An Obfuscating C Compiler for Encrypted Computing

TL;DR

This paper introduces an obfuscating C compiler designed for encrypted computing environments, ensuring consistent runtime traces while data remains encrypted and varies unpredictably, enhancing security against adversaries.

Contribution

It presents a novel compiler that produces consistent obfuscated code for encrypted processors, maintaining data confidentiality and trace uniformity across recompilations.

Findings

Runtime traces are consistent across recompilations.

Data beneath encryption can vary arbitrarily.

Supports arbitrary interpretations of encrypted inputs and outputs.

Abstract

This paper describes an `obfuscating' C compiler for encrypted computing. The context consists of (i) a processor that `works encrypted', taking in encrypted inputs and producing encrypted outputs while the data remains in encrypted form throughout processing, and (ii) machine codes that support arbitrary interpretations of the encrypted input and outputs from each instruction, as far as an adversary who does not know the encryption can tell. The compiler on each recompilation of the same source generates object code of the same form for which the runtime traces have the same form, but the data beneath the encryption may arbitrarily differ from nominal at each point in the trace, independently so far as the laws of computation allow.