Key obfuscation in software

Although it pains me to potentially aid the MAFIAA, here is a technique to conceal the decryption key in a software decoder. The key idea is that the key is known statically at compile time. Therefore, the key may be "encoded" structurally into the decryption algorithm itself, instead of existing as data that the algorithm, or the reverse engineer, reads. We unroll the general decryption algorithm rounds hardcoding the expanded key into each round. If we can encode at the bit level, the structural encoding consists of pruning a branch not taken depending on the hardcoded bit of the key. This straight-through code should be optimized, further concealing the original key, then obfuscated.

My company's product, Bluespec, may be unusually used to create such a structural encoding of a key. Bluespec is normally a tool for electronic hardware design, but it has a very good "understanding" of what part of a computation ought to be done statically, to be encoded in the structural layout of wires and other computational components of a chip, and what is computed at runtime by pumping electrons through that chip. But for a purely software application such as our problem, Bluespec produces Verilog which may executed by a Verilog simulator, or a cycle-accurate C++ simulator, either which may be called as the decryption routine.