Encrypted Computing Speed, Security and Provable Obfuscation against Insiders Peter T. Breuer Hecusys LLC Atlanta, GA Jonathan P. Bowen London South Bank University London, UK Esther Palomar Birmingham City University Birmingham, UK Zhiming Liu *,† Southwest University Chongqing, China Abstract—Over the past few years we have articulated theory that describes ‘encrypted computing’, in which data remains in encrypted form while being worked on inside a processor, by virtue of a modified arithmetic. The last two years have seen research and development on a standards-compliant processor that shows that near-conventional speeds are attainable via this approach. Benchmark performance with the US AES-128 flagship encryption and a 1GHz clock is now equivalent to a 433MHz classic Pentium, and most block encryptions fit in AES’s place. This summary article details how user data is protected by a system based on the processor from being read or interfered with by the computer operator, for those computing paradigms that entail trust in data-oriented computation in remote locations where it may be accessible to powerful and dishonest insiders. We combine: (i) the processor that runs encrypted; (ii) a slightly modified conventional machine code instruction set architecture with which security is achievable; (iii) an ‘obfuscating’ compiler that takes advantage of its possibilities, forming a three-point system that provably provides cryptographic ‘semantic security’ for user data against the operator and system insiders. I. I NTRODUCTION T HIS paper examines encrypted computing. That refers to a processor or other computing platform (a virtual machine, for example) that accepts encrypted inputs and produces encrypted outputs. The encrypted computing platform runs machine code programs in which the constants and possibly more are in encrypted form. A processor that supports en- crypted computing in principle is suited as a platform for remote computations in the cloud [1] on behalf of a user who wants an assurance that an insider in the computer room is unable to access the data being processed. The user will encrypt the program and the input data on their own machine and send them across the network to the server, which executes it and produces the encrypted results. Those are sent back to the user who decrypts them on their own machine. An analysis by van Dijk and Juels [2] shows that the goal of privacy and security of the user’s data in this situation is equivalent to the condition that data is cryptographically obfuscated [3] from the operator and operating system as adversary on the encrypted computing platform. Cryptographic obfuscation means that there is no determin- istic or statistical method that gives the operator or any other adversary on the platform an advantage in deciphering the data input to or produced by the user’s program at runtime. That ∗ Zhiming Liu wishes to thank the Chinese NSF for support from research grant 61672435, and Southwest University for research grant SWU116007. † Correspondence: Zhiming Liu, RISE, 2 Tiansheng Rd, Beibei, 400715 China. is as compared with the success that the attack would have if it were applied to a black box that produced the program’s (encrypted) outputs from its (encrypted) inputs by fiat, via absolutely no intermediate and/or internal computational states at all. Cryptographic obfuscation means that whatever the op- erator’s privileges are on the encrypted computing platform – they conventionally include unrestricted access to all processor registers and all memory locations at all times – they are of no advantage in cracking the encryption. If obfuscation works, being able to see the code and how it runs on the machine from step to step and being able to experiment with changing code and/or data affords no leverage to the operator. 1 So the question is if data can be cryptographically ob- fuscated from the operator and if the system for that is practical. The answer given here is ‘yes’. This paper describes a largely conventional processor that ‘works encrypted’ at near normal speeds and in which the operator has all the ordinary privileges, plus a machine code, and a compiler, such that the three together provably cryptographically obfuscate user data from the operator. The complete system constitutes a platform for remote encrypted computing that maintains the privacy and security of user data against other users and the operator to the maximum extent possible. 2 Its conventional aspect means that known techniques may be applied to make it work even faster in the future than the prototype already does. A toolchain and minimal operating system is already in place. 3 Although we do not seek to secure user data from physical probes, protection against the operator implies that some physical attacks, such as ‘cold boot’ (freezing the RAM sticks for later examination) [7], [8], [9] are prevented. The operator has access to RAM, so defending against the operator must 1 Cryptographic obfuscation cannot always stop an adversary. Barak et al. [4] exhibited functions that cannot be disguised one as another even with obfuscation, and therefore claimed that obfuscation is impossible in general. But those functions f (x) cannot be told from f (x+A)+B in the context described here, for any constants A, B – so even if what x is intended to mean can be guessed, it is not known what number represents it under the encryption. That leaves ‘wriggle room’ for cryptographic obfuscation to work in the present context, despite Barak et al.’s famous result. It may be attributed to (i) inputs and outputs are in encrypted form here, and (ii) the hardware makes available only nonstandard primitive arithmetic and logical operations. 2 Keys may be embedded at manufacture, as with Smart Card technologies [5] or introduced as needed via a Diffie-Hellman circuit [6] or equivalent that loads the key safely in public view. without revealing it to even the operator. 3 There is no compromise from running with the wrong key in the machine. A program compiled with the right key does not work and a program that works’ inputs and outputs are unwritable and unreadable. 978-1-5386-1585-0/17/$31.00 c 2017 IEEE