Creating transformations for matrix obfuscation

Transcription

1 Creating transformations for matrix obfuscation Stephen Drape and Irina Voiculescu Oxford University Computing Laboratory August / 23

2 What is Obfuscation? An obfuscation is: a program transformation used to make programs `harder to understand' a technique for protecting intellectual property not encryption The area of obfuscation needs more research 2 / 23

3 Two Important Papers Christian Collberg, Clark Thomborson, and Douglas Low. A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, University of Auckland, July Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang. On the (im)possibility of obfuscating programs. In Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, pages 118. Springer-Verlag, / 23

4 Attack models and static analysis It is impossible to create obfuscations that could withstand all possible attacks (such as static analyses). Should aim to produce obfuscations designed to withstand certain attacks this is the attack model. For example, restricting the usefulness of program slicing. Our attack model assumes that the attacker is trying to prove various program assertions. 4 / 23

5 Obfuscation as data renement Localised obfuscation: obfuscate certain parts of the program, such as particular methods or variables. Data renement obfuscation: obfuscate an abstract data-type (implicitly) obfuscate all the operations of the data-type specify a set of assertions that the data-type operations satisfy (as part of the attack model) obfuscation makes these assertions `harder to prove' 5 / 23

6 Obfuscation Equations To obfuscate a data-type D into E using an obfuscation O, we need an abstraction function af. For x :: D and y :: E: x y (x = af (y)) dti(y) An obfuscated function f O is correct with respect to f if it satises: We can rewrite this as ( x :: D; y :: E) x y f(x) f O (y) f af = af f O 6 / 23

7 Obfuscating matrices Matrices are essential in solving systems of equations, wavelets, graph theory, graphics. The focus of this work is on obfuscating matrices through Our work changing the matrix elements changing the pattern of the elements studies one established obfuscation develops a new obfuscation shows how matrices can be used to obfuscate numbers 7 / 23

8 Matrix Data-Type Matrix (α) scale :: α Matrix α Matrix α add :: Matrix α Matrix α Matrix α transpose :: Matrix α Matrix α mult :: Matrix α Matrix α Matrix α transpose transpose = id transpose (scale λ) = (scale λ) transpose transpose (mult(m, N)) = mult (transpose N, transpose M) add(m, N) = add(n, M) We will take Matrix (α) to be Q r c 8 / 23

9 Matrices Suppose that we want to split a matrix M r c into n matrices, called the split components, M M 0,..., M n 1 sp where M i has size r i c i for i : [0..n). We can characterise a split sp by dening: a choice function ch a family F of injective functions where F = {f t } t:[0..n) 9 / 23

10 Dening the splitting relationship We dene the relationship between M and the split components element-wise: M t (f t (i, j)) = M(i, j) where t = ch(i, j) The abstraction function for some split component M t is af (M t (i, j)) = M(f t 1 (i, j)) where f t 1 f t = id (which is valid as f t is injective). 10 / 23

11 Example Split We can dene a split, called the (k k)-square split (denoted by s k ) by ensuring that the rst component is a k k matrix. a (0,0)... a (0,k 1) a (0,k)... a (0,n 1) a (k 1,0)... a (k 1,k 1) a (k 1,k)... a (k 1,n 1) a (k,0)... a (k,k 1) a (k,k)... a (k,n 1) a (n 1,0)... a (n 1,k 1) a (n 1,k)... a (n 1,n 1) We will show the denitions of our matrix operations for this split. 11 / 23

12 Operations for split matrices If M M 0,..., M 3 sk and N N 0,..., N 3 sk then scale λ M scale λ M 0,..., scale λ M 3 sk add (M, N) add (M 0, N 0 ),..., add (M 3, N 3 ) sk M T M 0 T, M 2 T, M 1 T, M 3 T sk M N (M 0 N 0 ) + (M 1 N 2 ), (M 0 N 1 ) + (M 1 N 3 ), (M 2 N 0 ) + (M 3 N 2 ), (M 2 N 1 ) + (M 3 N 3 ) sk 12 / 23

13 Review of The obfuscated operations have a similar complexity to the original versions. We can use matrix splitting as an array obfuscation. It is hard to dene determinants and inverses for split matrices. The obfuscation changes the shape of the matrices but not the actual matrix values. 13 / 23

14 Polynomial bases Matrix A 1 y y x x stores p(x, y) = x 2 y 2 + 3xy 2 + 2y 2 + xy + 1 p(x, y) = ( 1 x x 2) y y 2 = XAY 14 / 23

15 Bernstein bases Can change the basis of the linear transformation using Bernstein polynomials Bk n(x) = ( n k) x k (1 x) n k, x [0, 1], k = 0,..., n. p B (x, y) = ( B 2 0 (x) B2 1 (x) B2 2 (x)) C B 2 0 (y) B 2 1 (y) B2 2(y) = ( 1 x x 2) C y y 2 = X U 2 C V 2 Y 15 / 23

16 Bernstein obfuscation of matrices Since XAY = p(x, y) = p B (x, y) = XU 2 CV 2 Y the Bernstein-form matrix corresponding to A = is C = U 2 1 AV 2 1 = and can be used as an obfuscation of A / 23

17 Operations for the Bernstein Obfuscation For a matrix S with dim(s) = (a + 1, b + 1), and a matrix T, it can be proved that scale B λ S = scale λ S add B (S, T) = S + T transpose B (S) = U b 1 V b T S T U a T V a 1 mult B (S, T) = S V b U b T inverse B (S) = U a 1 V a 1 S 1 U a 1 V a 1 det B (S) = det(u a ) det(s) det(v b ) 17 / 23

18 Review of the Bernstein obfuscation The obfuscated matrices have dierent structure. Determinants and inverses of matrices can be computed easily. The scaling and addition operations are not obfuscated. Any change of basis transformation would be suitable. We can generalise to more than two dimensions, or to arrays. There is an extra cost in computational complexity. 18 / 23

19 Using matrices to obfuscate numbers We can use matrices to obfuscate other data-types. To obfuscate a rational number data-type which contains the operations of addition, multiplication and reciprocal. We need matrix operations plus, times and recip such that, for rational numbers n and p, if n A and p C then n + p plus(a, C) n p times(a, C) n 1 recip(a) 19 / 23

20 Using determinants There are many ways in which to use matrices for the obfuscation of rational numbers. We show an obfuscation whose abstraction function is the determinant. We choose to obfuscate a number n by a 2 2 matrix which has 1 and n as eigenvalues. Here is one possible transformation (where a Q): ( ) a b n where b 0 n + 1 a (a 1)(n a) b 20 / 23

21 Obfuscated number operations ( ) ( ) ( ) a b e f a + e 1 bf plus(, ) = c d g h d + h (a+e 2)(d+h 1) bf ( ) ( ) (a + d)(e + h) + 1 bf a b e f times(, ) = c d g h 1 a d e h ( ) a b recip( ) = c d (a+d)(e+h)(a+d+e+h) bf d a+d 1 (a 1)(d 1) b(a+d 1) 2 b a a+d 1 21 / 23

22 Evaluation of techniques We have considered obfuscations at an appropriate level of abstraction: we are not concerned with implementation details. Our obfuscations can be evaluated against the assertion attack model: our obfuscations make the assertions harder to prove. To understand our matrix obfuscations, a human attacker needs, e.g., familiarity with the Bernstein basis and with the relationship between bi-variate polynomials and matrices. We can combine obfuscations to create more complicated obfuscations. 22 / 23

23 The Bernstein obfuscation allows us to devise obfuscations for a wider variety of matrix operations than matrix splitting did. However the Bernstein obfuscation can adversely aect the complexity of the matrix operations. There is usually a trade-o between the quality of the obfuscations and their complexity. Considering obfuscations at an abstract level creates the opportunity to devise more general obfuscations. 23 / 23