An encrypted obfuscation scheme has six components: (1) a key generation algorithm, (2) a data encryption algorithm, (3) a data decryption algorithm, (4) an obfuscation algorithm, (5) a deobfuscation algorithm, and (6) a verification algorithm. The key generation algorithm creates a data encryption key, a data decryption key, an obfuscation key and a deobfuscation key. The obfuscation algorithm takes a plaintext algorithm and the obfuscation key as input and generates an obfuscated algorithm. The data encryption algorithm uses a plaintext and an encryption key as input and returns a ciphertext. The obfuscated algorithm takes this ciphertext as input and generates an output ciphertext. The decryption algorithm takes an output ciphertext and the decryption key and returns a plaintext. The obfuscation system is consistent if the plaintext is identical to the output of the original algorithm. The verification algorithm provides a confirmation that the system is consistent and the keys are correctly generated from the operation. For a fully end-to-end obfuscation configuration, the deobfuscation algorithm and deobfuscation key may not be generated. In a symmetric encrypted obfuscation scheme, the data encryption and decryption keys may be identical and the obfuscation and deobfuscation keys may also be identical. In an asymmetric scheme, also known as public key scheme system, the encryption and decryption keys may be different and the obfuscation and deobfuscation keys may also be different. In general, the decryption algorithm and decryption key operate on the output obfuscated algorithm (i.e., encrypted input data may not be converted into plaintext directly). The verification algorithm may be based on the generation of authentication tokens from a trusted party, or can be based on periodic polling.
An encryption obfuscation update scheme has three components, an update key generation algorithm, an obfuscation update algorithm, and a distribution algorithm. The update key generation algorithm creates data encryption update key, data decryption update key, obfuscation update key and deobfuscation update key. The obfuscation update algorithm uses an encrypted obfuscated algorithm as input and creates a new encrypted obfuscated algorithm. The key distribution algorithm takes an encryption key, a decryption key, an encryption update key, and a decryption update key as input and returns a new encryption key and a new decryption key.
While these types of traditional obfuscation convert programs into an unintelligible form, they still release the output of the program in the clear as the decryption of the data is performed first and then obfuscated algorithm operates on plaintext. The resulting plaintext output must be encrypted final output. Accordingly, a need exists for new methods, systems, and devices for encrypted obfuscation wherein an adversary is prevented from retrieving any information related to the inputs, outputs and/or types of computation.