A team of researchers from IBM and Microsoft may have just made a breakthrough in the quest for unbreakable cryptography. The results produced by the team from UCLA and MIT offer hope that encryption could protect not just an output, but an entire program. Once believed to be too powerful to exist in any real sense, this new method of program obfuscation could lead to ultra-secure software that keeps your personal information safe from nefarious individuals. <\/p>\n
The idea of obfuscating a program has been around for decades software companies have tried all sorts of methods to distort their code in order to prevent others from seeing how it worked. However, the security and hacking communities have been able to defeat all these measures. Cryptographic experts have long been tinkering with stronger approaches, but it wasnt until the most recent collaboration that the pieces started falling into place. <\/p>\n
Cryptographers have been chasing the idea of a so-called black box obfuscator for years. The idea is that any program passed through the black box would be so fundamentally garbled that no one would be able to figure out how it worked or what secrets it might hold only inputs and outputs would be visible, which is exactly what you want. This method could make communications almost completely secure. All you would need to do is create encryption keys with an obfuscated program, then make that program available to the other party or everyone for that matter, since no one would be able to figure out the decryption key from examining the obfuscated program. <\/p>\n
One member of the team, Amit Sahai worked on a principle known as indistinguishability obfuscation a few years back, which at the time was considered a weak type of obfuscation. It involves passing a program through said obfuscator to disguise the origin. Two programs that do the same thing would be indistinguishable from each other at the end of it. Recent work has pointed to this as a surprisingly powerful cryptographic tool, though. The only problem, an indistinguishability obfuscator didnt exist until now. <\/p>\n<\/p>\n
The obfuscator created by Sahai and his colleagues appears to almost reach the level of broad protection described by the theoretical black box obfuscator. The tool, based on indistinguishability obfuscation, can be used to generate digital signatures, encryption keys, and more without leaking any of the inner workings of applications. It works by splicing random bits of data into the programs code so that it cannot be extracted in a functional state. However, when run as it is supposed to be, the random junk cancels itself out and you get the desired output. <\/p>\n
After creating this obfuscation scheme, the team tried to break it by deploying every tool and hack they could come up with. The result? The obfuscator remains undefeated. The team feels this is as close to unbreakable as encryption gets right now, but its possible some future advance in computing or lattice mathematics could result in a breach. <\/p>\n
While having access to strong cryptographic tools is certainly desirable, remember that companies and governments use encryption to protect sensitive data and trade secrets too. Breaking the encryption on future electronic devices might not be as easy as it was with DVD or the PS3. The indistinguishability obfuscator is still not ready for real world use, though. Right now it turns efficient little apps into ungainly monstrosities with all that random code inserted. Its still a very big step for cryptography. <\/p>\n
<\/p>\n