Compiling for Encrypted Computing: Obfuscation but Not in Name
share
Encrypted computing is the emerging science and technology of processors that take encrypted inputs to encrypted outputs via encrypted intermediates (at nearly conventional speeds). The aim is to make user data in general-purpose computing secure against the operator and operating system as potential adversaries. A stumbling block has always been that memory addresses are data and good encryption means the encrypted value varies randomly, and that makes hitting any target in memory problematic without address decryption, but decryption anywhere on the memory path would open up many easily exploitable vulnerabilities. This paper `solves compilation' for processors without address decryption, covering all of ANSI C while satisfying the required security properties and opening up encrypted computing for the standard software toolchain and infrastructure. An `obfuscation' for this context is quantified exactly, leading to an argument that security against polynomial-time attacks has been achieved for user data, with or without encryption.
READ FULL TEXT