Program Obfuscation and One-Time Programs

Abstract

Program obfuscation is the process of taking a program as an input and modifying it so that the resulting program has the same I/O behavior as the input program but otherwise looks ‘garbled’ to the entity that runs it, even if this entity is adversarial and has full access to the program. Intuitively, by looking garbled to an adversarial entity, we mean that it should be impossible to understand the internal working of the program, or more generally to compute anything that cannot be computed by seeing only the legitimate outputs of the program on inputs of choice.

Traditionally, program obfuscation has been regarded as a software-based technique to curb the use of programs in commercial contexts such as preventing illegal re-distribution of copyrighted information. Here the obfuscation process is aimed at preventing ‘reverse engineering’ that would subvert the curbs and restrictions that were embedded into the original program. Another domain in which program obfuscation is considered imperative is within the on-line gaming industry, where in order to maintain a fair and consistent gaming environment which will keep gamers coming, one must ensure that hackers cannot modify the games so as to gain an unfair advantage. Also, as more and more web sites deliver Javascript source code to be run locally on browsers, programmers are naturally interested in obfuscating their source code in order to make it hard for competitors to learn how it works.

The design of program obfuscators (or at least attempts at it) has been standard fare in practice. However, in spite of the large effort dedicated to develop program obfuscators, these efforts have been successful only in the very short run. Indeed, the general belief in the industry has remained very skeptic regarding the viability of obfuscation methods, as expressed in the following recent quote:

This feeling seems to be supported by theoretical impossibility results that assert that several strong (albeit natural) formulations of obfuscation are impossible. That is, there is no generic mechanism that can successfully obfuscate large classes of programs.

Yet, even more recent theoretical results have pointed out a way in which, in spite of these generic impossibility results, the basic concept of program obfuscation is obtainable in many settings. One setting on which we will elaborate is of one-time programs: programs that can be executed only a restricted and pre-specified number of times. Naturally, these programs cannot be achieved using software alone. We show how to build them using ‘simple’ and ‘universal’ secure hardware components.

One-time programs serve many of the same purposes of program obfuscation, the obvious one being software protection. However, the applications of one-time programs go well beyond those of obfuscation, since one-time programs can only be executed once (or more generally, a limited number of times) while obfuscated programs have no such bounds. For example, one-time programs lead naturally to electronic cash or token schemes and to “one-time proofs”, proofs that can only be verified once and then become useless and unconvincing. We show how to use a classical witness and simple secure hardware to efficiently construct such “one-time proofs” for any NP statement.

In this talk we will survey all of these exciting developments.