A New Type of Encryption: ObfuscationWednesday, February 5th, 2014
Security through obscurity, while helpful, is not sufficient to reliably safeguard your secrets from a determined attacker. That may be changing, however, as the linked article describes a new type of computer code obfuscation that can’t be reverse engineered. This would allow encryption programs and keys to be obfuscated, producing a new type of reliable encryption that (I’m assuming) can’t be broken by quantum computers.
This all goes back to a fundamental problem with protecting your proprietary computer code: the computer that it’s running on has to be able to understand it. In the early ’80s when personal computers were still fairly new, there were a bunch of anti-copying schemes for commercial software that tried to make it impossible to copy the floppy disks. Most of them were easily circumvented by skilled hackers. I remember a peripheral device for hackers that, when you pushed a button, would create a copy of whatever was in memory. So even if you couldn’t duplicate the disk, you could make a copy of the program from memory and save that to a non-protected disk. It was a losing battle, and most companies eventually abandoned these types of copy protection schemes.
But that’s all changed. The new method described in the linked article uses “indistinguishability obfuscation” to create computer code that’s too complex to be reverse-engineered, yet when run on a computer will produce the proper results. This is accomplished by including elements that appear random and add complexity but are carefully chosen to cancel themselves out.
As with the popular public key encryption, this method of obfuscation is tied to a difficult math problem. From the article: “This obfuscation scheme is unbreakable, the team showed, provided that a certain newfangled problem about lattices is as hard to solve as the team thinks it is.”
Obfuscation is not yet completely proven, but it shows great promise. And if it stands up after further research then we’ll probably see it go mainstream for at least cryptography and perhaps more.
(via Kim Komando)