On the Possibility of Provably Secure Obfuscating Programs

  • Nikolay P. Varnovsky
  • Vladimir A. Zakharov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2890)


By obfuscation we mean any efficient semantic-preserving transformation of computer programs aimed at bringing a program into such a form, which impedes the understanding of its algorithm and data structures or prevents the extracting of some valuable information from the plaintext of a program. The main difficulty in designing an effective program obfuscator is to guarantee security, i.e. to prove that no algorithm can break software protection in reasonable time. All obfuscation techniques and tools developed so far rely on the informal concept of security and therefore can’t be regarded as provably secure. In this paper we (1) introduce for the first time a formal information-theoretic definition of obfuscation security, (2) present a new obfuscation technique which takes advantage of cryptographic primitives (one-way functions, hard-core predicates), and (3) demonstrate, taking a conventional password identification scheme as a case study, how to prove security of the obfuscating transformations.


program transformation obfuscation security mutual information one-way function hard-core predicate 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice Hall PTR, Englewood Cliffs (1994)zbMATHGoogle Scholar
  2. 2.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vedhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Chow, S., Gu, Y., Johnson, H., Zakharov, V.: An approach to the obfuscation of control flow of sequential computer programs. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 144–156. Springer, Heidelberg (2001)Google Scholar
  4. 4.
    Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations, Tech. Report, N 148, Dept. of Computer Science, Univ. of Auckland (1997)Google Scholar
  5. 5.
    Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient and stealthy opaque constructs. In: Symposium on Principles of Programming Languages, pp. 184–196 (1998)Google Scholar
  6. 6.
    Collberg, C., Thomborson, C., Low, D.: Breaking abstraction and unstructuring data structures. In: IEEE International Conference on Computer Languages, pp. 28–38 (1998)Google Scholar
  7. 7.
    Collberg, C., Thomborson, C.: Watermarking, tamper-proofing and obfuscation — tools for software protection. IEEE Transactions on Software Engineering 28(2), 735–746 (2002)CrossRefGoogle Scholar
  8. 8.
    Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Future of SE Track, pp. 227–239 (2000)Google Scholar
  9. 9.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions in Information Theory 22, 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Gollmann, D.: Computer Security. Willey, New York (1999)Google Scholar
  11. 11.
    Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 25–32 (1989)Google Scholar
  12. 12.
    Hada, S.: Zero-knowledge and code obfuscation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 443. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Horwitz, S.: Precise flow-insensitive alias analysis is NP-hard. ACM Transactions on Programming Languages and Systems 19(1), 1–6 (1997)CrossRefGoogle Scholar
  14. 14.
    Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1(4), 323–337 (1992)CrossRefGoogle Scholar
  15. 15.
    MacDonald, J.: On program security and obfuscation. Technical Report, University of California (1998)Google Scholar
  16. 16.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  17. 17.
    Ramalingam, G.: The undecidability of aliasing. ACM Transactions on Programming Languages and Systems 16(5), 1467–1471 (1994)CrossRefGoogle Scholar
  18. 18.
    Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: obstructing static analysis of programs, Tech. Report, N 12, Dep. of Comp. Sci., Univ. of Virginia (2000)Google Scholar
  19. 19.
    Wroblewski, G.: General method of program code obfuscation. In: Proceedings of the International Conference on Software Engineering Research and Practice (SERP), pp. 153–159 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Nikolay P. Varnovsky
    • 1
    • 3
  • Vladimir A. Zakharov
    • 2
    • 3
  1. 1.Laboratory for CryptographyLomonosov State UniversityMoscowRussia
  2. 2.Faculty of Computational Mathematics and CyberneticsLomonosov State UniversityMoscowRussia
  3. 3.Institute for System ProgrammingRussian Academy of SciencesMoscowRussia

Personalised recommendations