International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems, Volume 2024

OBSCURE: Versatile Software Obfuscation from a Lightweight Secure Element


Darius Mercadier
Google, Munich, Germany

Viet Sang Nguyen
Université Jean Monnet, Saint-Étienne, France

Matthieu Rivain
CryptoExperts, Paris, France

Aleksei Udovenko
SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg


Keywords: Obfuscation, Secure Element, White-Box Cryptography, VBB Security


Abstract

Software obfuscation is a powerful tool to protect the intellectual property or secret keys inside programs. Strong software obfuscation is crucial in the context of untrusted execution environments (e.g., subject to malware infection) or to face potentially malicious users trying to reverse-engineer a sensitive program. Unfortunately, the state-of-the-art of pure software-based obfuscation (including white-box cryptography) is either insecure or infeasible in practice. This work introduces OBSCURE, a versatile framework for practical and cryptographically strong software obfuscation relying on a simple stateless secure element (to be embedded, for example, in a protected hardware chip or a token). Based on the foundational result by Goyal et al. from TCC 2010, our scheme enjoys provable security guarantees, and further focuses on practical aspects, such as efficient execution of the obfuscated programs, while maintaining simplicity of the secure element. In particular, we propose a new rectangular universalization technique, which is also of independent interest. We provide an implementation of OBSCURE taking as input a program source code written in a subset of the C programming language. This ensures usability and a broad range of applications of our framework. We benchmark the obfuscation on simple software programs as well as on cryptographic primitives, hence highlighting the possible use cases of the framework as an alternative to pure software-based white-box implementations.

Publication

Transactions of Cryptographic Hardware and Embedded Systems, Volume 2024, Issue 2

Paper

Artifact

Artifact number
tches/2024/a15

Artifact published
May 31, 2024

Badge
IACR CHES Artifacts Functional

README

ZIP (8008766 Bytes)  

License
GPLv3 This work is licensed under the GNU General Public License version 3.

Some files in this archive are licensed under a different license. See the contents of this archive for more information.


BibTeX How to cite

Mercadier, D., Nguyen, V. S., Rivain, M., & Udovenko, A. (2024). OBSCURE: Versatile Software Obfuscation from a Lightweight Secure Element. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 588–629. https://doi.org/10.46586/tches.v2024.i2.588-629 Artifact available at https://artifacts.iacr.org/tches/2024/a15