Note: Descriptions are shown in the official language in which they were submitted.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-1-
Tamper Resistant Software Encoding and Analysis
The present invention relates generally to computer software, and more
specifically, to a method and system of making computer software resistant to
tampering and reverse-engineering.
Background of the Invention
The market for computer software in all of its various forms is recognized to
be very large and is growing everyday. In industrialized nations, hardly a
business
exists that does not rely on computers and software either directly or
indirectly, in
their daily operations. As well, with the expansion of powerful communication
networks such as the Internet, the ease with which computer software may be
exchanged, copied and distributed is also growing daily.
With this growth of computing power and communication networks, a user's
ability to obtain and run unauthorized or unlicensed software is becoming less
and
less difficult, and a practical means of protecting such computer software has
yet to
be devised.
Computer software is generally written by software developers in a high-level
language which must be compiled into low-level object code in order to execute
on a
computer or other processor.
High-level computer languages use command wording that closely mirrors
plain language, so they can be easily read by one skilled in the art. Object-
code
generally refers to machine-executable code, which is the output of a software
compiler that translates source code from human-readable to machine-executable
code.
The low-level structure of object code refers to the actual details of how the
program works. Low-level analysis usually focuses on, or at least begins with,
one
routine at a time. This routine may be, for example, a procedure, function or
method. Analysis of individual routines may be followed by analyses of wider
scope
in some compilation tool sets.
The low-level structure of a software program is usually described in terms of
its data flow and control flow. Data-flow is a description of the variables
together
with the operations performed on them. Control-flow is a description of how
control
jumps from place to place in the program during execution, and the tests that
are
performed'to determine those jumps.
Tampering refers to changing computer software in a manner that is against
the wishes of the~original author. Traditionally, computer software programs
have
SUBSTITUTE SHEET (RULE 26)
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-2-
had limitations encoded into them, such as requiring password access,
preventing
copying, or allowing the software only to execute a predetermined number of
times
or for a certain duration. However, because the user has complete access to
the
software code, methods have been found to identify the code administering
these
limitations. Once this coding has been identified, the user is able to
overcome these
programmed limitations by modifying the software code.
Since a piece of computer software is simply a listing of data bits,
ultimately,
one cannot prevent attackers from making copies and making arbitrary changes.
As
well, there is no way to prevent users from monitoring the computer software
as it
~ executes. This allows the user to obtain the complete data-flow and control-
flow, so
it was traditionally thought that the user could identify and undo any
protection. This
theory seemed to be supported in practice. This was the essence of the copy-
protection against hacking war that was common on Apple-II and early PC
software,
and has resulted in these copy-protection efforts being generally abandoned.
Since then, a number of attempts have been made to prevent attacks by
"obfuscating" or making the organisation of the software code more confusing
and
hence, more difficult to modify. Software is commercially available to
"obfuscate"
source in code in manners such as:
globally replacing variable names with random character strings. For
example, each occurrence of the variable name "SecurityCode" could be
replaced with the character string "1xcd385mxc" so that it is more difficult
for
an attacker to identify the variables he is looking for;
deleting comments and other documentation; and
removing source-level structural indentations, such as the indentation of loop
bodies, to make the loops more difficult to read.
While these techniques obscure the source code, they do not make any
attempts to deter modification. These methods produce superficial changes, but
the
information exposed by deeper analyses employed by optimizing compilers and
similar sophisticated tools is changed very little. The data flow and control
flow
information exposed by such analyses is either not affected at all, or is only
slightly
affected, by the above methods of obfuscation. Once the attacker has figured
out
how the code operates, he is tree to modify it as he choses.
A more complex approach to obfuscation is presented in issued United
States Patent No. 5,748,741 which describes a method of obfuscating computer
software by artificially constructing a "complex wall". This "complex wall" is
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-3-
preferably a "cascade" structure, where each output is dependent on all
inputs. The
original program is protected by merging it with this cascade, intertwining
the two.
The intention is to make it very difficult for the attacker to separate the
original
program from the complex wall again, which is necessary to alter the original
program. This system suffers from several major problems:
~ large code expansion, exceeding a hundred fold, required to create a
sufficiently elaborate complex wall, and to accommodate its intertwining with
the original code; and
~ low security since the obfuscated program may be divided into manageable
blocks which may be de-coded individually, allowing the protection to be
removed one operation at a time.
Other researchers are beginning to explore the potential for obfuscation in
ways far more effective than what is achieved by current commercial code
obfuscators, though still inferior to the obfuscation of issued United States
Patent
No. 5,748,741. For example, in their paper "Manufacturing cheap, resilient,
and
stealthy opaque constructs", Conference on Principles'of Programming Languages
(POPL), 1998 [ACM 0-89791-979-3/98/01], pp. 184-196, C. Collburg, C.
Thomborson, and D. Low propose a number of ways of obscuring a computer
program. In particular, Collburg et al. disclose obscuring the decision
process in the
program, that is, obscuring those computations on which binary or rriultiway
conditional branches determine their branch targets. Clearly, there are major
deficiencies to this approach, including:
~ because only control-flow is being addressed, domain transforms are not
used and data obfuscation is weak; and
~ there is no effort to provide tamper-resistance. In fact, Collburg et al. do
not
appear to recognize the distinction between tamper-resistance and
obfuscation, and as a result, do not provide any tamper-proofing at all.
The approach of Collburg et al. is based on the premise that obfuscation can
not offer a complete solution to tamper protection. Collburg et al. state
that: "... code
obfuscation can never completely protect an application from malicious reverse-
engineering efforts. Given enough time and determination, Bob will always be
able
to dissect Alice's application to retrieve its important algorithms and data
structures."
A software approach for computing with encrypted data is described by Niv
Ahituv, Yeheskel Lapid, and Seev Neumann, in Processing encrypted data,
Communications of the ACM 30(9), Sept. 1987, pp. 777-780. This method hides
the
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-4-
actual value of the data from the software doing the computation. However, the
computations which are practical using this technique are quite restricted.
In Breaking abstractions and unstructuring data structures, IEEE International
Conference on Computer Languages, 1998, Christian Collberg, Clark Thomborson,
and Douglas Low provide more comprehensive proposals on obfuscation, together
with methods for obfuscation of structured and object-oriented data.
There remains a weakness, however, in the methods proposed by Ahituv et
al. and Collberg et al. Obfuscation and tamper-resistance are distinct
problems, and
while weak obfuscation is provided by Ahituv et al. and Collberg et al., they
do not
address tamper resistance at all. For example, consider removing password
protection from an application by changing the password decision branch from a
conditional one to an unconditional one. Plainly, this vulnerability cannot be
eliminated effectively by any amount of mere obfuscation. A patient attacker
tracing
the code will eventually find the "pass, friend" / "begone, foe" branch
instruction.
Identifying this branch instruction allows the attacker to circumvent a
protection
routine by simply re-coding it to a non-conditional branch. Therefore, other
methods
are required to avoid such single points of failure.
The level of obfuscation obtained using the above techniques is plainly quite
weak, since the executed code, control flow and data flow analysed in graph
form, is
either isomorphic to, or nearly isomorphic to, the unprotected code. That is,
although the details of the obfuscated code are different from the original
code, the
general organisation and structure have not changed.
As noted above, it is desirable to prevent users from making small,
meaningful changes to computer programs, such as overriding copy protection
and
timeouts in demonstration software. It is also necessary to protect computer
software against reverse engineering which might be used to identify valuable
intellectual property contained within a software algorithm or model. In
hardware
design, for example, vendors of application specific integrated circuit (ASIC)
cell
libraries often provide precise software models corresponding to the hardware,
so
that users can perform accurate system simulations. Because such a disclosure
usually provides sufficient detail to reveal the actual cell design, it is
desirable to
protect the content of the software model.
In other applications, such as emerging encryption and electronic signature
technologies, there is a need to hide secret keys in software programs and
transmissions, so that software programs can sign, encrypt and decrypt
transactions
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-5-
and other software modules. At the same time, these secret keys must be
protected
against being leaked.
There is therefore a need for a method and system of making computer
software resistant to tampering and reverse engineering. This design must be
provided with consideration for the necessary processing power and real time
delay
to execute the protected software code, and the memory required to store it.
Summary of the Invention
It is therefore an object of the invention to provide a method and system of
making computer software resistant to tampering and reverse engineering which
addresses the problems outlined above.
The method and system of the invention recognizes that attackers cannot be
prevented from making copies and making arbitrary changes. However, the most
significant problem is "useful tampering" which refers to making small changes
in
behaviour. For example, if the trial software was designed to stop working
after ten
invocations, tampering that changes the "ten" to "hundred" is a concern, but
tampering that crashes the program totally is not a priority since the
attacker gains
no benefit.
Data-flow describes the variables together with operations performed on
them. The invention increases the complexity of the data-flow by orders of
magnitude, allowing "secrets" to be hidden in the program, or the algorithm
itself to
be hidden. "Obscuring" the software coding in the fashion of known code
bbfuscators is not the primary focus of the invention. Obscurity is necessary,
but not
sufficient for, achieving the prime objective of the invention, which is
tamper-proofing.
One aspect of the invention is broadly defined as a method of increasing the
tamper-resistance and obscurity of computer software code comprising the steps
of:
proposing a set of possible encoding techniques; calculating the number of
possible
solutions that would correspond to each of said set of possible encoding
techniques;
and encoding said target program using the encoding technique that results in
the
greatest number of possible solutions.
The Applicant has several pending patent applications describing various
techniques for converting computer software into tamper-resistant form. While
it is
understood that these techniques could be applied in combination with one
another,
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-6-
the synergy that certain combinations would offer was not clear until the
analysis
technique of the invention was conceived and applied.
Once these combinations were investigated further, it was also found that
certain improvements could be made to their implementations, which went beyond
the initial teachings.
One exceptionally effective technique is broadly defined as a combination of
linear and residue number encoding (described herein as "alternative mixed
encoding"). Another exceptionally effective technique is described as
multinomial
encoding.
Brief Description of the Drawings
These and other features of the invention will become more apparent from
the following description in which reference is made to the appended drawings
in
which:
Figure 1 presents an exemplary computer system in which the invention may be
embodied;
Figure 2 presents a flow chart of a general algorithm for implementation of
the
invention;
Figure 3 presents a flow chart of a polynomial encoding routine in an
embodiment of
the invention;
Figure 4 presents a flow chart of a residue number encoding routine in an
embodiment of the invention;
Figure 5 presents a flow chart of a routine for analysing the effectiveness of
particular tamper-resistant techniques in an embodiment of the invention;
Figure 6 presents a flow chart of a routine for applying the multinomial
encoding
technique in an embodiment of the invention; and
Figure 7 presents a flow chart of a routine for applying the alternative mixed
encoding technique in an embodiment of the invention.
Detailed Description of Preferred Embodiments of the Invention
The invention lies in a means for recoiling software code in such a manner
that it is fragile to tampering. Attempts to modify the software code will
therefore
cause it to become inoperable in terms of its original function. The tamper-
resistant
software may continue to run after tampering, but no longer performs sensible
computation.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
_7_
The extreme fragility embedded into the program by means of the invention
does not cause execution to cease immediately, once it is subjected to
tampering. It
is desirable for the program to continue running so that, by the time the
attacker
realizes something is wrong, the modifications and events which caused the
functionality to become nonsensical are far in the past. This makes it very
difficult
for the attacker to identify and remove the changes that caused the failure to
occur
As a matter of background, an exemplary system on which the invention can
be implemented, will first be presented with respect to Figure 1. Next,
several
techniques which are presented in co-pending patent applications will then be
described with respect to Figures 2 through 4. These techniques, particularly
linear
encoding and residue number encoding, form the foundation for the new
techniques
of the invention.
An example of a system upon which the invention may be performed is
presented as a block diagram in Figure 2. This computer system 10 includes a
display 12, keyboard 14, computer 16 and external devices 18.
The computer 16 may contain one or more processors or microprocessors,
such as a central processing unit (CPU) 20. The CPU 20 performs arithmetic
calculations and control functions to execute software stored in an internal
memory
22, preferably random access memory (RAM) and/or read only memory (ROM), and
possibly additional memory 24. The additional memory 24 may include, for
example,
mass memory storage, hard disk drives, floppy disk drives, magnetic tape
drives,
compact disk drives, program cartridges and cartridge interfaces such as those
found in video game devices, removable memory chips such as EPROM or PROM,
or similar storage media as known in the art. This additional memory 24 may be
physically internal to the computer 16, or external as shown in Figure 1.
The computer system 10 may also include other similar means for allowing
computer programs or other instructions to be loaded. Such means can include,
for
example, a communications interface 26 which allows software and data to be
transferred between the computer system 10 and external systems. Examples of
communications interface 26 can include a modem, a network interface such as
an
Ethernet card, a serial or parallel communication's port. Software and data
transferred via communications interface 26 are in the form of signals which
can be
electronic, electromagnetic, optical or other signals capable of being
received by
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
_$_
communications interface 26. Multiple interfaces, of course, can be provided
on a
single computer system 10.
Input and output to and from the computer 16 is administered by the
inputloutput (I/O) interface 28. This I/O interface 28 administers control of
the
display 12, keyboard 14, external devices 18 and other such components of the
computer system 10.
The invention is described in these terms for convenience purposes only. It
would be clear to one skilled in the art that the invention may be applied to
other
computer or control systems 10. Such systems would include all manner of
appliances having computer or processor control including telephones, cellular
telephones, televisions, television set top units, point of sale computers,
automatic
banking machines, lap top computers, servers, personal digital assistants and
automobiles.
Compiler Technology
In the preferred embodiment, the invention is implemented in terms of an
intermediate compiler program running on a computer system 10. Standard
compiler techniques are well known in the art, and will not be reviewed in
detail
herein. Two standard references which may provide necessary background are
"Compilers Principles, Techniques, and Tools" 1988 by Alfred Aho, Ravi Sethi
and
Jeffrey Ullman (ISBN 0-201-1008-6), and "Advanced Compiler Design &
Implementation" 1997 by Steven Muchnick (ISBN 1-55860-320-4). The preferred
embodiment of the invention is described with respect to static single
assignment,
which is described in Muchnick.
Generally, a software compiler is divided. into three components, described as
the front end, the middle, and the back end. The front end is responsible for
language dependent analysis, while the back end handles the machine-dependent
parts of code generation. Optionally, a middle component may be included to
perform optimizations that are independent of language and machine. Typically,
each compiler family will have only one middle, with a front end for each high-
level
language and a back end for each machine-level language.
All of the components in a compiler family can generally communicate in a
common intermediate language so they are easily interchangeable. This
intermediate language is generally in a form which exposes both control- and
data-
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
_g_
flow so that they are easily manipulated. Such an intermediate form may be
referred
to as flow-exposed form.
In the preferred embodiment of the invention, it is the intermediate code that
will be manipulated to make the desired areas of the input software tamper-
resistant.
The invention can most easily be applied to software code in Static Single
Assignment (SSA) form. SSA is a well-known, popular and efficient flow-exposed
form used by software compilers as a code representation for performing
analyses
and optimizations involving scalar variables. Effective algorithms based on
SSA
have been developed to address constant propagation, redundant computation
detection, dead code elimination, induction variable elimination, and other
requirements.
Of course, the method of the invention could be applied to flow-exposed
forms other than SSA, where these provide similar levels of semantic
information, as
in that provided in Gnu CC. Gnu~CC software is currently available at no cost
from
the Free Software Foundation.
Similarly, the method of the invention could be applied to software in its
high
level or low level forms, if such forms were augmented with the requisite
control- and
data-flow information. This flexibility will become clear from the description
of the
encoding techniques described hereinafter.
General Implementation of Tamper-Resistant Compiling
In general, the tamper-resistant encoding techniques of the invention may be
implemented as shown in Figure 2.
To begin with, high level code can be converted to intermediate form at step
30, using an appropriate compiler front end. Any desirable code optimization
should
then be performed at step 32. Code optimization would generally be ineffective
if
implemented after the tamper-resistant encoding, as the tamper-resistant
encoding
is deliberately designed to frustrate simplification and organization.
The tamper-resistant encoding is now performed in three passes of the
intermediate code graph for each phase of encoding, shown in Figure 2 as steps
38
through 46. In the preferred embodiment of the invention, the popular practice
of
dividing the compiler into a number of phases, several dozen, in fact, is
being
followed. Each phase reads the SSA graph and does only a little bit of the
encoding,
leaving a slightly updated static single assignment graph. This makes it
easier to
understand and to debug. A "phase control file" may be used to specify the
ordering
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-10-
of the phases at step 38 and particular parameters of each phase, for added
flexibility in ordering phases. This is particularly useful when one phase is
to be
tested by inserting auditing phases before and/or after it, or when debugging
options
are added to various phases to aid debugging.
Whenever variable codings are chosen, three passes of the intermediate
code graph are generally required. In a first pass, at step 40, the tamper-
resistant
encoding compiler 34 walks the SSA graph and develops a proposed system of re-
codings. If the proposed codings are determined to be acceptable at step 42,
which
may require a second pass of the SSA graph, control proceeds to step 44, where
the
acceptable re-codings are then made in a third pass. If the proposed coding is
found
to contain mismatches at step 42, then recodings are inserted as needed to
eliminate the mismatches at step 46.
Once all of the encoding phases have been executed, the resulting tamper-
resistant intermediate code is then compiled into object code for storage or
machine
execution by the compiler back end 48.
The tamper-resistant techniques described hereinafter, would generally be
implemented at step 40 of such a routine.
Before considering the new analysis and tamper-resistant encoding
techniques, the polynomial (or linear) and residue number techniques described
in
earlier patent applications should be reviewed.
Polynomial Coding
The polynomial encoding technique takes an existing set of equations and
produces an entirely new set of equations with different variables. 'The
variables in
the original program are usually chosen to have meaning in the real world,
while the
new encoded variables will have no such meaning. As well, the clever selection
of
constants and polynomials used to define the new set of equations may allow
the
original mathematical operations to be hidden.
This technique represents a variable x by some polynomial of x, such as ax +
b where a and b are some random numbers. This technique allows us to hide
operations by changing their sense, or to distribute the definition of a
variable around
in a program.
A convenient way to describe the execution of the polynomial routine is in
terms of a "phantom parallel program". As the polynomial encoding routine
executes
and encodes the original software program, there is a conceptual program
running in
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-11-
parallel, which keeps track of the encodings and their interpretations. After
the
original software program has been encoded, this "phantom parallel program"
adds
lines of code which "decode" the output back to the original domain.
For example, if the SSA graph defines the addition of two variables as:
z . x-y (1)
this equation may be hidden by defining new variables:
x' . ax + b (2)
y' . cy + d (3)
z' . ez + f (4)
Next, a set of random values for constants a, b, c, d, e, and f is chosen, and
the
original equation (1 ) in the software program is replaced with the new
equation (5).
Note that, in this case, the constant c is chosen to be equal to -a, which
hides the
subtraction operation from equation (1 ) by replacing it with an addition
operation:
z' . x' + y' (5)
The change in the operation can be identified by algebraic substitution:
z' . a(x-Y)+(~+d)
Equation (5) is the equation that will replace equation (1 ) in the software
program, but the new equations (2), (3) and (4) will also have to be
propagated
throughout the software program. If any conflicts arise due to mismatches,
RECODE operations will have to be inserted to eliminate them. '
In generating the tamper-resistant software, the transformations of each
variable are recorded so that all the necessary relationships can be
coordinated in
the program as the SSA graph is traversed. However, once all nodes of the SSA
graph have been transformed and the "decoding" lines of code added at the end,
the
transformation data may be discarded, including equations (3), (4) and (5).
That is,
the "phantom parallel program" is discarded, so there are no data left which
an
attacker may use to reverse engineer the original equations.
Note that a subtraction has been performed by doing an addition without
leaving a negative operator in the encoded program. The encoded program only
has
a subtraction operation because the phantom program knows "c = -a". If the
value of
the constant had been assigned as "c = a", then the encoded equation would
really
be an addition. Also, note that each of the three variables used a different
coding
and there was no explicit conversion into or out of any encoding.
For the case of:
y . - x (7)
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-12-
one could chose:
x' . ax + b, and . (8)
Y' ~ (-a)Y + b
which would cause the negation operation to vanish, and x and y to appear to
be the
same variable. The difference is only tracked in the interpretation.
Similarly, for the case of
y . x+5 (10)
one could chose:
y' . ax+(b+5) (11)
causing the addition operation to vanish. Again, now there are two different
interpretations of the same value.
Figure 3 presents a simple implementation of the polynomial coding
technique. At step 58, a fragment of code from the SSA graph is analysed to
determine whether it defines a polynomial equation suitable for polynomial
encoding.
If so, a suitable set of polynomial equations is defined at step 60 that
accomplishes
the desired encoding. As noted above, this technique is generally applied to
physically distribute the definition of a variable throughout a program so a
single
assignment is usually replaced by a system of assignments distributed
throughout
the program.
For the simple polynomial scheme, the values of constants are generally
unrestricted and the only concern is for the size of the numbers. Values are
chosen
which do not cause the coded program to overflow. In such a case, the values
of
constants in these equations may be selected randomly at step 62, within the
allowable constraints of the program. However, as noted above, judicious
selection
of values for constants may be performed to accomplish certain tasks, such as
inverting arithmetic operations.
At the decision block of step 64 it is then determined whether the entire SSA
graph has been traversed, and if not, the compiler steps incrementally to the
next
code fragment by means of step 66. Otherwise, the phase is complete.
Variations on this technique would be clear to one skilled in the art. For
example, higher order polynomials could be used, or particular transforms
developed
to perform the desired hiding or inversion of certain functions.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-13-
Residue Number Coding
This technique makes use of the "Chinese Remainder Theorem" and is
usually referred to as "Residue Numbers" in text books (see "The Art of
Computer
Programming", volume 2: "Seminumerical Algorithms", 1997, by Donald E. Knuth,
ISBN 0-201-89684-2, pp. 284-294, or see "Introduction to Algorithms", 1990, by
Thomas H. Cormen, Charles E. Leiserson, and Ronald L. Rivest, ISBN 0-262-03141-
8, pp. 823-826). A "base" is chosen, consisting of a vector of pairwise
relatively
prime numbers, for example: 3, 5 and 7. Then, each variable x is represented
as a
vector of remainders when this variable is operated upon by the "base", that
is, x
maps on to (x rem 3, x rem 5, x rem 7).
In this scheme, a "Modular Base" consists of several numbers that are
pairwise relatively prime. Two distinct integers are said to be relatively
prime if their
only common divisor is 1. A set of integers are said to be pairwise relatively
prime, if
for each possible distinct pair of integers from the set, the two integers of
the pair are
relatively prime.
An example of such a set would be {3, 5, 7}. In this base, integers can be
represented as a vector of remainders by dividing by the base. For example:
0 - (0, 0, 0),
1 - (1, 1, 1),
5 - (2, 0, 5),
100 - (1, 0, 2),
and
105 - (0, 0, 0).
Note that this particular base {3, 5, 7} has a period of 105, which is equal
to
the product of 3 x 5 ~ 7, so that only integers inside this range may be
represented.
The starting point of the range may be chosen to be any value. The most useful
choices in this particular example would be [0, 104] or [-52, 52].
If two integers are represented in the same base, simple arithmetic
operations may be performed very easily. Addition, subtraction and
multiplication for
example, may be performed component wise in modular arithmetic. Again, using
the
base of {3, 5, 7}:
if: 1 - (1, 1, 1) and
5 - (2, 0~ 5), then
1 + 5 - ((1 + 2) mod 3 , (1 + 0) mod 5, (1 + 5) mod 7)
- (0, 1, 6).
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-14-
Of course, 1 + 5 = 6, and 6 in residue form with the same base is (0, 1, 6).
Subtraction and multiplication are performed in a corresponding manner.
Heretofore, division had been thought to be impossible, but can be done
advantageously in a manner of the invention. First, however, if is of
assistance to
review the method of solving for the residue numbers.
Converting from an integer to a corresponding Residue Number is simply a
matter of dividing by each number in the base set to determine the remainders.
However, converting from a Residue Number back to the original integer is more
difficult. The solution as presented by Knuth is as follows. Knuth also
discusses and
derives the general solution, which will not be presented here:
For an integer "a" which may be represented by a vector of residue numbers
(a,, a2, ... ak):
a - (a, c, + a2 c2 + ... + ak ek) (mod n) (12)
where:
a; - a (mod n;) for i = 1, 2, ..., k
and:
and:
and:
n - n,xn2x...xnk
c; - m; (m;' mod n;) for i = 1, 2, ..., k (13)
m; - n /n; fori=1,2,...,k (14)
and where the notation "(x' mod y)" used above denotes that integer z such
that
xz (mod y) = 1. For example, (3-' mod 7) = 5 because 15 (mod 7) = 1, where
15=3x5.
In the case of this example, with a base (3, 5, 7), a vector of solution
constants, (c3 = 70, c5 = 21, c7 = 15), are calculated. Once these constants
have
been calculated, converting a residue number (1, 1, 1 ) back to the original
integer is
simply a matter of calculating:
r, c,+r2 c2+r3 c3 =1 x70+1 x21+1 x15 (15)
= 106
assuming a range of [0,104], multiples of 105 are subtracted yielding an
integer
value of 1.
Most texts like Knuth discuss Residue Numbers in the context of hardware
implementation or high-precision integer arithmetic, so their focus is on how
to pick a
convenient base and how to convert into and out of that base. However, in
applying
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-15-
this technique to the invention, the concern is on how to easily create many
diverse
,.
bases.
In choosing a basis for Residue Numbers, quite a few magic coefficients may
be generated dependent on the bases. By observation of the algebra, it is
desirable
to have different bases with a large number of common factors. This can be
easily
achieved by having a list of numbers which are pairwise relatively prime, and
each
base just partitions these numbers into the components. For example, consider
the
set {16, 9, 5, 7, 11, 13, 17, 19, 23}, comprising nine small positive integers
which are
either prime numbers or powers of prime numbers. One can obtain bases for
residual encoding by taking any three distinct elements of this set. This
keeps the
numbers roughly the same size and allows a total range of 5,354,228,880 which
is
sufficient for 32 bits. For example, one such base generated in this manner
might be
{16 * 9 * 11, 5 * 13 * 23, 7 * 17 * 19} _ {1584, 1495, 2261}.
The invention allows a system of many bases with hidden conversion
between those bases. As well, it allows the solution constants to be exposed
without
exposing the bases themselves. The original bases used to convert the software
to
residue numbers are not required to run the software, but would be required to
decode the software back to the original high level source code. The invention
allows a set of solution constants to be created which may run the software,
without
exposing the original bases. Therefore, the solution constants are of no
assistance
to the attacker in decoding the original software, or reverse engineering it.
To hide the .conversion of a residue number, r, defined by a vector of
remainders (r,, r2, ... r~) derived using a base of pairwise relatively prime
numbers
(b,, 62, ... b"), a vector of solution constants are derived as follows.
Firstly, using the
method of Knuth, a vector of constants (c,, cZ, ... ck) may be determined
which
provides the original integer by the calculation:
r - (r, c, + r2 c2 + ... + rkck) (mod b~ (16)
where b; is the ith number in the vector of pairwise relatively prime numbers
{b,, b2,
... b~}. As each of the corresponding r,, rZ, .., r~ are residues, they will
all be smaller
than b;, therefore equation (16) may be simplified to:
r; _ (c, mod b;) x r, + (c2 mod b,;) x r2+ ... + (ck mod b;) x r" (17)
Each component (c; mod bj) will be a constant for a given basis, and can be
pre-
calculated and stored so that the residue numbers can be decoded, and the
software
executed, when required. Because the vector of (c; mod b~) factors are not
relatively
prime, they will have common factors. Therefore, the base {b,, b2, ... b~} can
not be
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-16-
solved from knowledge of this set of factors. Therefore, storing this set of
solution
constants with the encoded software does not provide the attacker with any
information about the old or the new bases.
Division of Residue Numbers
Most texts like Knuth also indicate that division is impossible. However, the
invention provides a manner of division by a constant.
In order to perform division by a constant using residue numbers, the divisor
must be one of the numbers of the base:
Let: the base be {b,, b~, ... bn},
the divisor be b;, which is a member of the set fib,, b~, ... b~}, and
the quotient be {q,, q2, ... , qn}.
Then, to calculate q; (where i is note):
q~ - (c~lb;modb~)*r~+(c;-1)lb;modb;*r; (19)
The algebraic derivation is straightforward, by symbolically performing the
full
decoding and division. The key is the observation that all the other terms
vanish due
to the construction of the c;'s.
To calculate q;, the terms do not vanish, so a computation must be made of:
q; - (c,lb;modb;)*r,+...+(cnlb;modb;)*r" (20)
This equation does not take account of the range reduction needed, so a
separate computation is used to calculate the number of times the range has
been
wrapped around, so that the proper value may be returned:
w; - [(cylb;)~r~+...
+ (c~ l b; ) ~ r"] I (rangeSize / b;) x (rangeSize / b;) (21 )
Therefore, the decoded integer value becomes:
x - q; + (rangeSize / b;) ~ w; (22)
Figure 4 presents a flow chart of a simple implementation of a Residue
Number encoding phase. The routine begins at step 68 by establishing a base
set
of pairwise relative primes, for example, the set of {16, 9, 5, 7, 11, 13, 17,
19, 23} as
presented above. At step 70, a base is computed from this set as previously
described, such as {1584, 1495, 2261}. A suitable block of software code is
selected
from the SSA graph and is transformed into residual form at step 72. If
operators
are found which are not calculable in the residue domain, then they will be
identified
in the phase control file, and those operators and their associated variables
will be
encoded using a different technique. At step 74, a corresponding set of
solution
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
17-
constants is then calculated and is stored with the tamper-resistant program.
As
noted above, these solution constants are needed to execute the program, but
do
not provide the attacker with information needed to decode the tamper-
resistant
program.
At step 76, a decision block determines whether the entire SSA graph has
been traversed, and if not, the compiler steps incrementally to the next code
fragment by means of step 78. At step 80, a determination is made whether to
select a new basis from the set of pairwise relative primes by returning to
step 70, or
to continue with the same set by returning to step 72. Alternatively, one
could return
to step 68 to create a completely new base set, though this would not
generally be
necessary.
Once the decision block at step 76 determines that the SSA graph has been
traversed, the phase is complete.
With this background, the reader may now consider the new analysis and
tamper-resistant encoding techniques of the invention.
New Analysis and Tamper-Resistant Encoding Techniques
The first part of this section is devoted to measuring the resistance of data
encodings to reverse engineering. We introduce a measure of encoding
resistance
in an encoded world as a measure of uncertainty: specifically, the number of
possible solutions or'real' worlds which could correspond to the observable
encoded
world. An attacker observing only operations in an encoded world and inputs to
the
encoded world (i.e., all encoded input data) cannot distinguish between any of
possible solutions. Thus, the larger the number of corresponding possible
solutions
(i.e. the size of the "transform space"), the more uncertainty and resistance
the
encoding has. Only one of these possible solutions, of course, is the correct
solution.
In other words, there is a specific original computation to be encoded. It can
be encoded according to one of a list of techniques, and for each technique,
there
are many different computations which might be encoded to exactly the same
encoded computation (i.e., the computer instructions are exactly the same, but
the
significance of the computation varies - the meaning/encoding of the input and
output values differs). The number of different computations which could lead
to the
same instruction sequence constitutes the ambiguity for that technique (an
attacker
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-18-
sees exactly the same thing, and then has the problem of resolving the
ambiguity
among the may possible meanings/encodings for the encoded computation).
We choose encoding techniques which provide sufficient ambiguity, as
defined above, to satisfy the security need for the computation to be encoded.
It is important to note that the ambiguity measures characterize the
resistance of encoding to an arbitrary attack which only uses information from
the
encoded world.
We then present estimates of resistance of linear, residue and mixed
encodings (i.e. the use of linear and residue encodings in combination) for
addition
and multiplication and demonstrate that maximal resistance is achieved for
mixed
encoding. We show that there exist more resistant schemes for performing
multiplication in mixed encodings.
We estimate resistance of computation of arbitrary multivariate polynomials in
mixed encoding and propose several ways to increase the resistance of
arbitrary
computation in mixed encoding.
1.0 Introduction: general scheme of using encodings in computations
Below we present a brief overview on the problem of data encodings.
1.1 What are Data Encodings?
Suppose we wish to compute
y = F(X1,..., X"; C1,..., C",), ' (23)
where:
x1, .,. , x" is the input data,
c1, ... , c~, some internal parameters we wish to hide from an attacker
by an encoding,
Y= (Y1, ~~~ ~ Y1) is the output and
F is a function for its computation.
Encoding is a parametric collection of functions that map each integer into
tuples of integers:
x i1 '- f1 (xi)
X ik - fk(Xi)
C l1 . f1 (CI)
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-19-
C )k -_ fk(ci) (25)
An important additional requirement is that encoding must be consistent with
arithmetic operations. This means that for each basic arithmetic operation (+,
x, _)
there is a sequence of a constant number of operations over the encoded data
(which is called a replacing sequence) such that the original arithmetic
operation can
be derived from the result of replacing sequence of operations by a.simple
decoding
procedure.
Then, instead of (23) we compute
,y 1 - F1 (X 11~...,X lk,...X n1 ...X nk; C 11,...C lk,...C ml,...C m~,
y k - Fk(X~11~...,X ~k,...X~nl,...X nk; C~11~...,C ~k,...C~m1r...C ,rk)~
where F' are obtained from F by standard rules (using the encoding that is in
consistent with the arithmetic operations used).
Then we apply decoding (the inverse function to encoding) to obtain the
original results of the computation.
'1.2 A general scheme of using encodings in computations
The following general scheme may be used:
A. Encodings of data. At this stage for all input data we compute their
encoded
values.
B. Computations with encoded data (Encoded world). At this stage we compute
with encoded data by formal rules replacing each basic operation by a
sequence of appropriate operations.
C. Decoding of results. At this stage encoded results obtained in computations
are decoded.
What are the main advantages of such scheme? Note that Stage B is obtained by
an original program being cloaked by simple formal rules (automatically). .
Stages A and C compute concrete functions, so they can be implemented
once (using identities or other techniques) for all programs being cloaked.
If we are able to hide information on stages A and C by cloaking, then the
resistance of the whole scheme will be determined by the resistance of the
stage B,
By this reasoning it is vital to define what 'resistance to computations'
means for the
encoded world (Stage B).
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-20-
1,3 Measure of resistance of encodings
We introduce a measure of encoding resistance in the encoded world as a
measure of uncertainty. We define the resistance measure as the number of
different possible solutions which can correspond to the observable encoded
world.
An attacker observing only operations in the encoded world and inputs to the
encoded world (i.e., all encoded input data) cannot distinguish between any of
such
possible solutions corresponding to the same encoded world. Therefore, the
greater
the number of corresponding possible solutions, the greater the uncertainty
and
resistance of the encoding method.
If is important to note that such a measure characterizes the resistance of
encoding to an arbitrary attack (exhaustive search) which uses only
information from
the encoded world. It means that this measure characterizes absolute
resistance.
The aim of introducing measures of resistance is to compare the resistance
of different encodings for computations.
2 Definition of a measure of encoding resistance
We wish to compute (23) using the encodings in (24).
The world of possible solutions is a tuple (cl,...,ck, x,,...,xn) and the
encoded
world is a tuple of the form:
EncodWorld = (X ~1,..., X ~k,..., X nl,w, X nk~ C 11~w~ C 1k~~~~~
c ;"1,..., c mk, F'1,..., Fk) (27)
Definition. A measure of resistance of a scheme (24) - (26) is the number of
different possible solutions (e1,..., ck, x1,..., xn) which correspond to the
same
encoded world:
EncodVllorld = (X ~1,..., X ~k,..., X ~1,..., X nk; C ~1,..., C ~k,...,
c ;"1,..., c ;"k; F'1, ... , F;~) (2$)
We will denote it by Rw = RW (EncodINorld).
An equivalent definition of the measure of resistance of a scheme is as
follows:
Definition. A measure of resistance of the scheme (24) - (26) is the number
of different possible solutions (c1,..., ck, x1,..., xn) which can correspond
to the same
encoded world, i.e. the number of different possible solutions (c1,..., ck,
x1,..., xn) for
which we can obtain the same encoded world using the same encoding scheme (the
same class of encoding but with other possible encoding parameters).
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-21 -
Examples of estimates of resistance for linear, residue and mixed encodings
(i.e. the simultaneous application of both linear and residue encodings) are
presented in the following sections.
3 Resistance of linear encoding
3.1 Resistance of linear encoding of a sum: clx~ + ... + c"x"
First let us consider the resistance given by the sum of two variables x and
y:
z _- c1x + czY.
Let integers x and y be represented in a linear encoding as
x,=al.x+b1
Y, -_ az . Y + bz (29)
and
C 1 =_ a1 . C1
c 2 = a~ ~ c2 (30)
and
A1 = a1 a1 / m
AZ=a~a~/m (31)
where
m = GCD (a1 a1, a2 a2) (32)
For calculating z in linear encoding we need the following relationship:
Zs=A2.C1x,+A1.C2Y,
The observable world is determined by the following parameters: c ~, c'2, x ;
y ; A1, Az and the number of possible solutions (let us denote it as RW) is
the number
of solutions of the corresponding system of equations (29 - 32).
The solution (i.e., one of the possible solutions RW) is a set of values for
x, y,
c~, c2, a1, _a~, b1, b~, a1, a~. Let us denote the range of possible values as
K.
We now make the following Propositions.
Proposition 1. For fixed c'1, c'~, x ; y ; A1, A2, and a1, a2, c1, c2 the
number of
possible solutions Rw z Kz.
Proof. The proof follows from the fact note that arbitrary values of x or y
are
solutions of our system since for any x (y) we can choose b1 (b2). such that
the value
of x' (y ~ does not change.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-22-
Proposition 2. For fixed c ;, c'2, x ; y ; A~, A~ and c ~, c'2, x, y the
number of
possible solutions can be estimated as Rw ~ K/A, where A is a range of
variation of
a, and a~.
Proof. Note that for some solutions of our system a~, a2 and for any g the
values a~ = g ~ a, and a2 = q ~ a2 also give a solution because A~, A2 are the
same
and there exist b~ and b~ such that x' and y' do not change.
Proposition 3. The number of possible solutions is Rw >_ K3/A, where A is a
range of variation of a, and a2.
Proof. This proposition follows immediately from Proposition 1 and
Proposition 2.
Now we can return to the question of resistance of the sum: c,x, + ... + C~Xn.
Basing on the results achieved above it follows that Rw ~z K"+' /A, where A is
a range
of variation of a~,..., an.
If K = 264 (the usual range for representing integers in Java) this gives a
lower
bound of resistance > 2'°° which seems large enough from the
point of
computational complexity (enumerating all possible solutions is impossible)
and from
probabilistic point of view (the probability to guess right parameters is less
than 2-00).
This is based on doing an exhaustive search.
3.2 Resistance of linear encoding of a product: X,...xn
Now consider the resistance of the product of two variables x and y: z = x ~
y.
Remembering equations (29)
x' _- a~ , x + b~
Y,= a2 .Y+ b~
To find z in linear encoding one needs to calculate
z'=_ x' , y' _ b2 . x' _ b, . y' (33)
which are related to z by the formula
z' = f ~ z + g (34)
where
f = a, ~ a2 (35)
and
g = b~ ~ b2 (36)
The observable (encoded) world is determined by the following parameters:
b,, b~, x ; y' and the number of possible solutions (let us denote it as Rw )
is the
number of solutions of the corresponding system of equations (29) and (34 -
36).
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-23-
The solution (i.e., one of the possible solutions RW) is a set of values for
x, y, a~, a~,
b~, bz.
From the equations and the observable data b~ and bz, it follows that a~ ~ (x'-
b,) and a2 ~(y'- bz) ; where ".p ~ q" means that p divides q; i.e., q = m ~ p
for some
integer m. Then we have relations a~ ~ x = x' - b~ and az ~ y = y' - b~.
Hence, the
following statement holds:
Proposition 4. The resistance RW for multiplication in linear encoding is
equal
to the product of the numbers of divisors of the integers x'- b, and y'- bz.
Note that there are situations when resistance of linear encoding is not
enough, namely equal to 1 when integers x'- b~ and y'- b2 are primes. In the
latter
case an attacker can find all of the parameters of the linear encoding.
4. Resistance of residue encoding
The residue encoding of integer x is
x;=x(modp;)
where p;, i = 1,..., k are coprime integers.
The encoded (observable) world is (x ~,..., X k), while the world of possible
solutions is (x, p~,..., p,~).
Let p = p, ~ ... ~ pk. The resistance of residue encoding can be estimated via
the function S(p, k), where S(x, k) is the number of different representations
of
integer x as a product of k mutually coprime numbers.
Proposition.
Rw z S(p, k).
This estimation of Rw comes from the evaluation by I. Niven and H. S.
Zuckerman in:
An Introduction fio the Theory of Numbers, Wiley, 1980.
5. Alternative mixed encoding: addition and multiplication
In this section a more resistant method for performing addition and '
multiplication in a mixed encoding (i.e. a combination of linear and residue
encoding)
is presented.
Let integers x and y be represented in mixed encodings as
x ; --- a~ ~ x, + b, mod p~
X ~ --- a~ ~ xn + b~ mod p" ' (37)
and
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-24-
y'~---c~ ~y,+d, mod p,
Yn=Cr,'Y~'~'d"modp" (38)
and let GCD(ak, pk) = GCD(ck, pk) = 1 for all k-= 1,..., n.
5.1 Addition
Find ak and irk satisfying the equations:
ak ~ ak ---- 1 mod p~
Nk ' ck = 1 mod pk I (39)
For each k choose mk such that GCD(mk, pk) = 1 and then take two different
representatives mk~'~ and mk~2~ of mod pk class of mk. Then denote:
nk = mk~' ~ ' ~~
Mk = m~c2~ . Nk
Let z = x + y and we are looking for the sum of two variables x and y. To find
z in mixed encoding it is sufficient to calculate:
z',=n,'x',+M, 'Y; mod p,
z;,=l~n'a';,'E'M"'Y;,modpn (4'1) .
which are connected to z = (z~,..., z~) by the formulas
z', ---- f, ' z, + 9'~ mod p,
z ;, --- f" ~ z" + g" mod p~ (42)
where
f~ --- m~ mod p,
...
f~ --- m~ mod pn (43)
and
9'~ = n, ~ b1 +M, ' d, mod p,
g~ --- n" ' bn +M~ ~ d~ mod p" (44)
Observable values: an attacker observes only n;, M; and variables x ; and y ;
.
Note that the following relations hold:
GCD(aK, pK) = GCD(cK, pK) = 1 for all k = 1,..., n. (45)
For each k, GCD(mK, pK) = 1 (46)
mK~'~ = mK~2~ mod pK (47)
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-25-
aK aK ---- 1 mod pK (4$)
NK ' cK --- 1. mod pK (49)
~K - mK~l~ ~ ~k
MK = ~K~2~ . NK
x ~ = a1 x1 + b1 mod p1
X ;, = an ~ Xn + bn mOd pn (52)
Y 1 - C1 . Y1 + d1 mod p1
Y ;, --- Cn . Yn + do mod pn (53)
The world of possible solutions is (x, y, a;, b;, c;, d;, p;).
5.2 Multiplication
Now consider the multiplication of two encoded data elements:
x ; --- a1 ~ x1 + b1 mod p1
X ;, = an ' Xn + bn mOd pn (54)
and
Y ; = c1 . Y1 + d 1 mod p1
Y ~ = Cn .Yn + do mod pn (55)
and let GCD(ak, pk) = GCD(ck, pk) = 1 for all k = 1,..., n. Then there exist
such ~ik and
Nk that ak ~ ak = 1 mod pk and Nk ~ ck = 1 mod pk. Then ~Ik ~ X k - ak ' bk ---
- xk mod pk
andNk'yk-Nk'dk=Ykmodpk.
We have:
Xk . Yk - (~k . X k ~k . bk) . (Nk ~ Y k Nk . dk)
- ~k . Nk . x k .Y k ~k ~ Nkbk .Y k ~k ~ Nkdk . X k+ ~k . Nkbk . dk.
Multiplying the both sides of the last equation by some 9k # 0 mod pk we
obtain
ek ~ Xk . Yk - ek . ~k . Nk . X k . y k ek . l~k . ~.Ik'6k . y k ek . l~k .
~.Ikdk X k + ~k ' /I k .
Nkbk ' dk
or
ek . Xk . Yk ek . ~k . Nkbk . dk - ek . ~k . Nk . X k . Y k ek . ~k . Nkbk . Y
k ek . l~k .
Nkdk ~ x k
Then choose different representatives of ak, Nk, 9k and denote
ek . ~k . pk - ak mod pk ,
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-26-
ek ' ~k ' Nk ' bk = ~k mod pk,
ek ' ~k ' Nk ' dk - yk mod pk,
ek'~k'~k ~'61 'd1= ~kmod pk
Then we
get a
formula
for multiplication
of integers
represented
in mixed
encoding:
ek ' xk ' Yk ~k = ak ' x k ' Y k ~k ' Y k
~k ' x k mOd pk
Observable values: (x ; y ; a;, Vii,, V;).
The world of possible solutions is (x, y,
a;, b;, c;, d;, p,).
6 Resistance of alternative mixed encoding
6.1 Resistance of a sum A~X, + , . . + A"x"
Firstly let us consider the resistance of
the sum of two variables x and y: z = x
+ y,
Let integers x and y be represented in mixed
encoding as
x ; --- a1 ~ x1 + b~ mod p1
X ;, --- a~ ' x~ + b~ mod p~ (56)
and
Y;=c1'Y1+dlmodpl
...
Y~=C~'Yn'~dnmodp~ ('J7)
and let
GCD(ak, pk) = GCD(ck, pk) = 1 (58)
for k = 1, .,. , n.
Find ak and irk satisfying equations
ak ~ ak ---- 1 mod pk, Nk ' ck --- 1 mod (59)
pk
For each k we choose mk~'~ and mk~~~ such
that:
GCD(mkt'~, pk) = GCD(mk~z~, pk) = 1 (60)
and
mk~'~ . mk~2~ mod pk (61 )
Now choose:
lIk ---- mk~'~ ~ ~Ik mod pk
Mk = mk~2~ ~,uk mod pk (62)
In a mixed encoding for finding the encoded
z we will calculate:
z~=n, ~x~+M, ~y~
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-27-
Zn=nn'xn'~'Mn'Y~ (63)
Earlier we introduced a measure of encoding resistance in the encoded world
as the number of possible solutions which can correspond to the observable
encoded world. Note that in this case the observable world consists of the
following
parameters: nk, Mk, x k, y ~ (k = 1,..., n) and the number of possible
solutions (let us
denote it as Rw) is the number of solutions of the corresponding system of
equations
(56 - 63). The solution (i.e., one of the possible solutions Rw) is a set of
values for xk,
Yk, ak, bk, pk (k = 1, ... , n). Now we will estimate RW.
Proposition 1. For fixed nk, Mk, x k, y k and a k, pk (k = 1,..., n) the
number of
possible solutions Rw z pz, where p = p1 ' pz ' ... ' pn.
Proof.' To prove this we note that any values of xk or yk (0, 1, 2,..., pk -1
) will
give a solution of our system as for any xk (yk) we can choose such 6k (dk)
that the
value of x k (y k ) does not change.
Proposition 2. For fixed x k, y k and xk, yk (k = 1,..., n) the number of
possible
solutions is Rw z 2zn, where p = p1 ' pz ' ... ' pn.
Proof. It is known that nk = mk(1) ' ak and Mk = mk(z) ' Nk. One can check
that
there exists such solutions:
1 z
(mk( )~ mk( )~ ~k~ Nk) - (1 ~ 1~ ~k~ Mk)~
( 1 2
mk( )~ mk( )~ l~k~ Nk) - (1 ~ Mk~ ~k~ 1 )
(1) (2)
(mk ~ mk ~ ~k~ Nk) - (~k~ 1 ~ 1 ~ Mk)~
(mk(1 )s mk(2)~ ~k~ Nk) - (~k~ Mk~ 1 ~ 1 )
Proposition 3. The number of possible solutions is Rw ~ 2zn ' pz.
Proof.' This proposition is a corollary of Proposition 1 and 2.
Now we can state a more general variant of the second proposition:
Proposition 4. For constant x k, y k and xk, yk (k = 1,..., n) for any nk(1 ),
nk(z)
(Mk(1 ), Mk(z)) such that nk = nk(1) ' nk(z) (Mk = Mk(1 ) ' Mk(z)) there
exists a solution of OUr
system such that mk(1) _ /~k(1) and ak = nk(z) (mk(z) = Mk(1) and Nk = Mk(z)).
As we can see, the greater the number of divisors of nk and Mk is, the greater
is the number of possible solutions. Note that during these computations we
can
choose mk and mk . So using mk and mk with large numbers of divisors can
greatly increase the resistance of the computations. If for any k the number
of
divisors of nk and Mk is at least q then Rw ~ gzn , pz.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-28-
Now returning to the question of resistance of the sum: Alx1 + .,. +A~,xm~
Based on the results obtained above it is possible to prove that Rw >_ 22" .
pm,
Some improvement of the statement claimed in Proposition 2 is possible;
indeed, it is possible to prove that Rw >- (n! + 22" - 1) ' p~.
Proof.' It is known that nk = mk(1 ) ' ~Ik and Mk = mk(~) ' Nk. One may check
that
there exists solutions:
1 2
(mk( )~ mk( )~ ~k, Nk) _ (1 ~ 1' ~k~ Mk)~
(1) , ~~
(mk ~ mk ~ ~k~ !''k) " (1 ~ Mk~ ~kr 1 )a
1 2
(mk( )~ mk( )~ ~k~ Nk) -' (nkr 1 ~ 1 ~ Mk)~
1 0 (mk(1 ), mk(a), /~k~ Nk) -' (nk~ Mk~ 1 ~ 1 ).
We note that in the case (mk(1 ), mk(~), ak, Nk) _ (1, 1, nk, Mk), the number
of
solutions Rw z n!; in this case we have ak = nk and Nk = Mk, thus, nk ' ak ---
1 mod pk
and Mk ' ck --- 1 mod pk.
Let us propose that p = p, ' p2 ~ ... ' p" and p is fixed and the value of its
divisors is also fixed but not the place (i.e., ~~.
This means that we have n! variants of the order for p;, and for each variant
we have one more solution.
6.2 Resistance of a product y,°' .., yt t
First consider the resistance of the product of two variables X and y: z = x ~
y.
Recall the representation in mixed encoding per equations (56 - 57):
x ~ = a1 ' x1 + b1 mod p1
X ~ = an ' Xn + bn mod pn
and
y1-c1 ~y1+dlmodpl
yn'Cn'yn+dnmOdpn
and let GCD(ak, pk) = GCD(ck, pk) = 1 for all k = 1, ... , n. Then there exist
such ilk
and Nk that ~Ik ' ak ---- 1 mod pk and Nk ' ck ---- 1 mod pk. Then ~Ik ' x k -
ak ' bk ---- xk mod
pkandNk'.yk Nk~dk-ykmodpk.
Then we have:
xk ' Yk = (~k ' X k - ~k ' ~k) ' (~k ' Y k ' !~k ' dk)
- ~k ~ Nk ~ X k ~ y k ~k ~ Nk~k ~ X k + ~k ~ Nk~k ~ dk.
Multiply the both sides of the last equation by some 9k ~ 0 mod pk. Then we
have:
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-29-
ek ' xk ' Yk - ek ' ~k ' Nk ' x k ' Y k ek ' ~k ' Nkbk ' Yk 8k ' ~k ' ~kd k '
x k ' ~k~k ' d k
or
ek ' xk ' Yk ek ' ~k ' Nkbk ' dk - ek ' ak ' Nk ' x k ' Y k ek ' ~k ' Nkbk ' Y
k ek ' ~k
Nkdk ' x k
Then choose different representations of ilk, pk, 9k and denote:
ek'~k'Nk=ak.
ek'~k'Nk'bk-~k~
~k'~k'Nk'dk-Yk and
~k ' ~k ' Nk ' b1' d1 - ~k
Thus, we obtain:
ek ' xk ' Yk ~k ak ' x k ' Y k ~k ' Y k Yk ' x k
The observable world in this case is determined by the following parameters:
(ak, ~k, Yk) for all k = 1, ... , m.
Proposition 5. For fixed ak, ~3k, Yk, x ~, Y i~ and bk, dk (k = 1, ... , n)
the number
of possible solutions Rw a ~p z(p), where p = p~ ' pz ' ... ' p~ and ~p(N) is
the Euler
function which is the number of positive integers coprime with (positive
integer) N
and less then N.
Proof. From definition of multiplication in mixed encoding the following
equatioris hold
x k - bk---- akxk mod pk
Y k - dk = ck Yk mod pk (64)
and
ak ---- 6k a~' ck' mod pk
ak ----- ak bk mod pk
yk --- ak dk mod pk (65)
We can choose cpz(pk) solutions of equations akxk ---- qk mod pk and ckyk =- g
k
mod pk for fixed qk and q k taking arbitrary ak and ck which are coprime to
pk. Then
there exists ~pz (pk) solutions of equations (64 - 65) for any fixed ak, ~3k,
Yk, x k, Y k and
bk, dk. As pk are mutually coprime and the Euler function is multiplicative,
the
number of all possible solutions for all p~, ... , p~ then is (~p(p,) -~-
cp(p~))z = ~(p~ w p~)
_ ~(p)~
Returning to the question of resistance of the product of independent
variables: x~...Xm. Based on the results above, it can be shown that Rw >_
~p"'(p),
where p = p~ ' pz ' ... ' pn
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-30-
To avoid technical difficulties in estimating resistance of the product yi«i ,
... ,
yt«t we introduce multiple encodings of the same input data. This means that
every
new appearance of input variable will be encoded with independent parameters
as a
new variable. For example, in the formula y = x2, variable x will be encoded
twice
with different parameters and we can consider the encoded formula as the
product
of independent variables.
In this way, we reduce the problem of estimating the resistance of yi«i , ...
yt"~ to estimating the resistance of the product of independent variables zi ,
... , z,. ,
r
where T = ~ a;, and obtain an estimate of the resistance Rw of the product
yi«' , ...
Z=1
, Yt'~ as:
Rw Z APT (p)
6.3 Resistance of polynomials of several variables ("multinomials")
In this section we estimate resistance of general computations with integers
containing both additions and multiplications.
Let us consider a multivariafie polynomial
CI1 Cfn
P(xi, ... , x«) _ ~ Ca x1 , xn
a=(a t,...,an)
and assume that we wish to hide some of its coefficients from an attacker by
mixed
encoding. Let N be the number of summands in the above formula.
Let us consider the following way to compute a polynomial P:
1, in each monomial compute all multiplications of variables;
2, multiply them by corresponding coefficients ca;
3, compute P performing N additions of obtained results. a
We again use multiple encodings of the same input data: every new
appearance of each input variable will be encoded with independent parameters
as a
new variable. This reduces the problem of estimating resistance of a
polynomial P to
the problem of estimating resistance of the sum of variables:
C1Y1 + ", + CNYN~
where N is the number of summands in the formula for P, each y; is the product
of
independent variables and sets of such variables are disjoint for any pair y;,
y~.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-31 -
In a manner similar to that used to obtain the results for resistance of the
product of independent variables (Section 6.2) and the results for resistance
of linear
combination of independent variables (Section 6.1 ) in mixed encoding we, can
prove
the following:
Proposition. The resistance Rw of computing P(x,, ... , x,~ can be estimated
as:
RW ~ ~PS(P)
N
where S = ~ m;-N, m; is the number of independent variables in the ith
Z=1
summand, N is the number of summands and ~p(n) is the Euler function.
7. Exemplary Implementations
General implementations of the invention will now be presented.
Broadly speaking, the analysis technique of the invention could be applied for
successive fragments of code by performing the following steps:
1. first, computing the ambiguity measures for various encodings;
2. then selecting the particular encoding the an ambiguity level sufficient to
meet the security needs; and then
3. applying the selected encoding to the code fragment.
The same steps are then performed for the remaining fragments in the targeted
set
of code, to arrive at a tamper-resistant set of code.
Clearly, the analysis system of the invention could easily be incorporated
into
a routine such as that of Figure 2 simply by adding some further steps. Such a
routine is presented in the flow chart of Figure 5.
This routine begins at step 30 by converting the targeted software code to
SSA form using a compiler front end. The parameters which define the bounds of
possible encodings are then established at steps 100 and 102. While the
discussion
of the invention has focussed mainly on the effectiveness of the various
encoding
techniques, there are other considerations that may affect which technique is
used in
a certain application. For example, it may be desirable to consider:
4. the degree to which different encodings cause code expansion; and
5. the increased processing burden.
Certain parameters will be set as a matter of user preference, while others
will be limited by the platform or application (such as the bit width of an
operating
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-32-
system or Smart card, or the allowable processing time to maintain realtime
performance). These parameters would be established at steps 100 and 102
respectively.
Next, the routine considers each phase of the SSA code at step 38, as
described above. For each phase, the routine walks the SSA graph at step 104,
collecting the data necessary to effect the proposed encoding, and also to
perform
the effectiveness calculations.
The effectiveness calculations are then performed at step 106, and an
optimal encoding is identified. As noted above, the selection of an optimal
encoding
may turn on a number of factors in addition to the overall effectiveness.
Steps 42, 44 and 46 are then performed as described above, affecting the
optimal encoding on the targeted software.
Once all phase have been encoded, the SSA graph is converted to
executable object code by means of a compiler back end, at step 48, completing
the
routine.
In section 6.3, we analysed the resistance of polynomial equations with
several variables. These multinomials occur commonly in computations
underlying
many applications, such as:
~ task or job-shop scheduling problems involving areas or volumes to be
processed with fixed personnel (such as installing floor tiles);
~ bank interest calculations for fixed numbers of interest intervals;
~ curve-fitting, where we try to find a formula which fits observed data;
~ ballistics;
~ computer graphics; and
~ approximations for many other kinds of computations, where we use the
multinomial approximation to avoid a much more expensive, precise
calculation.
Multinomial encoding can be applied to any of the above because a
multinomial encoding of a multinomial is itself a multinomial; i.e., we
replace an
unencoded multinomial with an encoded one.
Since ordinary additions, subtractions, multiplications, and exponentiations,
are just very simple instances of multinomials, multinomial encoding can be
applied
to such ordinary computations as well: the multinomial encoding of a
multinomial
(however simple) is itself a multinomial.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-33-
Wherever polynomials of one or several variables occur in computations, we
can apply the multinomial technique, and compute its ambiguity using the
formula
given in section 6.3 above.
Figure 6 presents a flow chart of simple implementation of an algorithm for
effecting the multinomial encoding technique. This routine is much like that
of
Figure 3, described above. First, at step 120, a fragment of code from the SSA
graph is analysed to determine whether it defines a multinomial equation
suitable for
multinomial encoding. If so, a suitable set of multinomial equations are
defined at .
step 122 that accomplishes the desired encoding.
Like the case of the polynomial encoding, the values of constants are
generally unrestricted, the main concern being that the constants are smaller
enough
to avoid overflow. Thus, the values of constants in the encoding equations may
be
selected randomly at step 62, within the allowable constraints of the program.
At
the decision block of step 64 it is then determined whether the entire SSA
graph has
been traversed, and if not, the compiler steps incrementally to the next code
fragment by means of step 66. Otherwise, the phase is complete.
Variations on this technique would be clear to one skilled in the art.
Similarly, the "alternative mixed encoding technique" described in section 5
can also be implemented using a routine similar to that presented in Figures 3
and
6. Such a routine is presented in the flow chart of Figure 7.
First, at step 140, a fragment of code from the SSA graph is analysed to
determine whether it performs integer addition, subtraction of multiplication.
If so, a
suitable set of mixed encodings are defined at step 142, where, for the inputs
and
the output in each of which all linear multipliers are coprime to all moduli.
Like the other encodings described above, the values of constants in the
encoding equations are then randomly selected at step 62, within the allowable
constraints of the program.
At the decision block of step 64 it is then determined whether the entire SSA
graph has been traversed, and if not, the compiler steps incrementally to the
next
code fragment by means of step 66. Otherwise, the phase is complete.
Variations on this technique would be clear to one skilled in the art.
8. Summary and Future Work
This report is devoted to measures of the resistance of data encodings. We
introduced a measure of encoding resistance in the encoded world as a measure
of
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-34-
uncertainty, that is, the number of possible solutions which can correspond to
the
observable encoded world. An attacker observing only operations in encoded
world
and inputs to encoded world (i.e., all encoded input data) cannot distinguish
between
any of the possible solutions, hence, the larger the number of corresponding
possible solutions, the more uncertainty and resistance of encoding.
It is important to note that such measures characterize the resistance of
encoding to an arbitrary attack (exhaustive search) which uses only
information from
the encoded world.
We have presented estimates of resistance of linear, residue and mixed
encodings for addition and multiplication, and shown that the maximal
resistance is
obtained with mixed encoding. More resistant schemes for performing
multiplication
in mixed encoding have also been shown.
We have estimated the resistance of computation of arbitrary multivariate
polynomial in mixed encoding and proposed several ways to increase the
resistance
of arbitrary computations in mixed encoding.
This report is preliminary and there are many possibilities for technical
improvements for some of the estimates presented.
The following observations will aid in the performance of future work:
1. Dependence of resistance on the algorithm
Resistance can depend on the algorithm, so it is desirable to find the most
resistant schemes of computations.
2. Multiple encodings
It is of interest to determine how to increase resistance of computations when
some variable x appears several times in a computation. One possible way is to
use
multiple encodings for x. We have used this method to estimate the resistance
of
arbitrary multivariate polynomial in mixed encoding.
Wide Applications
Tamper-resistant encoding in a manner of the invention has very wide
possible uses:
Protecting the innovation of a software algorithm. For example, if one wished
to sell software containing a new and faster algorithm to solve the linear
programming problem, one would like to sell the software without disclosing
the method.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-35-
2. Protecting the innovation of a software model. In hardware design, it is
common for vendors of ASIC cell libraries to provide precise software models
so that users can perform accurate system simulations. However, it would be
desirable to do so without giving away the actual cell design.
3. Wrapping behaviour together. Often, it is desirable to write some software
that will perform a function "A" if and only if an event "B" occurs. For
example, a certain function is performed only if payment is made.
4. Hiding secrets, such as adding encryption keys or electronic signatures
into a
program, so that the program can sign things and encrypt/decrypt things,
without leaking the key.
Clearly, there are other applications and combinations of. applications. For
example, an electronic key could be included in a decoder program and the
decoding tied to electronic payment, thereby providing an electronic commerce
solution.
While particular embodiments of the present invention have been shown and
described, it is clear that changes and modifications may be made to such
embodiments without departing from the true scope and spirit of the invention.
It is understood that as de-compiling and debugging tools become more and
more powerful, the degree to which the techniques of the invention must be
applied
to ensure tamper protection, will also rise. As well, the concern for system
resources
may also be reduced over time as the cost and speed of computer execution and
memory storage capacity continue to improve.
These improvements in system resources will also increase the attacker's
ability to overcome the simpler tamper-resistance techniques included in the
scope
of the claims. It is understood, therefore, that the utility of some of the
simpler
encoding techniques that fall within the scope of the claims, may
correspondingly
decrease over time. That is, just as in the world of cryptography, increasing
key- .
lengths become necessary over time in order to provide a given level of
protection,
so in the world of the instant invention, increasing complexity of encoding
will
become necessary to achieve a given level of protection.
As noted above, it is also understood that computer control and software is
becoming more and more common. It is understood that software encoded in the
manner of the invention is not limited to the applications described, but may
be
applied to any manner of the software stored, or executing.
CA 02448151 2003-11-24
WO 02/095546 PCT/CA02/00754
-36-
The method steps of the invention may be embodiment in sets of executable
machine code stored in a variety of formats such as object code or source
code.
Such code is described generically herein as programming code, or a computer
program for simplification. Clearly, the executable machine code may be
integrated
with the code of other programs, implemented as subroutines, by external
program
calls or by other techniques as known in the art.
The embodiments of the invention may be executed by a computer processor
or similar device programmed in the manner of method steps, or may be executed
by an electronic system which is provided with means for executing these
steps.
Similarly, an electronic memory means such computer diskettes, CD-Roms, Random
Access Memory (RAM), Read Only Memory (ROM) or similar computer software
storage media known in the art, may be programmed to execute such method
steps.
As well, electronic signals representing these method steps may also be
transmitted
via a communication network.
It would also be clear to one skilled in the art that this invention need not
be
limited to the existing scope of computers and computer systems. Credit,
debit,
bank and smart cards could be encoded to apply the invention to their
respective
applications. An electronic commerce system in a manner of the invention could
for
example, be applied to parking meters, vending machines, pay telephones,
inventory
control or rental cars and using magnetic strips or electronic circuits to
store the
software and passwords. Again, such implementations would be clear to one
skilled
in the art, and do not take away from the invention.
