypted" code. Beyond that, I imagine the performance penalties involved will be monstrous. Even normal obfuscation techniques have pretty heavy penalties.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  2. Re:Deciphering != Reverse Engineering by wierd_w · · Score: 5, Insightful

    One way around this (for reverse engineering) would simply be to run it inside a VM with a built in stack trace debugger, like Bochs.

    You can peek at the raw instructions percolating through the VM's emulated CPU that way. The application itself is then the decryption key, since the system has to be able to run the application.

    PITA, but I don't see how this is anything more than just a "bigger" speedbump, at least as far as disassembly goes. Now, making said decryption require nasty bits of hardware to thwart using a VM, and clinging tightly to treacherous computing with a TPM and a hardware hypervisor on top of this? That's more dicey.

    The question here is... why do this? Is preventing Cracker Jack from the warez scene from simply disabling your "authenticity checks" so horrifically important? That's the major application for this that I really see, besides making epically horrific malware. (Though if you ask me, they are both the same thing.)

    Seriously, other than making personal computing become something from communist russia, what is the benefit of this?