crypto question
Nelson Minar
nelson at monkey.org
Thu Mar 21 13:04:32 EST 2002
>Question. Is it possible to have code that contains a private encryption
>key safely?
As a practical matter, yes and no. Practically no, because any way you
hide the encryption key could be reverse engineered. Practically yes,
because if you work at it you can make the key hard enough to reverse
engineer that it is sufficient for your threat model.
This problem is the same problem as copy protection, digital rights
management, or protecting mobile agents from the computers they run
on. They all boil down to the same challenge; you want to put some
data on a computer you don't control but then restrict what can be
done with that data.
The digital rights management folks try to restrict the program that
uses the data; region-locked DVD players, digital music software that
obeys copyright restrictions (SDMI, etc), or the latest idea, having
an encrypted channel all the way to your speakers and monitor which
are secure tamper-proof devices. All of these schemes are defeatable,
but can be made quite difficult.
The mobile agent community has come up with some clever ideas on the
problem, but nothing that's a practical solution yet. The version here
is you want to run a program on a remote untrusted computer and you
want to prevent your computation from being subverted or stolen. It's
very hard, and my intuition was it'd be impossible, but in fact there
are some interesting thoeretical results that show it is possible, at
least in some limited domains.
I haven't followed this research recently, but here are some good
papers from a few years ago:
Towards Mobile Cryptography (1998)
Tomas Sander, Christian F. Tschudin
http://citeseer.nj.nec.com/167218.html
We present techniques how to achieve "non--interactive computing
with encrypted programs" in certain cases and give a complete
solution for this problem in important instances.
Protecting Mobile Agents Against Malicious Hosts
Tomas Sander, Christian F. Tschudin
http://citeseer.nj.nec.com/329367.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list