Microsoft, Apple, and every maker of mobile and desktop apps on the planet all have a problem: The moment they issue a security “patch,” or an update to their software designed to plug a hole that could be exploited by hackers, those same hackers work feverishly to reverse-engineer that patch in order to figure out what vulnerability it’s designed to stop. Armed with that knowledge, malicious hackers can then attack whatever PCs, servers or mobile phones have yet to update their software with the new patch.
“It can take days or months for a patch to reach most of the vulnerable machines,” says Amit Sahai, a professor of computer science at UCLA. And while this wasn’t specifically the problem Sahai set out to solve when he embarked on his latest research in cryptography, it’s one of the many potential implications of the ground-breaking work he and his team have just unveiled.
What Sahai and a team of researchers at UCLA, IBM Research, and UT-Austin have created is a method for encrypting software and running it in that encrypted state. In the past, researchers have known that it’s possible to encrypt messages (this is how all secure communication on the web, bank transactions, etc. work) but it was not known whether or not it was possible to encrypt software in a way that it could still run even without being decrypted. Sahai’s “mathematical jigsaw puzzle” approach accomplishes this and, he says, adds a whole new class of protectable secret to the world of cryptography.