System and method for protecting computer software from a white box attack
First Claim
1. A method of modifying a software algorithm to foil tracing and other static, dynamic, and statistical attacks comprising the steps of:
- (a) identifying a step in the software algorithm which comprises a simple function representable as a lookup table whereby the simple function is computable by a table lookup;
(b) converting the simple function to a lookup table, whereby the lookup table, when indexed by an input to the simple function or by a bit-string concatenation of multiple inputs to the simple function, returns an element which is a corresponding output of the simple function or a bit-string concatenation of multiple outputs of the simple function;
(c) replacing the lookup table by one of a new lookup table and a non-looping computation by computing the net final result of the functional composition of the identified simple function itself and one of, or both of, the following;
(i) a randomly chosen, nonlinear bijection on the input or the concatenation of multiple inputs of the identified simple function, whereby each input is subjected to a single bijective encoding; and
,(ii) a randomly chosen, nonlinear bijection on the output or the concatenation of multiple outputs of the identified simple function, whereby each output subjected to a single bijective encoding;
whereby the new lookup table or non-looping computation employs input encoding (i), and/or output encoding (ii), and the original computation no longer exists as a lookup table or non-looping computation and instead, only a modified computation computing a related function employing encoded input(s) and/or encoded output(s) exists, the identified simple function thereby being modified; and
,(d) adjusting a context of the modified simple function whereby the context comprises computer code providing input(s) to the simple function and accepting output(s) of the simple function, and the modified simple function is also modified to provide input(s) with the same encoding(s) as employed for input(s) in the input- and/or output-encoded lookup table or non-looping computation of (c) above, and/or to accept a output(s) with the same encoding(s) as employed for output(s) in the input- and/or output-encoded lookup table or non-looping computation of (c) above.
1 Assignment
0 Petitions
Accused Products
Abstract
Existing encryption systems are designed to protect secret keys or other data under a “black box attack,” where the attacker may examine the algorithm, and various inputs and outputs, but has no visibility into the execution of the algotitm itself. However, it has been shown that the black box model is generally unrealistic, and that attack efficiency rises dramatically if the attacker can observe even minor aspects of the algorithm'"'"'s execution. The invention protects software from a “white-box attack”, where the attacker has total visibility into software implementation and execution. In general, this is done by encoding the software and widely diffusing sites of information transfer and/or combination and/or loss. Other embodiments of the invention include: the introduction of lossy subcomponents, processing inputs and outputs with random cryptographic functions, and representing algorithmic steps or components as tables, which permits encoding to be represented with arbitrary nonlinear bijections.
-
Citations
12 Claims
-
1. A method of modifying a software algorithm to foil tracing and other static, dynamic, and statistical attacks comprising the steps of:
-
(a) identifying a step in the software algorithm which comprises a simple function representable as a lookup table whereby the simple function is computable by a table lookup; (b) converting the simple function to a lookup table, whereby the lookup table, when indexed by an input to the simple function or by a bit-string concatenation of multiple inputs to the simple function, returns an element which is a corresponding output of the simple function or a bit-string concatenation of multiple outputs of the simple function; (c) replacing the lookup table by one of a new lookup table and a non-looping computation by computing the net final result of the functional composition of the identified simple function itself and one of, or both of, the following; (i) a randomly chosen, nonlinear bijection on the input or the concatenation of multiple inputs of the identified simple function, whereby each input is subjected to a single bijective encoding; and
,(ii) a randomly chosen, nonlinear bijection on the output or the concatenation of multiple outputs of the identified simple function, whereby each output subjected to a single bijective encoding; whereby the new lookup table or non-looping computation employs input encoding (i), and/or output encoding (ii), and the original computation no longer exists as a lookup table or non-looping computation and instead, only a modified computation computing a related function employing encoded input(s) and/or encoded output(s) exists, the identified simple function thereby being modified; and
,(d) adjusting a context of the modified simple function whereby the context comprises computer code providing input(s) to the simple function and accepting output(s) of the simple function, and the modified simple function is also modified to provide input(s) with the same encoding(s) as employed for input(s) in the input- and/or output-encoded lookup table or non-looping computation of (c) above, and/or to accept a output(s) with the same encoding(s) as employed for output(s) in the input- and/or output-encoded lookup table or non-looping computation of (c) above. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification