Obfuscation of Abstract Data-Types - Rowan
Obfuscation of Abstract Data-Types - Rowan
Obfuscation of Abstract Data-Types - Rowan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 3. TECHNIQUES FOR OBFUSCATION 54<br />
The pro<strong>of</strong> <strong>of</strong> an assertion for f O will require two cases (one for p(x) and one<br />
for ¬p(x)) and so to make an assertion obfuscation, we just have to insert a<br />
predicate. To prevent this, we require that each case in a definition gives rise<br />
to a different expression.<br />
At each stage <strong>of</strong> a pro<strong>of</strong>, we aim to use definitions and properties associated<br />
with the innermost operation. For instance, if we had an assertion<br />
f (g (h x))<br />
Then we first deal with h before we deal with g. This method will not always<br />
produce a minimal length pro<strong>of</strong> but will help in making our pro<strong>of</strong>s consistent.<br />
Where possible, we aim to use only one result at each stage so that we do not<br />
make pro<strong>of</strong>s shorter by using many results in the same stage. We should also<br />
ensure that at each stage, we make progress towards our goal. In particular, we<br />
should not have any cycles in our pro<strong>of</strong>s and so we insist that at each stage we<br />
do not have an expression that we have seen before (although we may use the<br />
same result many times).<br />
For our definition <strong>of</strong> obfuscation, we will not be concerned with syntactic<br />
properties such as the name <strong>of</strong> operations, the layout <strong>of</strong> operations and whether a<br />
definition uses standard operations (for example, head or foldr). For example, we<br />
do not make distinctions between guarded equations and (nested) conditionals.<br />
So we consider the following two expressions to be equivalent:<br />
f x ∣∣∣∣∣∣∣∣<br />
g 1 = s 1<br />
g 2 = s 2<br />
. . .<br />
otherwise= s n<br />
≡<br />
f x = if g 1 then s 1<br />
else (if g 2 then s 2<br />
· · ·<br />
else s n · · ·)<br />
The total number <strong>of</strong> results that a pro<strong>of</strong> takes may not be a detailed enough<br />
measure. For instance, suppose we have two pro<strong>of</strong>s: the first has one case and<br />
uses n results and the second has n cases each <strong>of</strong> which uses one result. Both<br />
<strong>of</strong> these pro<strong>of</strong>s use n results in total but is one pro<strong>of</strong> more complicated than<br />
the other? We propose that the first is more complicated as we claim that it<br />
is harder to do one long pro<strong>of</strong> than many short pro<strong>of</strong>s. Thus the number <strong>of</strong><br />
results used is not a satisfactory measure — we need to consider the “shape” <strong>of</strong><br />
a pro<strong>of</strong>.<br />
3.4 Pro<strong>of</strong> Trees<br />
How do we measure the shape <strong>of</strong> a pro<strong>of</strong>? We will compare pro<strong>of</strong>s by drawing<br />
pro<strong>of</strong> trees — using trees gives an indication <strong>of</strong> the “shape” <strong>of</strong> a pro<strong>of</strong>. Note<br />
that our style <strong>of</strong> pro<strong>of</strong> lends itself to producing pro<strong>of</strong> trees.<br />
From the last section, we consider a pro<strong>of</strong> to be a series <strong>of</strong> cases. Each case<br />
is proved using the derivational style where each stage is either a definition, a<br />
law or a property <strong>of</strong> an operation. This gives us a way <strong>of</strong> defining a grammar<br />
for pro<strong>of</strong> trees:<br />
Pro<strong>of</strong> =<br />
Case =<br />
Result =<br />
Seq Case<br />
Stage Case (Seq Result) | End<br />
Definition | Law | Pro<strong>of</strong>