[Cdn-DMCA] On the Sklyarov case

farrellj farrellj at stonehenge.pronym.org
Sat Apr 6 18:12:46 EST 2002 

On Sat, 6 Apr 2002, Kristofer Coward wrote:

> On Sat, Apr 06, 2002 at 04:14:50PM -0500, farrellj wrote:
> > 	The URL of the paper's abstract, and link to the Postscript version
> > of the paper is:
> >
> > http://www.wisdom.weizmann.ac.il/~boaz/Papers/obfuscate.html
>
> Excelent, now the assertion that software DRM ismathematically
> impossible can be properly cited and included in the list I started.

And just to let you know some of the "counter" arguments, here is the
unoffical response from the CTO of Cloakware:

"This is our CTO's unofficial response:

"First of all, let me state that my day job is CTO of
Cloakware (as mentioned in the post - the leader in
Tamper-Resistant Software, along with some other 2-bit
companies :-) This is actually jumping the gun on some
announcement that we are about to make (but those will be
mostly PR pieces that are of less interest to this audience).

"I like to make several points:
   - what the "(im)possibility" paper says
   - "we all know" does not mean its true
   - lots of other published works
   - resistance is not an absolute thing

"timothy has mis-understood the importance of the
"(im)possibility" paper. The breakthrough is that this is
the first real theoretical treatment of obfuscation. They
show that it is not possible to build a totally automated
system that is Really Secure (to vastly over-simplify, they
construct program that actively leaks a single bit and then
show that no obfuscation program can protect this program
against itself). This is really interesting but not directly
applicable to what we do - we work with our OEM customers to
help design the system, the protocol, the programs so that
all the pieces are working together; then we "cloak" the
critical pieces. (I spoke to some of the authors before the
conference, and many Big Names during Crypto'01; I think it
is fair to say that most knowledgeable people have this view).

"As to the "we all know" truism; it is clearly not true. Real
life examples abound - any old, large software system is
hard to fix since people don't understand the relations
between modules (i.e., the market for reverse-engineering
tools). These systems are Tamper-Resistant. The well know
IOCC (International Obfuscated C Contest) is another good
source of Tamper-Resistant programs. In a manner of
speaking, the goal of Cloakware is to achieve this
Tamper-Resistance on-demand, for easily maintained code.

"The "(im)possiblity" paper is breakthrough on the theory
side, but many other people (including us) have published on
the practical problems. Some names include Cohen, Collberg,
Forest, Wang, Knight. There are many schemes that are
reducible to various complexity classes, usually NP-complete
and we have one that is PSPACE-hard. All of these papers are
correct, there is no conflict.

"Lastly, "security" is not binary and has many different
attributes. Each application has its unique requirements.
For example, diplomatic files are protected for many decades
or centuries; a Britney Spear song probably needs only a few
months; real-time stock market quotes for 15 minutes.
Factors like Usability, Speed, Deployment are often more
important than raw security."


ttyl
     Farrell




--
For (un)subscription information, posting guidelines and
links to other related sites please see http://www.flora.org/dmca/

More information about the Discuss mailing list