Imagine trying to throw a dart at a bullseye that\u2019s 200 feet away with only your bare hands. Now, add a blindfold to the equation. Theoretically, it might be possible. But practically, it’s pretty much impossible\u2014about the same odds as trying to break a new form of software protection called indistinguishability obfuscation.<\/p>\n\n\n\n
Indistinguishability obfuscation\u2014similar in nature to a technology IBM has patented called homomorphic encryption\u2014is one of the possible futures of cryptography. The main idea behind it is relatively straightforward: through some arcane math, a team of six cryptography experts have figured out that it\u2019s possible to mask code, making it nearly impenetrable to hacks, while at the same time still being possible to run as useful software.<\/p>\n\n\n\n
\u201cTraditional encryption is about securing data,\u201d said Dr. Dan Boneh, an encryption expert at Stanford. \u201cObfuscation is about securing software\u2014a very different notion than encryption.\u201d<\/p>\n\n\n\n
The obfuscator works like this. A developer would code a piece of software, and then for added security, run it through a typical garbler, as most commercial software is these days. Following that, the developer would run the garbled software through the indistinguishability obfuscator\u2014think of it kind of like an encryption application.<\/p>\n\n\n\n
\u201cIt means that I will be able to give you the code, but you won\u2019t be able to learn how it\u2019s constructed, or about any thing I wish to keep a secret within it.”<\/h3><\/blockquote>\n\n\n\n
The obfuscator takes a part the garbled code and mixes random elements together in such a way that when the obfuscated program is run in its intended fashion, the randomness is negated, and the intended output is generated. If the program is told to do something other than what its designer intended, it won\u2019t work.<\/p>\n\n\n\n
\u201cIt means that I will be able to give you the code, but you won\u2019t be able to learn how it\u2019s constructed, or about any thing I wish to keep a secret within it,\u201d Boneh said.<\/p>\n\n\n\n
Today most closed source code is obfuscated to some degree\u2014not directly accessible to prying eyes. But, such code is nearly always hackable given enough resources, cryptography expert Dr. Zachary Peterson told me over the phone. And online, most code is openly embedded in web pages, and can be easily studied. That\u2019s why being able to use indistinguishability obfuscation to create \u201cblack box\u201d software is a breakthrough.<\/p>\n\n\n\n
Dr. Amit Sahai\u2014one of the researchers who made the breakthrough, and who has been working on the obfuscation for 17 years\u2014took pains to explain that despite catchy headlines, the claim obfuscation would make software \u201cunhackable\u201d isn\u2019t accurate. The reality is that it still would be possible to crack\u2014just that with current technology it would be damn hard.<\/p>\n\n\n\n
\u201cYou might get lucky and hit the dart board, it\u2019s just a hell of a lot harder,” he said. (The dart board thing was my metaphor, but Sahai said it was a good one so we sort of talked around it.)<\/p>\n\n\n\n
It\u2019s important to note that right now this new form of software obfuscation is completely impractical to use, Sahai said. It would take weeks, or months to receive a meaningful result from querying an obfuscated program. That\u2019s mostly because of computing power, and the incredibly complex calculations necessary to run obfuscated code.\u200b<\/p>\n\n\n\n
\u201cWe have the first mathematical approach,\u201d he said, \u201cThis isn\u2019t coming in the next couple of years to say the least.\u201d<\/p>\n\n\n\n