Creating transformations for matrix obfuscation · Rudich, Amit Sahai, Salil .P Vadhan, and Ke ang.Y On the (im)possibility of obfuscating programs. In Proceedings of the 21st Annual

Creating transformations for matrix obfuscation


Stephen Drape and Irina Voiculescu

Oxford University Computing Laboratory

August 2009

1 / 23


IntroductionSplittingBernstein BasesObfuscating numbersConclusions

What is Obfuscation?

An obfuscation is:

a program transformation

used to make programs `harder to understand'

a technique for protecting intellectual property

not encryption

The area of obfuscation needs more research

2 / 23



Two Important Papers

Christian Collberg, Clark Thomborson, and Douglas Low.

A taxonomy of obfuscating transformations.

Technical Report 148, Department of Computer Science, University of

Auckland, July 1997.

Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven

Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang.

On the (im)possibility of obfuscating programs.

In Proceedings of the 21st Annual International Cryptology Conference on

Advances in Cryptology, pages 1�18. Springer-Verlag, 2001.

3 / 23



Attack models and static analysis

It is impossible to create obfuscations that could withstand all

possible attacks (such as static analyses).

Should aim to produce obfuscations designed to withstand

certain attacks � this is the attack model.

For example, restricting the usefulness of program slicing.

Our attack model assumes that the attacker is trying to prove

various program assertions.

4 / 23



Obfuscation as data re�nement

Localised obfuscation:

obfuscate certain parts of the program, such as particularmethods or variables.

Data re�nement obfuscation:

obfuscate an abstract data-type(implicitly) obfuscate all the operations of the data-typespecify a set of assertions that the data-type operations satisfy(as part of the attack model)obfuscation makes these assertions `harder to prove'

5 / 23



Obfuscation Equations

To obfuscate a data-type D into E using an obfuscation O, weneed an abstraction function af . For x :: D and y :: E:

x y ⇐⇒ (x = af (y)) ∧ dti(y)

An obfuscated function fO is correct with respect to f if it satis�es:

(∀x :: D; y :: E) x y ⇒ f(x) fO(y)

We can rewrite this as

f · af = af · fO

6 / 23



Obfuscating matrices

Matrices are essential in solving systems of equations, wavelets,

graph theory, graphics.

The focus of this work is on obfuscating matrices through

changing the matrix elements

changing the pattern of the elements

Our work

studies one established obfuscation

develops a new obfuscation

shows how matrices can be used to obfuscate numbers

7 / 23



Matrix Data-Type

∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣

Matrix (α)scale :: α→Matrix α→Matrix αadd :: Matrix α×Matrix α→Matrix α

transpose :: Matrix α→Matrix αmult :: Matrix α×Matrix α→Matrix α

transpose · transpose = idtranspose · (scale λ) = (scale λ) · transpose

transpose (mult(M,N)) = mult (transpose N, transpose M)add(M,N) = add(N,M)

We will take Matrix (α) to be Qr×c

8 / 23



Splitting Matrices

Suppose that we want to split a matrix Mr×c into n matrices,

called the split components,

M 〈M0, . . . ,Mn−1〉sp

where Mi has size ri×ci for i : [0..n).

We can characterise a split sp by de�ning:

a choice function ch

a family F of injective functions where F = {ft}t:[0..n)

9 / 23



De�ning the splitting relationship

We de�ne the relationship between M and the split components

element-wise:

Mt(ft(i, j)) = M(i, j) where t = ch(i, j)

The abstraction function for some split component Mt is

af (Mt(i, j)) = M(ft−1(i, j))

where ft−1 · ft = id (which is valid as ft is injective).

10 / 23



Example Split

We can de�ne a split, called the (k×k)-square split (denoted

by sk) by ensuring that the �rst component is a k × k matrix.

a(0,0) . . . a(0,k−1) a(0,k) . . . a(0,n−1)...

. . ....

.... . .

...

a(k−1,0) . . . a(k−1,k−1) a(k−1,k) . . . a(k−1,n−1)

a(k,0) . . . a(k,k−1) a(k,k) . . . a(k,n−1)...

. . ....

.... . .

...

a(n−1,0) . . . a(n−1,k−1) a(n−1,k) . . . a(n−1,n−1)

We will show the de�nitions of our matrix operations for this split.

11 / 23



Operations for split matrices

If M 〈M0, . . . ,M3〉skand N 〈N0, . . . ,N3〉sk

then

scale λ M 〈scale λ M0, . . . , scale λ M3〉sk

add (M,N) 〈add (M0,N0), . . . , add (M3,N3)〉sk

MT 〈M0T ,M2

T ,M1T ,M3

T 〉sk

M ×N 〈(M0 ×N0) + (M1 ×N2),(M0 ×N1) + (M1 ×N3),(M2 ×N0) + (M3 ×N2),(M2 ×N1) + (M3 ×N3)〉sk

12 / 23



Review of Splitting

The obfuscated operations have a similar complexity to the

original versions.

We can use matrix splitting as an array obfuscation.

It is hard to de�ne determinants and inverses for split

matrices.

The obfuscation changes the shape of the matrices but not the

actual matrix values.

13 / 23



Polynomial bases

Matrix A1 y y2

1 1 0 2x 0 1 3x2 0 0 1

stores p(x, y) = x2y2 + 3xy2 + 2y2 + xy + 1

p(x, y) =(1 x x2

) 1 0 20 1 30 0 1

1yy2

= XAY

14 / 23



Bernstein bases

Can change the basis of the linear transformation using Bernstein

polynomials Bnk (x) =

(nk

)xk(1− x)n−k, ∀x ∈ [0, 1], k = 0, . . . , n.

pB(x, y) =(B2

0(x) B21(x) B2

2(x))

C

B20(y)

B21(y)

B22(y)

=(1 x x2

) 1 0 0−2 2 01 −2 1

C

1 −2 10 2 −20 0 1

1yy2

= X U2 C V2 Y

15 / 23



Bernstein obfuscation of matrices

Since

XAY = p(x, y) = pB(x, y) = XU2CV2Y

the Bernstein-form matrix corresponding to A =

1 0 2

0 1 3

0 0 1

is

C = U2−1AV2

−1 =

1 1 3

1 54 5

1 32 8

and can be used as an obfuscation of A.

16 / 23



Operations for the Bernstein Obfuscation

For a matrix S with dim(S) = (a+ 1, b+ 1), and a matrix T,

it can be proved that

scaleB λ S = scale λ S

addB(S,T) = S + T

transposeB(S) = Ub−1 Vb

T ST UaT Va

−1

multB(S,T) = SVb Ub T

inverseB(S) = Ua−1 Va

−1 S−1 Ua− 1 Va

−1

detB(S) = det(Ua)× det(S)× det(Vb)

17 / 23



Review of the Bernstein obfuscation

The obfuscated matrices have di�erent structure.

Determinants and inverses of matrices can be computed easily.

The scaling and addition operations are not obfuscated.

Any change of basis transformation would be suitable.

We can generalise to more than two dimensions, or to arrays.

There is an extra cost in computational complexity.

18 / 23



Using matrices to obfuscate numbers

We can use matrices to obfuscate other data-types.

To obfuscate a rational number data-type which contains the

operations of addition, multiplication and reciprocal.

We need matrix operations plus, times and recip such that, for

rational numbers n and p, if n A and p C then

n + p plus(A,C) n × p times(A,C) n−1 recip(A)

19 / 23



Using determinants

There are many ways in which to use matrices for the

obfuscation of rational numbers.

We show an obfuscation whose abstraction function is the

determinant.

We choose to obfuscate a number n by a 2× 2 matrix which

has 1 and n as eigenvalues.

Here is one possible transformation (where a ∈ Q):

n

(a b

(a−1)(n−a)b n+ 1− a

)where b 6= 0

20 / 23



Obfuscated number operations

plus(

(a b

c d

),

(e f

g h

)) =

(a+ e− 1 bf

(a+e−2)(d+h−1)bf d+ h

)

times(

(a b

c d

),

(e f

g h

)) =

(a+ d)(e+ h) + 1 bf

−(a+d)(e+h)(a+d+e+h)bf 1− a− d− e− h

recip(

(a b

c d

)) =

d

a+d−1 b

(a−1)(d−1)

b(a+d−1)2a

a+d−1

21 / 23



Evaluation of techniques

We have considered obfuscations at an appropriate level of

abstraction: we are not concerned with implementation details.

Our obfuscations can be evaluated against the assertion attack

model: our obfuscations make the assertions harder to prove.

To understand our matrix obfuscations, a human attacker

needs, e.g., familiarity with the Bernstein basis and with the

relationship between bi-variate polynomials and matrices.

We can combine obfuscations to create more complicated

obfuscations.

22 / 23



Conclusions

The Bernstein obfuscation allows us to devise obfuscations for

a wider variety of matrix operations than matrix splitting did.

However the Bernstein obfuscation can adversely a�ect the

complexity of the matrix operations.

There is usually a trade-o� between the quality of the

obfuscations and their complexity.

Considering obfuscations at an abstract level creates the

opportunity to devise more general obfuscations.

23 / 23

Documents

Creating transformations for matrix obfuscation · Rudich, Amit Sahai, Salil .P Vadhan, and Ke ang.Y On the (im)possibility of obfuscating programs. In Proceedings of the 21st Annual