Software protection and simulation on oblivious RAMs

Software protection is one of the most important issues concerning computer practice. There exist many heuristics and ad-hoc methods for protection, but the problem as a whole has not received the theoretical treatment it deserves. In this paper, we provide theoretical treatment of software protection. We reduce the problem of software protection to the problem of efficient simulation on oblivious RAM. A machine is oblivious if thhe sequence in which it accesses memory locations is equivalent for any two inputs with the same running time. For example, an oblivious Turing Machine is one for which the movement of the heads on the tapes is identical for each computation. (Thus, the movement is independent of the actual input.) What is the slowdown in the running time of a machine, if it is required to be oblivious? In 1979, Pippenger and Fischer showed how a two-tape oblivious Turing Machine can simulate, on-line, a one-tape Turing Machine, with a logarithmic slowdown in the running time. We show an analogous result for the random-access machine (RAM) model of computation. In particular, we show how to do an on-line simulation of an arbitrary RAM by a probabilistic oblivious RAM with a polylogaithmic slowdown in the running time. On the other hand, we show that a logarithmic slowdown is a lower bound.

[1]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[2]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[3]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[4]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[5]  Michael J. Fischer,et al.  Relations Among Complexity Measures , 1979, JACM.

[6]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[7]  Ronald L. Rivest,et al.  The Design and Analysis of Computer Algorithms , 1990 .

[8]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9]  Manuel Blum,et al.  Designing programs that check their work , 1989, STOC '89.

[10]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[11]  Manuel Blum,et al.  Checking the correctness of memories , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[12]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[13]  Michael Luby,et al.  Pseudo-random permutation generators and cryptographic composition , 1986, STOC '86.

[14]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[15]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[16]  Stephen T. Kent Protecting externally supplied software in small computers , 1980 .

[17]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[18]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[19]  Daniel R. Simon,et al.  Cryptographic defense against traffic analysis , 1993, STOC.

[20]  János Komlós,et al.  An 0(n log n) sorting network , 1983, STOC.

[21]  János Komlós,et al.  Halvers and Expanders , 1992, FOCS 1992.

[22]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[23]  János Komlós,et al.  Halvers and expanders (switching) , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[24]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[25]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.