Blurry Box Encryption Scheme and Why it Matters to Industrial IoT
3.2 THE NEW PARADIGM
In an ideal world , a copy protection scheme would be able to turn arbitrary software into a black box : That is , attackers could observe input and output in regular use , but nothing else . Particularly , the inner workings of the algorithms are hidden . Unfortunately , this has proven impossible to achieve 4 . Even with such a black-box , it would be impossible to prevent an attacker from executing the software regularly , analyzing all observations , and reconstructing the software .
From a theoretical perspective , within the purview of secure multi-party computation , there are methods to evaluate a function securely , so that only its result is revealed to anyone . However , these solutions often provide only basic functionalities and are limited in that they are only secure on their own and cannot be used within a larger context . Moreover , while some functionalities , such as either addition or multiplication , can be realized efficiently in practice , they cannot be used together with the same constructions . There are constructions that do so , but they are of only theoretical interest for the time being , because of performance constraints of their implementations . An example of this is fully homomorphic encryption and various constructions using it 5 .
In this article , we present a new paradigm for copy protection , known as the “ Blurry Box ® Scheme ,” which is based on an assumption about the complexity of software . To our knowledge , this is the first scheme that has a provable security property and is useable in practice . Informally speaking , it proves that the attacker cannot learn more about the software than if he tried to iterate every possible path through the program .
4 . THE BLURRY BOX SCHEME
4.1 MECHANISMS
At its core , Blurry Box is based on the assumption that a hacker lacks the domain knowledge necessary to create a software product . For instance , a hacker may not be familiar with the underlying mathematics of a computer algebra system . The rationale behind this is that a hacker who knows the relevant domain knowledge could write the software himself , bypassing the protection altogether . One cannot protect software against such a hacker . This assumption is therefore justified and necessary .
This lack of domain knowledge can be exploited to achieve secure protection . The main idea is to split the program code into small pieces to make it practically infeasible to retrieve all pieces
4
Barak , B ., Goldreich , O ., Impagliazzo , R ., Rudich , S ., Sahai , A ., Vadhan , S ., & Yang , K , “ On the ( im ) possibility of obfuscating programs ,” Annual International Cryptology Conference ( pp . 1-18 ), Springer Berlin Heidelberg , August 2001 .
5
Craig Gentry , “ Fully homomorphic encryption using ideal lattices ,” Symposium on the Theory of Computing ( STOC ), pp . 169- 178 , 2009
IIC Journal of Innovation - 9 -