International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

OBSCURE: Versatile Software Obfuscation from a Lightweight Secure Element

Authors:
Darius Mercadier , Google, Munich, Germany
Viet Sang Nguyen , Université Jean Monnet, Saint-Étienne, France
Matthieu Rivain , CryptoExperts, Paris, France
Aleksei Udovenko , SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg
Download:
DOI: 10.46586/tches.v2024.i2.588-629
URL: https://tches.iacr.org/index.php/TCHES/article/view/11440
Search ePrint
Search Google
Abstract: Software obfuscation is a powerful tool to protect the intellectual property or secret keys inside programs. Strong software obfuscation is crucial in the context of untrusted execution environments (e.g., subject to malware infection) or to face potentially malicious users trying to reverse-engineer a sensitive program. Unfortunately, the state-of-the-art of pure software-based obfuscation (including white-box cryptography) is either insecure or infeasible in practice.This work introduces OBSCURE, a versatile framework for practical and cryptographically strong software obfuscation relying on a simple stateless secure element (to be embedded, for example, in a protected hardware chip or a token). Based on the foundational result by Goyal et al. from TCC 2010, our scheme enjoys provable security guarantees, and further focuses on practical aspects, such as efficient execution of the obfuscated programs, while maintaining simplicity of the secure element. In particular, we propose a new rectangular universalization technique, which is also of independent interest. We provide an implementation of OBSCURE taking as input a program source code written in a subset of the C programming language. This ensures usability and a broad range of applications of our framework. We benchmark the obfuscation on simple software programs as well as on cryptographic primitives, hence highlighting the possible use cases of the framework as an alternative to pure software-based white-box implementations.
BibTeX
@article{tches-2024-34063,
  title={OBSCURE: Versatile Software Obfuscation from a Lightweight Secure Element},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={024 No. 2},
  pages={588-629},
  url={https://tches.iacr.org/index.php/TCHES/article/view/11440},
  doi={10.46586/tches.v2024.i2.588-629},
  author={Darius Mercadier and Viet Sang Nguyen and Matthieu Rivain and Aleksei Udovenko},
  year=2024
}