Paper 2008/150

Robust Combiners for Software Hardening

Amir Herzberg and Haya Shulman


All practical software hardening schemes, as well as practical encryption schemes, e.g., AES, were not proven to be secure. One technique to enhance security is {\em robust combiners}. An algorithm $C$ is a robust combiner for specification $S$, e.g., privacy, if for any two implementations $X$ and $Y$, of a cryptographic scheme, the combined scheme $C(X,Y)$ satisfies $S$ provided {\em either} $X$ {\em or} $Y$ satisfy $S$. We present the first robust combiners for software hardening, specifically for obfuscation \cite{barak:obfuscation}, and for White-Box Remote Program Execution (\w) \cite{herzberg2009towards}. WBRPE and obfuscators are software hardening techniques that are employed to protect execution of programs in remote, hostile environment. \w\ provides a software only platform allowing secure execution of programs on untrusted, remote hosts, ensuring privacy of the program, and of the inputs to the program, as well as privacy and integrity of the result of the computation. Obfuscators protect the code (and secret data) of the program that is sent to the remote host for execution. Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of reductions and code manipulation.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
White-box securitysoftware hardeningobfuscationrobust combinerscryptographic protocolstwo-party computation.
Contact author(s)
haya shulman @ gmail com
amir herzberg @ gmail com
2010-02-10: last of 2 revisions
2008-04-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amir Herzberg and Haya Shulman},
      title = {Robust Combiners for Software Hardening},
      howpublished = {Cryptology ePrint Archive, Paper 2008/150},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.