Cryptographic Breakthrough on iO Said to be a ‘Crown Jewel’ for Security 

Hiding the functionality of code running remotely to protect it from hackers is the breakthrough seen by cryptographers as the “crown jewel’ of cybersecurity. (Credit: Getty Images) 

By AI Trends Staff 

A team of scientists has achieved what one account referred to as “the crown jewel of cryptography” with a breakthrough in a technique studied for many years. 

The technique of “indistinguishability obfuscation”iOis a low-level cryptographic algorithm that hides the implementation of a program while still allowing users to run it.   

Our top math geniuses point to iO as a cornerstone needed to unleash the full potential of artificially intelligent (AI) programs running across highly complex and dynamic cloud platforms, soon to be powered by quantum computers,” states a recent account in SecurityBoulevard written by Pulitzer Prize-winning business journalist Byron V. Acohido. “Simply put, iO must be achieved in order to preserve privacy and security while tapping into the next generation of IT infrastructure.” 

The future in automation is driverless ground transportation, green cities that optimize energy usage and self-improving medical treatments. But to get there, these next-generation, AI-dependent systems need to run securely and in ways that preserve individual privacy.  

Dr. Amit Sahai, professor of computer science at the UCLA Samueli School of Engineering

While iO is the consensus solution, to date it has been the missing piece. Achohido recently spoke with Dr. Tatsuaki Okamoto, director of NTT Research’s Cryptography and Information Security Lab, and Dr. Amit Sahai, professor of computer science at the UCLA Samueli School of Engineering. NTT Research sponsored research led by Sahai that has recently resulted in an iO milestone.  

Drawing an analogy to the human brain, Sahai said to consider what would happen if a mind reader could not only see everything stored in your brain but also could tinker with your synapses and manipulate your critical thinking.  

Ability for Hackers to Alter Remote Code is Today’s ‘Core Security Challenge’  

The software programs running digital services are the equivalent of human critical thinking. “It’s currently trivial for a proficient hacker to remotely access and alter just about any piece of software coding,” Acohido wrote, adding, “This is the core security challenge companies face defending their business networks.” 

As the move to cloud infrastructure and IoT systems marches on, the risks increase. Sahai stated, “Sending your program out to an untrusted cloud to be executed raises the stakes even more.”  

Huijia Rachel Lin, associate professor, the University of Washington’s Paul G. Allen School of Computer Science & Engineering

iO promises to render software coding unintelligible while preserving its function. The first iO theories date to the 1970s and have been viewed as unsolved problems. Sahai’s team, which included Aayush Jain, a UCLA graduate student, and Huijia Rachel Lin, an associate professor at the University of Washington’s Paul G. Allen School of Computer Science & Engineering—puts us one step closer to a working iO prototype, Acohido wrote. 

“We are still at a very early stage here,” Sahai stated. “For the first time, we can prove that reverse engineering the software is as hard as solving certain standing conjectures in mathematics.”  

Urgency is high to deliver new tools commercially that can deepen cybersecurity and reinforce privacy. Cloud and mobile computing continue to accelerate; our reliance on IoT systems and 5G networks is rising. The race is on to extend AI-enabled automation services, soon to be further enabled by quantum computers. 

In this environment, telecom giant NTT Corp. of Tokyo chose to open NTT Research in Silicon Valley in July 2019 and begin to recruit top scientists and researchers. NTT funded its US research lab with a portion of its $3.6 billion budget.   

“Our labs only conduct basic research,” Okamoto told Acohido. “We do not require any contributions to any of NTT’s business. We focus on basic research.” 

All attempts to build practical obfuscators have failed to date. “The ones that have come out in real life are ludicrously broken,… typically within hours of release into the wild,” stated Sahai in a recent account in Quantamagazine  

“It really is kind of the crown jewel” of cryptographic protocols, stated Rafael Pass of Cornell University. “Once you achieve this, we can get essentially everything.”  

Lin in 2016 began to research a way to overcome the weaknesses of iO. Several years ago, she joined forces with Jain and Sahai to work on a new technique. “We were stuck for a very, very long time,” Lin stated. Eventually, they arrived at a technique“the pseudo-randomness generator”that  expands a string of random bits into a longer string that can fool computers. This is what is described in the new paper and results in an iO protocol that avoids the security weaknesses of the previous approaches.   

“Their work looks absolutely beautiful,” stated Pass. 

Schneier Sees iO Breakthrough as ‘Not Remotely Close to Being Practical’ 

A sobering thought was offered on the blog of Bruce Schneier, a cryptographer who works at the intersection of security, technology and people, Schneier on Security. Author of a number of books, he lectures at Harvard’s Kennedy School of Government and is chief of security architecture at Inrupt  

This is a pretty amazing theoretical result, and one to be excited about. We can now do obfuscation, and we can do it using assumptions that make real-world sense,” Schneier stated of the breakthrough on iO.   

“But—and this is a big one—this result is not even remotely close to being practical. We’re talking multiple days to perform pretty simple calculations, using massively large blocks of computer code,” Schneier stated. “And this is likely to remain true for a very long time. Unless researchers increase performance by many orders of magnitude, nothing in the real world will make use of this work anytime soon.” 

Another view of this is that the iO breakthrough from Jain, Lin, and Sahai will inspire more researchers into the field to work on making the scheme and to develop new approaches, suggested the account in Quantamagazine. Researcher Yuval Ishai of the Technion in Haifa, Israel, stated, “Once you know that something is possible in principle, it makes it psychologically much easier to work in the area.”  

Read the source articles in SecurityBoulevard,  Quantamagazine and Schneier on Security.