Embedding cryptographic keys into software

Question

The proposal for inclusion of DRM on html5 is hitting the news lately. It's only predictable that the key storage mechanism will eventually be cracked, as it was on dvd playback software. This is also known as the trusted client problem

My question is simple: is there a way to encrypt data such that only a specific piece of executable code is able to decrypt it?

Normally, a private (asymmetric) key is included in the software code, and used to decrypt the symmetric key (distributed with the content) that the content was encrypted with. This makes it trivial to extract the said private key from the software and bypass it.

I was wondering if it was possible to have decryption depend on the integrity of the software itself.

I can't see any obvious solution with existing cryptographic primitives. The must obvious one would be to take a hash of some internal program state on runtime, and pass it through a key derivation function, but this will still fail on memory inspection

Is this possible at all? If it's not, is there a mathematical proof? I'm not looking for definitive answers here, just pointers to existing work.

Answer 1

DRM is basically impossible without some kind of trusted device or service. It may be possible with quantum physics, but that is mostly because anything seems a possibility when you just point to quantum physics :)

Many motherboards already have a TPM module installed on it. If the market allows for such kind of devices then secure DRM may become a reality. Even then TPM modules have been broken already, as such a device in the hands of hackers is some kind of hardware DRM.

Answer 2

I don't believe you will find a mathematical proof, as you say.

There is a fairly well understood approach, which is commonly called 'Whitebox cryptography'.

The usual key question with white box cryptography is the difference between it and obfuscation. There is a good discussion around this here: https://crypto.stackexchange.com/a/392