Space-Hard Obfuscation Against Shared Cache Attacks and its Application in Securing ECDSA for Cloud-Based Blockchains

In cloud computing environments, virtual machines (VMs) running on cloud servers are vulnerable to shared cache attacks, such as Spectre and Foreshadow. By exploiting memory sharing among VMs, these attacks can compromise cryptographic keys in software modules. Program obfuscation serves as a promising countermeasure against key compromises by transforming a program into an unintelligent form while preserving its functionality. Unfortunately, for certain cryptographic algorithms such as the digital signature schemes, it is extremely difficult to construct provably secure obfuscators using traditional obfuscation approaches. To address such a challenge, this study proposes a novel approach to construct obfuscators for cryptographic algorithms named space-hard obfuscation, which can mitigate the threats from adversaries with the capability of acquiring a limited size of memory in shared cache attacks. Considering the extensive use of the Elliptic Curve Digital Signature Algorithm (ECDSA) in cloud-based Blockchain-as-a-Service (BaaS) and its potential vulnerability to shared cache attacks, we construct an exemplary scheme with provable security using space-hard obfuscation for ECDSA. Experimental results have demonstrated the scheme's high efficiency on cloud servers, as well as its successful integration with Hyperledger Fabric and Ethereum, two widely used blockchain systems.