## Cryptology ePrint Archive: Report 2008/150

Robust Combiners for Software Hardening

Amir Herzberg and Haya Shulman

Abstract: All practical software hardening schemes, as well as practical encryption schemes, e.g., AES, were not proven to be secure. One technique to enhance security is {\em robust combiners}. An algorithm $C$ is a robust combiner for specification $S$, e.g., privacy, if for any two implementations $X$ and $Y$, of a cryptographic scheme, the combined scheme $C(X,Y)$ satisfies $S$ provided {\em either} $X$ {\em or} $Y$ satisfy $S$.

We present the first robust combiners for software hardening, specifically for obfuscation \cite{barak:obfuscation}, and for White-Box Remote Program Execution (\w) \cite{herzberg2009towards}. WBRPE and obfuscators are software hardening techniques that are employed to protect execution of programs in remote, hostile environment. \w\ provides a software only platform allowing secure execution of programs on untrusted, remote hosts, ensuring privacy of the program, and of the inputs to the program, as well as privacy and integrity of the result of the computation. Obfuscators protect the code (and secret data) of the program that is sent to the remote host for execution.

Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of reductions and code manipulation.

Category / Keywords: White-box security, software hardening, obfuscation, robust combiners, cryptographic protocols, two-party computation.

Date: received 3 Apr 2008, last revised 10 Feb 2010

Contact author: haya shulman at gmail com, amir herzberg@gmail com

Available format(s): PDF | BibTeX Citation

[ Cryptology ePrint archive ]