JP4924177B2 - Program obfuscation device and program - Google Patents

Description

  The present invention relates to a technique for obfuscating a computer program by making it redundant.

Various program obfuscation techniques have been proposed to protect programs from malicious reverse engineering.
Obfuscation is a technique for increasing the analysis cost of a program by making the program redundant and converting it in a complicated manner.

One obfuscation method is an obfuscation method using an unclear conditional expression (Opaque Predicates) (see Non-Patent Documents 1 and 2). Opaque Predicates are conditional expressions used for obfuscation that are known to be true / false at run time.
Obfuscation using an obscure conditional expression (Opaque Predicates) means adding a true / false conditional branch to an obfuscated program using Opaque Predicates as a conditional expression to make the program redundant. This is an obfuscated technique. That is, by adding a true / false conditional branch that has no meaning as a process realized by the program, the program is made redundant to increase the analysis cost of the program.

FIG. 21 shows an example of a program to be obfuscated, and FIG. 22 shows an example in which obfuscation using Opaque Predicates is applied to the obfuscation target program.
The obfuscated program shown in FIG. 22 has a condition comprising a conditional expression a * (a-1) mod 2 == 1 and a conditional clause ++ a; at position p21 in the original program shown in FIG. It is generated by adding a branch 22.
Here, mod is an operation by a surplus calculation that returns the remainder when the left integer value is divided by the right integer value, for example, 7 mod 2 = 1. Further, ++ a is an operation for adding 1 to the value of a, and * is an operation for taking the product of two values.

In conditional branch 22, no matter what integer value a is, a * (a-1) is a multiple of 2. Therefore, the value of a * (a-1) mod2 is always 0, that is, a * (a-1) mod2 == 1 is a false Opaque Predicate. Therefore, the conditional clause ++ a; is never executed.
For this reason, while the meaning of the program of FIG. 21 and FIG. 22 does not change, since the program of FIG. 22 includes the redundant conditional branch 22, the analysis cost, that is, the meaning of the program, is greater than that of the program of FIG. The cost of understanding increases.
C. Collberg, C. Thomborson, and D. Low, `` Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs, '' Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pp.184--196, 1998 T. Ogiso, Y. Sakabe, M. Soshi and A. Miyaji, `` Software obfuscation on a theoretical basis and its implementation, '' IEEE Trans. Fundamentals, vol.E86-A, no.1, pp.176-- 186, January, 2003.

The obfuscation using conventional Opaque Predicates has a problem that even if the input to the program is changed, the truth value of the added Opaque Predicates does not change.
Therefore, an attacker who tries to analyze a program maliciously can invalidate the obfuscation using Opaque Predicates by performing frequency analysis on the program to which obfuscation is applied.
Here, the frequency analysis is an analysis method for observing a difference in output result or execution flow by giving a program a random input or executing the program after rewriting the program.

In the case of a conditional expression that can be considered normally, if the input value to the program is changed, its true / false value also changes at a certain rate. However, the truth value of Opaque Predicates does not change with any input. That is, the conditional clause of the conditional branch using Opaque Predicates is either always executed at any input or not always executed at any input.
Therefore, while changing the input value in the frequency analysis and observing the execution flow many times, the attacker can specify a conditional clause that is always executed / not always executed. As a result, obfuscation using Opaque Predicates is invalidated.

  The present invention has been made in view of the above-described conventional circumstances, and an object thereof is to apply obfuscation to a program, which is more resistant to a frequency analysis attack than conventional ones.

  The program obfuscation apparatus according to claim 1 is an input unit for inputting a program to be obfuscated, a conditional expression for dividing a value of a first variable in the program, and a value of the first variable divided for the case. A first conditional branch including a conditional clause that converts the value of the second variable in the program every time, and the first conditional branch in the entire range of possible values of the first variable in the first conditional branch. A second conditional branch including a conditional expression for dividing the value of the variable and a conditional clause for inversely converting the converted second variable value to the original value for each divided first variable value And generating means for generating the first conditional branch and the second conditional branch in a portion after the first and second variables exist in the program, and a determining means for determining a position to insert the first conditional branch and the second conditional branch The first conditional branch at a determined position in the program And inserting means for inserting a second conditional branch, and having a.

  The program obfuscation device according to claim 2 is the program obfuscation device according to claim 1, wherein the first conditional branch includes a first conditional expression union composed of a plurality of conditional expressions, and the second conditional branch includes a plurality of conditional expressions. The first conditional expression union and the second conditional expression union are the same and different sets.

  The program obfuscation device according to claim 3 is the program obfuscation device according to claim 1 or 2, wherein the determination means includes a program part in which the first and second variables are not operated after the position where the first conditional branch is inserted. The separated position is determined as a position where the second conditional branch is inserted.

  The program obfuscation apparatus according to claim 4 has calculation means for calculating the degree of correlation of a plurality of existing conditional branches in the obfuscation target program according to any one of claims 1 to 3, wherein the generation The means is characterized in that the first and second conditional branches are generated so that the degree of correlation is close to the calculated degree of correlation.

  The program obfuscation apparatus according to claim 5 is the program obfuscation apparatus according to any one of claims 1 to 4, wherein the determination unit includes the conditional expression included in the first conditional branch in the program to be obfuscated. It is characterized in that it is a conditional expression for dividing the value of the first variable into the whole range of possible values of the variable.

  A program obfuscation apparatus according to a sixth aspect is the program obfuscation apparatus according to any one of the first to fourth aspects, wherein the determining unit includes the conditional expression included in the first conditional branch in the program to be obfuscated. It is characterized in that it is a conditional expression for dividing the value of the first variable into cases within a partial range of possible values of the variable.

  The program obfuscation apparatus according to claim 7 is the program obfuscation apparatus according to any one of claims 1 to 6, wherein the generation unit uses the input variables to the obfuscation target program as the first and second variables. First and second conditional branches are generated.

  The program obfuscation device according to claim 8 is the program obfuscation device according to any one of claims 1 to 7, wherein the generation unit divides the first variable into cases according to a surplus calculation, and the first and second conditional branches. Is generated.

  The program obfuscation device according to claim 9 is the program obfuscation device according to any one of claims 1 to 7, wherein the generation unit divides the first variable into cases according to a hash function, and the first and second conditional branches. Is generated.

  A program obfuscation device according to claim 10 is characterized in that in any one of claims 1 to 9, the program obfuscation device has means for outputting a program in which the first conditional branch and the second conditional branch are inserted. .

  The obfuscation program according to claim 11 includes an input means for inputting a program to be obfuscated, a conditional expression for dividing a value of the first variable in the program, and a value of the first variable divided for each case. A first conditional branch including a conditional clause for converting the value of the second variable in the program, and the first variable in the entire range of possible values of the first variable in the first conditional branch. A second conditional branch including a conditional expression for dividing the value of the first variable and a conditional clause for inversely converting the value of the converted second variable into the original value for each value of the first variable divided according to the case; Generating means for generating the first conditional branch and the second conditional branch in a part after the first and second variables exist in the program; The first conditional branch at a determined position in the program; Characterized in that to realize an insertion means for inserting a second conditional branch, to the computer.

  According to the program obfuscation apparatus of claim 1, since the first conditional branch and the second conditional branch are inserted into the obfuscated program, it is more resistant to frequency analysis attacks than in the past. High obfuscation can be applied to the program.

  According to the program obfuscation apparatus of claim 2, the conditional expressions of the first conditional branch and the second conditional branch are inserted into the program to be obfuscated as a union, so that they are resistant to frequency analysis attacks. Higher obfuscation can be applied to the program.

  According to the program obfuscation apparatus of claim 3, since the first conditional branch and the second conditional branch are inserted at positions in the program to be obfuscated, they are more resistant to frequency analysis attacks. High obfuscation can be applied to the program.

  According to the program obfuscation apparatus of claim 4, since the first and second conditional branches have a degree of correlation close to a plurality of existing conditional branches in the obfuscated program, they are resistant to frequency analysis attacks. Higher obfuscation can be applied to the program.

  According to the program obfuscation apparatus of claim 5, the conditional expression included in the first conditional branch is classified in the entire range of possible values of the first variable in the obfuscated program. The second conditional branch is executed whenever the program is executed, and the program becomes redundant regardless of the value of the first variable, and obfuscation with higher tolerance can be applied to the program.

  According to the program obfuscation apparatus of claim 6, the conditional expression included in the first conditional branch is set to the value of the first variable within a partial range of values that can be taken by the first variable in the program to be obfuscated. Since the cases are divided, depending on the value of the first variable, the first and second conditional branches may not be executed even if the program is executed, and the intention to insert the first and second conditional branches is hidden instead. And obfuscation that is more resistant to frequency analysis attacks can be applied to the program.

  According to the program obfuscation apparatus of claim 7, since the first and second conditional branches are generated with the input variables to the obfuscation target program as the first and second variables, Obfuscation that is highly resistant to frequency analysis attacks can be applied to the program.

  According to the program obfuscation apparatus of claim 8, the first variable is divided into cases according to the surplus calculation and the first and second conditional branches are generated. Obfuscation with high tolerance can be applied to the program.

  According to the program obfuscation apparatus of claim 9, since the first variable is generated by dividing the first variable according to the hash function, compared to the conventional case, the frequency obfuscation attack is prevented. Obfuscation with high tolerance can be applied to the program.

  According to the program obfuscation apparatus of the tenth aspect, it is possible to output a program program that is highly resistant to a frequency analysis attack in which the first conditional branch and the second conditional branch are inserted.

  According to the obfuscation program of claim 11, a computer obfuscation apparatus that can apply obfuscation to a program that is more resistant to a frequency analysis attack than before is realized using computer hardware. Can do.

First, an example of a usage pattern of the program obfuscation apparatus according to the present invention will be described with reference to FIGS.
As shown in FIG. 3, the obfuscation apparatus 1 according to the present invention is used by a program developer, and the developer gives the developed program as an input to the obfuscation apparatus. The obfuscation apparatus 1 performs an obfuscation process according to the present invention on the input program and outputs an obfuscated program.

Since the obfuscation device does not change the meaning of the program itself when obfuscating the input original program, the operation of the input original program and the obfuscated program is the same.
However, since a redundant conditional branch is added to the obfuscated program, the analysis cost is higher than that of the original program.
The developer gives the obfuscated program to users who are physically separated. As a means for delivering, a method of providing via the Internet is conceivable, and another method is conceivable in which data is stored and delivered as data in a storage medium such as a CD-ROM.

As shown in FIG. 4, after the obfuscated program is delivered to the user, the developer possesses the original program and the obfuscated program, and the user possesses only the obfuscated program.
Since the functions of the original program and the obfuscated program are the same, the user can use the same function as the original program by the obfuscated program.
On the other hand, since the user does not have the original program, the obfuscated program must be analyzed in order to obtain confidential information (for example, information related to the license) of the original program. However, since the analysis cost of the obfuscated program is higher than the analysis cost of the original program, there is less chance of exposing the confidential information of the program as compared to the situation of handing the original program to the user.

FIG. 1 shows a configuration of a program obfuscation apparatus 1 according to an embodiment of the present invention.
The obfuscation apparatus 1 of this example includes an input unit 2 that inputs a program to be obfuscated, an obfuscation processing unit 3 that performs processing for obfuscating the input program, and an output that outputs the obfuscated program. And means 4. Further, the obfuscation processing means 3 includes an analysis means 5 for analyzing the input program for obfuscation, a conditional branch generation means 6 for generating a conditional branch for obfuscating the input program, and the input program. And an insertion means 7 for obfuscating by inserting a conditional branch.

The input unit 2 is an obfuscation device for an obfuscation target program, such as a unit for reading an obfuscation target program stored in a media storage medium such as a CDROM, or a unit for receiving the obfuscation target program via a communication line. Various means that can be incorporated into 1 can be used.
The obfuscation program according to the present invention can be installed in a computer operated by the developer to configure the obfuscation apparatus. In this case, the input unit 2 sends the created program from the program creation unit inside the computer. It may be a means for delivering to the obfuscation apparatus unit.

The output means 4 can output the obfuscated program from the obfuscation apparatus 1 such as a means for writing an obfuscated program to a media storage medium such as a CDROM, or a means for transmitting an obfuscated program via a communication line. Various means that can be used can be used.
The analysis means 5 analyzes the program to be obfuscated and determines the position in the program where the conditional branch for obfuscation is inserted. Specifically, the analysis means 5 has a first variable (a in the following example) and a second variable (b in the following example) used for conditional branching in the obfuscation target program. The position where the conditional branch is inserted is determined in the following part.

Here, in the following example, the first and second conditional branches (each set of conditional branches) are generated and inserted into the obfuscation target program, but the first and second conditional branches are inserted after the position where the first conditional branch is inserted. It is preferable to determine the position where the second conditional branch is inserted as a position separating program parts where the second variable is not operated. In other words, in order to make analysis by an attacker difficult, the first conditional branch and the second conditional branch are distributed in the program part where the first and second variables are not manipulated and placed in the program. Is preferred.
In the present invention, the first conditional branch and the second conditional branch may be arranged side by side in the program without being distributed and arranged in this way. The purpose of redundancy (obfuscation) by insertion is achieved.

The conditional branch generation unit 6 performs the obfuscation for each conditional expression that separates the value of the first variable (a in the following example) in the obfuscation target program and the value of the first variable that is divided in each case. The first conditional branch including a conditional clause for converting the value of the second variable (b in the following example) in the target program, and the entire range of possible values of the first variable in the first conditional branch And a conditional expression that separates the value of the first variable in each case and a conditional clause that reversely converts the converted value of the second variable into the original value for each case-separated value of the first variable. A second conditional branch is generated.
That is, in the first conditional branch, possible values of the first variable are divided into cases, and the value of the second variable is converted for each case. The first condition in the obfuscation target program The second conditional branch inserted after the branch is divided into cases in which the value of the first variable (a) is divided in the entire range of the first variable values divided in the first conditional branch. Each time the second variable value converted in the first conditional branch is converted back to the original value.

Here, the case division in the first conditional branch may be the entire range of values that the first variable can take, or a partial range of values that the first variable can take. For example, when the value that the first variable can take is 1 to 12, even if the range of the value of 1 to 12 is divided into four cases, or the range of the value that the first variable can take The case of dividing the range of the values of 3 to 10 into 4 may be used.
As described above, when the first variable in the first conditional branch is classified by the partial range of the possible values, when the first variable value is outside the divided range in the execution of the program, the first variable The conditional branch and the subsequent second conditional branch will be passed without being executed, but even if the conditional branch is not executed due to the first variable value in this way, the conditional branch is inserted into the program. By doing so, the purpose of redundancy (obfuscation) is achieved.

  Note that the case division in the second conditional branch needs to be the entire range of possible values of the first variable in the first conditional branch. That is, if the division is a partial range, the second variable converted for each case division in the first conditional branch may not be restored, and obfuscation is caused by the insertion of the conditional branch. The meaning of the selected program may be changed.

Here, in the following example, the first variable and the second variable are input variables to the obfuscation target program. However, in the present invention, any variable existing in the program before the first conditional branch is used. May be used to generate the first and second conditional branches.
Further, the analysis unit 5 of this example has a function of calculating the degree of correlation of a plurality of existing conditional branches in the obfuscation target program, and the generation unit 6 of this example has a degree of correlation close to the calculated degree of correlation. First and second conditional branches to be inserted into the program are generated so that

As shown in FIG. 2, the obfuscation apparatus 1 of this example includes a processor (CPU) 11, a ROM 12 storing a basic control program, a RAM 13 serving as a work area for processing the program according to the present invention, and an external input. Each of the functional units 2 to 7 is realized by a computer having an interface (I / O) 14 or the like for performing output, and the computer executing the obfuscation program according to the present invention. .
In the present invention, each of the functional units 2 to 7 may be realized by a dedicated hardware module.

FIG. 5 shows an example in which the program shown in FIG. 21 is obfuscated by the obfuscation apparatus 1 according to the present invention.
In this example, the generating means 6 generates the first conditional branch S and the second conditional branch T using the first and second variables as the input variables a and b of the obfuscation target program, and the inserting means 7 However, as shown in FIG. 21, the first conditional branch S and the second conditional branch T are moved to positions p20 and p21 at positions separated from the program part pp that does not operate the variables a and b in the obfuscation target program. Inserting.

The first conditional branch S includes a conditional expression if (a mod 2 == 0) for dividing the variable a by a surplus calculation and a conditional clause (b = 2 * b + 3) which is a reversible transformation function of the variable b. It is out. Further, the second conditional branch includes two conditional expressions if (a mod 4 == 0) and if (a mod 4 == 2) for dividing the variable a by surplus calculation, and the variable b for each of these cases. It includes two conditional clauses (b = (b−3) / 2) and (b = (b−3) / 2), which are inverse transformation functions for restoring the original values.
Here, in this example, the conditional expression in the first conditional branch corresponds to dividing the variable a into one case. When the variable a is divided into a plurality of cases, as in the second conditional branch T shown in FIG. 5, the conditional branch is a union consisting of a plurality of conditional expressions and conditional clauses corresponding to the respective conditional expressions. Will be included.

Obviously, in the obfuscated program shown in FIG. 5, if the conditional clause (b = 2 * b + 3) by the first conditional branch is executed, the second program part pp that does not operate the variable b is always separated. The conditional clause (b = (b−3) / 2) in the conditional branch is also executed.
Therefore, even if the first and second conditional branches are inserted, the value of the variable b is returned to the original value used in the original program, and these first and second conditional branches change the meaning of the program. do not do.

With reference to FIG. 6 and FIG. 7, a first example of processing executed by the obfuscation apparatus 1 of this example will be described with the program shown in FIG. 21 as an obfuscation target.
The feature of the present embodiment is that the conditional branch generation means 6 is composed of conditional expressions using a remainder calculation in order to generate conditional expressions respectively included in the first conditional branch S and the second conditional branch T. It is to generate union sets S ′ and T ′ having the same value as the union set and different conditional expressions as the set.
The obfuscation apparatus 1 in this embodiment performs processing according to procedures S61 to S66 as shown in FIG.

The input unit 22 receives the obfuscation target program as input, and the analysis unit 5 and conditional branch generation unit 6 determine the obfuscation target function (S61).
Specifically, the conditional branch generation means 6 appropriately selects the input variable a of the obfuscation target function, further appropriately selects an integer n of 2 or more, and uses this a and n to define the following conditional expression: A union set S ′, T ′ is generated (S62).
S ′ = {a mod 2 == 0, a mod 2 == 1}.
T ′ = {a mod 2 * n == 0, a mod 2 * n == 1, a mod 2 * n == 2 * n−2, a mod 2 * n == 2 * n−1} .

  Then, the conditional branch generation means 6 generates two reversible functions g1 and g2 (S63). Specifically, the variable b to be manipulated by g1 and g2 is appropriately selected from the obfuscation target functions, and the analysis unit 5 further inserts the obfuscation target program in the obfuscation target program (see p20 and p21 in FIG. 21). To decide. However, it is assumed that the variable b is not used between p20 and p21 (S64).

Then, the insertion means 7 inserts a conditional branch at the positions p20 and p21 as follows (S65).
As a set S of first conditional branches, a conditional branch {if (a mod 2 == 0) where (a mod 2 == 0) is a conditional expression, and a sentence in which the variable b is changed by the function g1 is a conditional clause {if (a mod 2 == 0) b = g1 (b)}, conditional branch {if (a mod 2 == 1) b = g2 (b) where (a mod 2 == 1) is a conditional expression and a statement that changes the variable b by the function g2 is a conditional clause )} At position p1.

  Further, as a set T of second conditional branches, (a mod 2 * n == 0), (a mod 2 * n == 2),..., (A mod 2 * n == 2 * n−2) are used. N conditional branches {if (a mod 2 * n == 0) b = g1 ′ (b)}, {if () where a conditional expression is a sentence that changes the variable b by the inverse function g1 ′ of g1. a mod 2 * n == 2) b = g1 ′ (b)},... {if (a mod 2 * n == 2 * n−2) b = g1 ′ (b)} and (a mod 2 * N == 1), (a mod 2 * n == 3),..., (A mod 2 * n == 2 * n−1) is changed by a conditional expression, and variable b is changed by an inverse function g2 ′ of g2. N conditional branches with a sentence as a conditional clause {if (a mod 2 * n == 1) b = g2 ′ (b)}, {if (a mod 2 * n == 3) b = g2 ′ (b )}, , {If (a mod 2 * n == 2 * n-1) b = g2 '(b)} to be inserted at the position p2, the output unit 4 outputs a program obfuscation (S66).

FIG. 7 illustrates a program obfuscated by this embodiment.
The program in FIG. 7 is an example in which obfuscation is applied to the function f00 in FIG. 21. When performing the above steps S61 to S66, parameters are defined in steps S62, S63, and S64 as follows.
In step S62, the input variable a of f00 is selected as the input variable a of the obfuscation target function, and 2 is selected as the integer n of 2 or more.
In step S63, g1 (x) = 2 * x + 3 and g2 (x) = 4 * x-5 are generated as the reversible functions g1 and g2.
In step S64, the variable b of f00 is selected as an operation target by g1 and g2, and p20 and p21 in f00 are selected as positions in the obfuscation target function (program).

The operation of the obfuscated program in FIG. 7 will be described.
Depending on whether the value of the variable a is a multiple of 2, one of the two conditional clauses (b = 2 * b + 3) and (b = 4 * b-5) of the first conditional branch set S is executed. Is done.
Assuming that the variable a is a multiple of 2, at this time, since the first conditional clause is executed, the value of the variable b changes to 2 * b + 3.
Then, when execution proceeds to the second conditional branch set T, it is assumed that the variable a is a multiple of 2. Therefore, the conditional expressions (a mod 4 == 0), (a mod 4 == 1), ( Of (a mod 4 == 2) and (a mod 4 == 3), either (a mod 4 == 0) or (a mod 4 == 2) is always true, and (a mod 4 == 1) and (a mod 4 == 3) are both false.

Regardless of whether (a mod 4 == 0) or (a mod 4 == 2) is true, (b = (b−3) / 2) is executed as a conditional clause. The value changes to (b-3) / 2, and the value of variable b returns to the original value.
Execution reaches the {return a + b;} statement, but since the value of the variable b has been restored, the value returned at this time is the same as the case of the program before obfuscation in FIG.
Even when the variable a is not a multiple of 2, similarly, the value of the variable b returns to the original value, so the value to be returned is the same as the case of the program before obfuscation in FIG.

Note that when generating a conditional branch in step S62, it may be based on the degree of correlation between any two conditional clauses originally included in the obfuscated program. Specifically, n may be selected according to procedures 1 and 2 described later.
Here, before showing procedure 1 and 2, the correlation degree between conditional clauses is demonstrated. In the program, it is assumed that there are two conditional branches {if (s1) h1} and {if (s2) h2} in the same block structure (see FIGS. 12 and 13). At this time, the degree to which the two conditional clauses h1 and h2 are simultaneously executed is defined as the correlation degree between h1 and h2. In the frequency analysis, the degree of correlation between h1 and h2 can be calculated by tracing the execution by giving an appropriate input to the program a sufficient number of times. For example, regarding the conditional branches {if (0 <a <= 100) h1} and {if (0 <a <= 50) h2} of the program of FIG. 14, what is the execution trace by changing the variable a randomly in the frequency analysis? As a result, a value sufficiently close to 0.5 is obtained as the degree of correlation between h1 and h21.

Procedures 1 and 2 are as follows.
Procedure 1: The correlation is obtained for any two conditional clauses originally included in the program, and the average value Q of the correlation is calculated. If the execution time of the program and the number of execution traces are both constants, the computational complexity order of this operation is at most O (k ^ 2) (k is the number of conditional clauses included in the obfuscated function).
Procedure 2: Then, select n satisfying 1 / n <= Q.

With reference to FIGS. 8-14, the 2nd Example of the process implemented with the obfuscation apparatus 1 of this example is described.
The feature of this embodiment is that the conditional branch generation means 6 includes conditional expressions using hash functions for generating conditional expressions respectively included in the first conditional branch S and the second conditional branch T. It is to generate union sets S ′ and T ′ having the same value as the union and different conditional expressions as the set.
The obfuscation apparatus 1 in this embodiment performs processing according to steps S81 to S86 as shown in FIG. The steps different from those in the first embodiment are S82 and S85.

In this embodiment, a hash function hash is used, and the return value of hash is 120 bits.
The input means 2 receives the obfuscation target program as input, and the analysis means 5 and conditional branch generation means 6 determine the obfuscation target function (S81). Specifically, the input variable a of the obfuscation target function is appropriately selected, and an integer n of 2 or more is appropriately selected. 'Is generated (S82). However, in the following, it is assumed that N = 2 ^ (120−n).

S ′ = {0 <= hash (a) <(2 ^ 120) / 2, (2 ^ 120) / 2 <= hash (a) <2 ^ 120}.
T ′ = {0 <= hash (a) <1 * N, 1 * N <= hash (a) <2 * N,..., (2 ^ n−2) * N <= hash (a) <(2 ^ N-1) * N, (2 ^ n-1) * N <= hash (a) <2 ^ n * N}.

Then, two reversible functions g1 and g2 are generated (S83). The variable b to be manipulated by g1 and g2 is appropriately selected from the obfuscation target functions, and the positions p1 and p2 in the obfuscation target function are determined. However, it is assumed that the variable b is not used in the program part pp between the positions p1 and p2 (S84).
Then, the insertion means 7 inserts the following conditional branches S and T at the positions p1 and p2 (S85), respectively, and the output means 4 outputs the obfuscated program (S86).

Conditional branch if (0 <= hash (a) <(2 ^ 120) / 2 of conditional expression union set S ′) is used as conditional branch S, and conditional sentence is a statement that changes b by g1. Hash (a) <(2 ^ 120) / 2 = g1 (b) = g1 (b) is inserted into p1.
Also, as conditional branch S, conditional branch if with (2 ^ 120) / 2 <= hash (a) <2 ^ 120 of conditional expression union S ′ as a conditional expression and a sentence that changes b by g2 as a conditional clause. ((2 ^ 120) / 2 <= hash (a) <(2 ^ 120) b = g2 (b) is inserted into p1.

As conditional branch T, 0 <= hash (a) <1 * N, 1 * N <= hash (a) <2 * N,..., (2 ^ (n−1)) * of conditional expression union T ′ N conditional branches if (0 <0) where N <= hash (a) <(2 ^ (n−1) +1) * N is a conditional expression, and b is a conditional clause that is changed by an inverse function g1 ′ of g1. = Hash (a) <1 * N) b = g1 ′ (b), if (1 * N <= hash (a) <2 * N) b = g1 ′ (b),..., If ((2 ^ ( n-1)) * N <= hash (a) <(2 ^ (n-1) +1) * N) b = g1 '(b) is inserted into p2.
As the conditional expression T, (2 ^ (n−1) +1) * N <= hash (a) <(2 ^ (n−1) +2) * N of the conditional expression union T ′, (2 ^ (n− 1) +2) * N <= hash (a) <(2 ^ (n-1) +3) * N, ..., (2 ^ n-1) * N <= hash (a) <(2 ^ n) * N conditional branches if ((2 ^ (n-1) +1) * N <= hash (a) <() where N is a conditional expression and b is a conditional clause that is changed by an inverse function g2 ′ of g2. 2 ^ (n-1) +2) * N) b = g2 '(b), if ((2 ^ (n-1) +2) * N <= hash (a) <(2 ^ (n-1) +3) * N) b = g2 ′ (b),..., If ((2 ^ n−1) * N <= hash (a) <(2 ^ n) * N) b = g2 ′ (b) is p2 Insert into.

FIG. 9 shows an example of a program obfuscated by this embodiment. The program in FIG. 9 is an example in which obfuscation is applied to the function f00 in FIG.
12 to 14 show other examples in which two conditional branches are inserted.

When performing the above steps S81 to S86, parameters are determined as follows in steps S82, S83, and S84, respectively.
In step S82, the input variable a of f00 is selected as the input variable a of the obfuscation target function, and 2 is selected as the integer n of 2 or more.
In step S83, g1 (x) = 2 * x + 3 and g2 (x) = 4 * x-5 are generated as the reversible functions g1 and g2.
In step S84, the variable b of f00 is selected as the operation target by g1 and g2, and p20 and p21 in f00 are selected as the positions p1 and p2 in the obfuscation target function.
Similar to the program of FIG. 7, this program operates in the same manner as FIG.

In the second embodiment, as in the first embodiment, when n is selected in step S82, the following steps 1 and 2 may be followed. This procedure is the same as the procedures 1 and 2 shown in the first embodiment.
Procedure 1: The correlation is obtained for any two conditional clauses originally included in the program, and the average value Q of the correlation is calculated. If the program execution time and the number of execution traces are both constants, the computational complexity order of this operation is at most O (k ^ 2) (k is the number of conditional clauses included in the obfuscated function).
Procedure 2: Select n satisfying 1 / n <= Q.

  Here, in the first and second embodiments, the conditional expression included in the first conditional branch S is the first variable a in the entire range of possible values of the first variable a in the obfuscated program. However, in the present invention, the value of the first variable a may be divided into a partial range of possible values of the first variable a.

Specifically, in the second embodiment, as shown in FIG. 10A in the first conditional branch S, the range of values A 2 and the range B of which the value range 2 ^ 120 that the variable a can take is equally divided. In the second conditional branch T, as shown in FIG. 10B, the range of values 2 ^ 120 that the variable a can take is divided into C to F divided into four equal parts.
In contrast, in the present invention, in the first conditional branch S, as shown in FIG. 11, a part of the range of values that can be taken by the variable a (part excluding X and Y) is divided, and this case is divided. The value of the variable a in the range may be divided according to the second conditional branch T. In this case, when the value of the variable a is in a range (X range and Y range) that is not classified by the first conditional branch in the execution of the program, the inserted first and second conditional branches are passed. However, this also provides the obfuscation effect by making the program redundant.

With reference to FIG. 15 and FIG. 16, a third embodiment of the process performed in the obfuscation apparatus 1 of this example will be described.
The obfuscation apparatus 1 in this embodiment performs processing according to steps S151 to S156 as shown in FIG.
The feature of this embodiment is that the union S ′, T ′ of the conditional expressions generated using the input variable a in step S152 does not cover all the conditions that the variable a can take, and the function g1 in step S155. When a sentence that returns the change of the variable b by g1 is inserted by the inverse function g1 ′, a sentence that is syntactically different from b = g1 ′ (b) but semantically equivalent is inserted.

The input unit 2 receives the obfuscation target program as input, the analysis unit 5 and the conditional branch generation unit 6 determine the obfuscation target function (S151), appropriately select the input variable a of the obfuscation target function, An integer n of 2 or more is appropriately selected, and the unions S ′ and T ′ of conditional expressions defined below are generated using a and n (S152).
S ′ = [a mod 2 == 0]
T ′ = [a mod 2 * n == 0,..., A mod 2 * n == 2 * n−2]

And the reversible function g1 is produced | generated by the analysis means 5 and the conditional branch production | generation means 6 (S153). The variable b to be manipulated by g1 is appropriately selected from the obfuscation target functions, and the positions p1 and p2 in the obfuscation target function are determined. However, a and b are not used between p1 and p2 (S154).
Then, the insertion unit 7 inserts the following conditional branch at the positions p1 and p2 (S155), and the output unit 4 outputs the obfuscated program (S156).

Specifically, as the first conditional branch set S, a conditional branch if (a mod) in which a mod 2 == 0 of the conditional expression union S ′ is a conditional expression, and a sentence in which b is changed by the function g1 is a conditional clause. 2 == 0) and b = g1 (b) are inserted into p1.
As a second conditional branch set T, a mod 2 * n == 0, a mod 2 * n == 2,..., A mod 2 * n == 2 * n-2 of the conditional expression union T ′ A statement z1, equivalent to a statement that changes the expression b by the inverse function g1 ′ of g1,..., N conditional branches if (a mod 2 * n == 0) z1, if (a mod 2 * n == 2) z2,..., If (a mod 2 * n == 2 * n-2) zn is inserted into p2.

FIG. 16 shows an example of a program obfuscated by this embodiment. Note that the program in FIG. 16 is an example in which obfuscation is applied to the function f00 in FIG.
When performing the above steps S151 to S156, parameters are determined as follows in steps S152, S153, S154, and S155, respectively.
In step S152, the input variable a of f00 is selected as the input variable a of the obfuscation target function, and 2 is selected as the integer n of 2 or more.
In step S153, g1 (x) = 8 * x + 2 is generated as the reversible function g1.

In step S154, the variable b of f00 is selected as the operation target by g1, and p2020p21 in f00 is selected as the positions p1 and p2 in the obfuscation target function.
In step S1555, sentences z1 and z2 equivalent to a sentence in which b is changed by the inverse function g1 ′ of g1 are selected as follows.
z1 = {b = b-2; b = b / 8;}
z2 = {b = b-3; b = b + 1; b = b / 8;}

The program of FIG. 16 performs the same operation as that of FIG.
Also in this embodiment, similarly to the first embodiment, when n is selected in step S152, the following steps 1 and 2 may be followed. This procedure is the same as the procedures 1 and 2 shown in the first embodiment.
Procedure 1: The correlation is obtained for any two conditional clauses originally included in the program, and the average value Q of the correlation is calculated. If the execution time of the program and the number of execution traces are both constants, the computational complexity order of this operation is at most O (k ^ 2) (k is the number of conditional clauses included in the obfuscated function).
Procedure 2: Select n satisfying 1 / n <= Q.

With reference to FIGS. 17 and 18, a fourth embodiment of the process performed by the obfuscation apparatus 1 of this example will be described.
The obfuscation apparatus 1 in the present embodiment performs processing according to steps S171 to S176 as shown in FIG.
The feature of this embodiment is that a plurality of variables are manipulated in the conditional clause to be inserted. Specifically, the reversible variables g1 and g2 generated in step S173 each have two inputs and outputs, and in step S174, two variables (b, c) to be operated are selected.

The input means 2 receives the program as input, the analysis means 5 and the conditional branch generation means 6 appropriately select the input variable a of the obfuscation target function, appropriately select the integer n above 2, and use this a and n to A union set S ′ and T ′ of the conditional expressions defined by is generated (S172).
S ′ = [a mod 2 == 0, a mod 2 == 1].
T ′ = [a mod 2 * n == 0, a mod 2 * n == 1, ... a mod 2 * n == 2 * n-2, a mod 2 * n == 2 * n-1] .

Then, the analyzing means 5 and the conditional branch generating means 6 generate reversible functions g1 and g2 having two inputs (S173), and appropriately select variables b and c to be manipulated by g1 and g2 from the obfuscated functions. Further, positions p1 and p2 in the obfuscation target function are determined. However, a, b, and c are not used between p1 and p2 (S174).
Then, the insertion unit 7 inserts the following conditional branch at the positions p1 and p2 (S175), and the output unit 4 outputs the obfuscated program (S176).

As a first conditional branch set S, a conditional branch if (a mod 2 ==) where a mod 2 == 0 of the conditional expression union S ′ is a conditional expression, and a statement that changes b and c by the function g1 is a conditional clause. 0) (b, c) = g1 (b, c); is inserted into p1.
Further, as the first conditional branch set S, a conditional branch if (a mod 2 =) in which conditional expression is a mod 2 == 1 of the conditional expression union set S ′, and a conditional clause is a sentence in which b and c are changed by g2. = 0) (b, c) = g2 (b, c);

Further, as the second conditional branch set T, a mod 2 * n == 0, a mod 2 * n == 2, ..., a mod 2 * n == 2 * n-2 of the conditional expression union T ′ Is a conditional expression, and b and c are conditional branches if (a mod 2 * n == 0) (b, c) = g1 ′ (b, c) ;, if (a mod 2 * n == 2) (b, c) = g1 '(b, c) ;, ..., if (a mod 2 * n == 2 * n-2) (b, c) = g1 ′ (b, c); is inserted into p2.
In addition, as the second conditional branch set T, a mod 2 * n == 1, a mod 2 * n == 3,..., A mod 2 * n == 2 * n−1 of the conditional expression union T ′. Is a conditional expression, and b, c are conditional statements if (a mod 2 * n == 1) (b, c) = g2 ′ (b, c) ;, if (a mod 2 * n == 3) (b, c) = g2 ′ (b, c);, ..., if (a mod 2 * n == 2 * n−1) (b, c) = g2 ′ (b, c); is inserted into p2.

FIG. 18 shows an example of a program obfuscated by this embodiment. The program in FIG. 18 is an example in which obfuscation is applied to the function f00 in FIG.
When performing the above steps S171 to S176, the parameters are determined as follows in steps S172, S173, and S174, respectively.
In step S172, the input variable a of f00 is selected as the input variable a of the obfuscation target function, and 2 is selected as the integer n of 2 or more.
In step S173, reversible functions g1 and g2 having a plurality of inputs, g1 (x, y) = (2 * x + 3, 5 * y + 4), g2 (x, y) = (4 * x−5, 6 * y + 7) Is generated.
In step S174, variables b and c of f00 are selected as the operation targets by g1 and g2, and p20 and p21 in f00 are selected as positions p1 and p2 in the obfuscation target function.

The program of FIG. 18 performs the same operation as that of FIG. 21 in the same manner as the program of FIG.
In the present embodiment, similarly to the first embodiment, the following procedures 1 and 2 may be performed when selecting n in step S172. This procedure is the same as the procedures 1 and 2 shown in the first embodiment.
Procedure 1: The correlation is obtained for any two conditional clauses originally included in the program, and the average value Q of the correlation is calculated. If the program execution time and the number of execution traces are both constants, the computational complexity order of this operation is O (k ^ 2) at most (k is the number of conditional clauses included in the obfuscated function).
Procedure 2: Select n satisfying 1 / n <= Q.

With reference to FIG. 19 and FIG. 20, a fifth example of the process performed by the obfuscation apparatus 1 of this example will be described.
The obfuscation apparatus 1 in the present embodiment performs processing according to steps S191 to S196 as shown in FIG.
In each of the above-described embodiments, a conditional expression union S ′ composed of a plurality of conditional expressions and a conditional expression condition that is equivalent to the conditional expression union S ′ but different from the conditional expressions included in the conditional expression union S ′. The expression union T ′ and a plurality of reversible functions are used. In addition to this, the feature of this embodiment is equivalent to the conditional expression union S ′ (and the conditional expression union T ′). Is that a conditional expression union U ′ having different conditional expressions from the conditional expressions included in the conditional expression union S ′ and the conditional expressions included in the conditional expression union T ′ is used.
The obfuscation apparatus 1 in this embodiment performs processing according to procedures S191 to S196 as shown in FIG.

The input unit 2 receives a program as input, the analysis unit 5 and the conditional branch generation unit 6 determine an obfuscation target function (S191), appropriately select an input variable a of the obfuscation target function, an integer k of 2 or more, n is appropriately selected, and a set S ′, T ′, U ′ of the following conditional expressions is generated by using a, k, n (S192).
S ′ = [a mod 2 == 0, a mod 2 == 1].
T ′ = [a mod 2 * k == 0, a mod 2 * k == 1, ..., a mod 2 * k == 2 * k-2, a mod 2 * k == 2 * k-1] .
U ′ = [a mod 2 * n == 0, a mod 2 * n == 1,..., A mod 2 * n == 2 * n-2, a mod 2 * n == 2 * n−1] .

Then, the analysis means 5 and the conditional branch generation means 6 generate reversible functions g1 and g2 (S193), and appropriately select the variable b to be manipulated by g1 and g2 from the obfuscation target functions. Positions p1, p2, and p3 are determined (S194). However, it is assumed that the variables a and b are not used between any of the three positions p1, p2, and p3.
Then, the insertion means 7 inserts the following conditional branch sets S, T, U into the positions p1, p2, p3 (S195), and the output means 4 outputs the obfuscated program (S196).

  In the following description, g11 ′ and g12 ′ are functions satisfying g1 ′ (x) = g12 ′ (g11 ′ (x)) (g1 ′ is an inverse function of g1). Further, g21 ′ and g22 ′ are functions satisfying g2 ′ (x) = g22 ′ (g21 ′ (x)) (g2 ′ is an inverse function of g2).

As a first conditional branch set S, a conditional branch if (a mod 2 == 0) in which a mod 2 == 0 of the conditional expression union S ′ is a conditional expression, and a sentence in which b is changed by g1 is a conditional clause, b = g1 (b); is inserted into position p1.
As the first conditional branch set S, a conditional branch if (a mod 2 == 0) in which a mod 2 == 1 of the conditional expression union set S ′ is a conditional expression, and a sentence in which b is changed by g2 is a conditional clause, b = g2 (b); is inserted at position p1.

As the second conditional branch set T, a mod 2 * k == 0, a mod 2 * k == 2,..., A mod 2 * k == 2 * k−2 of the conditional expression union T ′ If (a mod 2 * k == 0), b = g11 ′ (b); if (a mod 2 * k ==), where the conditional expression is a statement that changes b by function g11 ′. 2), b = g11 ′ (b);..., If (a mod 2 * k == 2 * k−2), b = g11 ′ (b);
As a second conditional branch set T, a mod 2 * k == 1, a mod 2 * k == 3,..., A mod 2 * k == 2 * k−1 of the conditional expression union T ′ K conditional branches if (a mod 2 * k == 1), b = g21 ′ (b); if (a mod 2 * k ==), where a conditional clause is a sentence in which b is changed by the function g21 ′. 3), b = g21 ′ (b);.., If (a mod 2 * k == 2 * k−1), b = g21 ′ (b); are inserted at position p2.

As a third conditional branch set U, a mod 2 * n == 0, a mod 2 * n == 2,..., A mod 2 * n == 2 * n−2 of the conditional expression union set U ′ N conditional branches if (a mod 2 * n == 0), b = g12 ′ (b) ;, if (a mod 2 * n = = 2), b = g12 ′ (b);..., If (a mod 2 * n == 2 * n−2), b = g12 ′ (b);
As a third conditional branch set U, a mod 2 * n == 1, a mod 2 * n == 3,..., A mod 2 * n == 2 * n−1 of the conditional expression union set U ′ N conditional branches if (a mod 2 * n == 1), b = g22 ′ (b) ;, if (a mod 2 * n = = 3), b = g22 ′ (b);..., If (a mod 2 * n == 2 * n−1), b = g22 ′ (b);

FIG. 20 shows an example of a program obfuscated by this embodiment. The program in FIG. 20 is an example in which obfuscation is applied to the function f00 in FIG.
When performing the above steps S191 to S196, parameters are determined as follows in steps S192, S193, S194, and S195, respectively.

In step S192, an input variable a of f00 is selected as the input variable a of the obfuscation target function, an integer k of 2 or more, and k = 2 and n = 3 are selected as n.
In step S193, g1 (x) = 2 * x + 3 and g2 (x) = 4 * x-5 are generated as the reversible functions g1 and g2.
In step S194, the variable b of f00 is selected as the operation target by g1 and g2. As the positions Pp1, p2, and p3 in the obfuscation target function, p20 and p21 in f00 shown in FIG. 21 are selected (in this example, p2 and p3 are the same position p21, and the conditional branch sum sets T and U are Are inserted in order).
In step S195, g11 ′, g12 ′, g21 ′, and g22 ′ are taken as follows.
g11 ′ (x) = x−3, g12 ′ (x) = x / 2, g21 ′ (x) = x + 5, g22 ′ (x) = x / 4, (where g11 ′, g12 ′, g21 ′, g22 ′ satisfies g1 ′ (x) = g12 ′ (g11 ′ (x)) and g2 ′ (x) = g22 ′ (g21 ′ (x)))

  Obfuscation according to the present invention is theoretically safe against frequency analysis attacks. As a reason for this, it will be described below that it is difficult to specify the conditional branch added for obfuscation by frequency analysis in the first embodiment.

  First, a conditional clause (denoted as e) for converting a variable by g1 (g2) inserted into an obfuscated program (function f00 in the embodiment) and a conditional clause (n conditions) to be restored by g1 ′ (g2 ′) Let us consider the degree of correlation between the nodes (d1,..., Dn). When e is executed, one of d1,..., dn is always executed, and at that time, the probability of executing d1,. From this, in the frequency analysis, the correlation between e and d1,..., Dn is calculated as 1 / n.

By following the procedures 1 and 2 as described above, n satisfying 1 / n <= Q can be selected (Q is an average of the degree of correlation between any two conditional clauses originally included in the program). . That is, according to procedures 1 and 2, the degree of correlation between the conditional clauses e and di to be inserted (i is included in the set [1,..., N]) is the correlation between the conditional branches originally included in the program. It will not be larger than degree Q. This means that it is difficult for frequency analysis to identify that e and di are related (in the sense of being a reversible pair of variables).
As described above, according to the present invention, it is possible to implement obfuscation that is theoretically safe against frequency analysis attacks.

More specifically, as an attack method for the procedures 1 and 2, a method of calculating the degree of correlation between sets of conditional clauses can be considered. Here, the correlation between two sets of conditional clauses H = (h1,..., Hm), G = (g1,..., Gn) is expressed as any conditional clause in H and any one in G. This is defined as the degree to which conditional clauses are executed simultaneously.
For example, as the degree of correlation between {e} and {d1,..., Dn}, a value close to 1 can be obtained by taking an execution trace many times by frequency analysis. This is because any one of d1,..., Dn is executed whenever e is executed. In this way, an attack that identifies a conditional branch added to the obfuscation target program by finding two sets of conditional clauses having a high degree of correlation is assumed.

However, the method for calculating the degree of correlation between sets of conditional clauses as described above is difficult in terms of computational complexity. Now, assume that obfuscation is applied to a program containing s conditional clauses according to any of the embodiments according to the present invention. At this time, since 2 + 2n conditional clauses are inserted, the obfuscated application program includes s + 2 + 2n conditional clauses. In order to invalidate the obfuscation of the obfuscated program, it is necessary to specify that the degree of correlation between {e} and {d1, ..., dn} is high.
However, the number in the case of extracting a set pair of 1 and n elements from s + 2 + 2n conditional clauses is proportional to s ^ n = exp (n * logs) when s >> n. In other words, the number of conditional expression pairs increases exponentially with respect to n. For this reason, when n is sufficiently large, it is difficult to specify that {e} and {d1,..., Dn} have a high degree of correlation.

It is a block diagram of the program obfuscation apparatus which concerns on one Example of this invention. It is a hardware block diagram of the program obfuscation apparatus which concerns on one Example of this invention. It is a figure explaining an example of the utilization form of the program obfuscation apparatus which concerns on one Example of this invention. It is a figure explaining an example of the utilization form of the program obfuscation apparatus which concerns on one Example of this invention. It is a figure explaining an example of the program obfuscated by this invention. It is a figure explaining the process sequence which concerns on 1st Example of this invention. It is a figure explaining the example of a program obfuscated by 1st Example of this invention. It is a figure explaining the process sequence which concerns on 2nd Example of this invention. It is a figure explaining the example of a program obfuscated by 2nd Example of this invention. It is a figure explaining the range of case division. It is a figure explaining the range of case division. It is a figure explaining the example of a program obfuscated by this invention. It is a figure explaining the example of a program obfuscated by this invention. It is a figure explaining the example of a program obfuscated by this invention. It is a figure explaining the process sequence which concerns on 3rd Example of this invention. It is a figure explaining the example of a program obfuscated by 3rd Example of this invention. It is a figure explaining the process sequence which concerns on 4th Example of this invention. It is a figure explaining the example of a program obfuscated by 4th Example of this invention. It is a figure explaining the process sequence which concerns on 5th Example of this invention. It is a figure explaining the example of a program obfuscated by 5th Example of this invention. It is a figure explaining an example of a program. It is a figure explaining the prior art example of the obfuscated program.

Explanation of symbols

1: Program obfuscation device 2: Input means
3: Obfuscation processing means, 4: Output means,
5: analysis means (position determination means, correlation degree calculation means), 6: conditional branch generation means,
7: insertion means, S: first conditional branch union,
T: second conditional branch union, pp: program part,
p1, p2, p20, p21: insertion position, a: first variable,
b: second variable,

Claims (11)

An input means for inputting an obfuscated program;
A first conditional expression that includes a conditional expression that separates the value of the first variable in the program and a conditional clause that converts the value of the second variable in the program for each case-divided value of the first variable. Conditional branch, conditional expression for dividing the value of the first variable in the entire range of possible values of the first variable in the first conditional branch, and each value of the divided first variable Generating means for generating a second conditional branch including a conditional clause for inversely converting the value of the converted second variable into an original value;
Determining means for determining a position at which the first conditional branch and the second conditional branch are inserted in a portion after the first and second variables exist in the program;
Inserting means for inserting the first conditional branch and the second conditional branch at a determined position in the program;
A program obfuscation apparatus comprising: The first conditional branch includes a first conditional expression union composed of a plurality of conditional expressions, and the second conditional branch includes a second conditional expression union composed of a plurality of conditional expressions,
The program obfuscation apparatus according to claim 1, wherein the first conditional expression union and the second conditional expression union are equivalent and different sets.   The deciding means decides, after the position where the first conditional branch is inserted, a position separating the program part where the first and second variables are not operated as a position where the second conditional branch is inserted. The program obfuscation apparatus according to claim 1, wherein the obfuscation apparatus is a program obfuscation apparatus. A calculation means for calculating a degree of correlation of a plurality of existing conditional branches in the obfuscated program;
4. The program according to claim 1, wherein the generation unit generates the first and second conditional branches so that the correlation degree is close to the calculated correlation degree. 5. Obfuscation device.   The determining means is a condition for dividing the conditional expression included in the first conditional branch into cases where the value of the first variable is classified in the entire range of possible values of the first variable in the obfuscated program. The program obfuscation apparatus according to claim 1, wherein the program obfuscation apparatus is an expression.   The determining means classifies the conditional expression included in the first conditional branch into a value of the first variable in a partial range of values that can be taken by the first variable in the obfuscated program. The program obfuscation apparatus according to claim 1, wherein the conditional expression is a conditional expression.   7. The generation unit according to claim 1, wherein the generation unit generates the first and second conditional branches using an input variable to the obfuscation target program as the first and second variables. The program obfuscation apparatus according to any one of the above.   The said production | generation means produces | generates the said 1st and 2nd conditional branch by classifying the said 1st variable by the case by a surplus calculation, The any one of Claim 1 thru | or 7 characterized by the above-mentioned. Program obfuscation device.   8. The generation unit according to claim 1, wherein the generation unit generates the first and second conditional branches by classifying the first variable according to a hash function. Program obfuscation device.   10. The program obfuscation apparatus according to claim 1, further comprising means for outputting a program in which the first conditional branch and the second conditional branch are inserted. An input means for inputting an obfuscated program;
A first conditional expression that includes a conditional expression that separates the value of the first variable in the program and a conditional clause that converts the value of the second variable in the program for each case-divided value of the first variable. Conditional branch, conditional expression for dividing the value of the first variable in the entire range of possible values of the first variable in the first conditional branch, and each value of the divided first variable Generating means for generating a second conditional branch including a conditional clause for inversely converting the value of the converted second variable into an original value;
Determining means for determining a position at which the first conditional branch and the second conditional branch are inserted in a portion after the first and second variables exist in the program;
Inserting means for inserting the first conditional branch and the second conditional branch at a determined position in the program;
An obfuscation program characterized by realizing the above on a computer.

Images