Obfuscation from Polynomial Hardness: Beyond Decomposable Obfuscation

Every known construction of general indistinguishability obfuscation (iO$$\mathsf {i}\mathcal {O}$$) is either based on a family of exponentially many assumptions, or is based on a single assumption – e.g. functional encryption (FE$$\mathsf {FE}$$) – using a reduction that incurs an exponential loss...

Full description

Saved in:
Bibliographic Details
Published inSecurity and Cryptography for Networks Vol. 11035; pp. 407 - 424
Main Authors Kang, Yuan, Lin, Chengyu, Malkin, Tal, Raykova, Mariana
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 2018
Springer International Publishing
SeriesLecture Notes in Computer Science
Online AccessGet full text

Cover

More Information
Summary:Every known construction of general indistinguishability obfuscation (iO$$\mathsf {i}\mathcal {O}$$) is either based on a family of exponentially many assumptions, or is based on a single assumption – e.g. functional encryption (FE$$\mathsf {FE}$$) – using a reduction that incurs an exponential loss in security. This seems to be an inherent limitation if we insist on providing indistinguishability for any pair of functionally equivalent circuits. Recently, Liu and Zhandry (TCC 2017) introduced the notion of decomposable iO$$\mathsf {i}\mathcal {O}$$(dO$$\mathsf {d}\mathcal {O}$$), which provides indistinguishability for a restricted class of functionally equivalent circuit pairs, and, as the authors show, can be constructed from polynomially secure FE$$\mathsf {FE}$$. In this paper we propose a new notion of obfuscation, termed radiO$$\mathsf {rad}{\mathsf {i}\mathcal {O}}$$(repeated-subcircuit and decomposable obfuscation), which allows us to obfuscate a strictly larger class of circuit pairs using a polynomial reduction to FE$$\mathsf {FE}$$. Our notion builds on the equivalence criterion of Liu and Zhandry, combining it with a new incomparable criterion to obtain a strictly larger class.
Bibliography:Original Abstract: Every known construction of general indistinguishability obfuscation (iO\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {i}\mathcal {O}$$ \end{document}) is either based on a family of exponentially many assumptions, or is based on a single assumption – e.g. functional encryption (FE\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {FE}$$ \end{document}) – using a reduction that incurs an exponential loss in security. This seems to be an inherent limitation if we insist on providing indistinguishability for any pair of functionally equivalent circuits. Recently, Liu and Zhandry (TCC 2017) introduced the notion of decomposable iO\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {i}\mathcal {O}$$ \end{document} (dO\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {d}\mathcal {O}$$ \end{document}), which provides indistinguishability for a restricted class of functionally equivalent circuit pairs, and, as the authors show, can be constructed from polynomially secure FE\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {FE}$$ \end{document}. In this paper we propose a new notion of obfuscation, termed radiO\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {rad}{\mathsf {i}\mathcal {O}}$$ \end{document} (repeated-subcircuit and decomposable obfuscation), which allows us to obfuscate a strictly larger class of circuit pairs using a polynomial reduction to FE\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\mathsf {FE}$$ \end{document}. Our notion builds on the equivalence criterion of Liu and Zhandry, combining it with a new incomparable criterion to obtain a strictly larger class.
Y. Kang—Work done while supported by Air Force Office of Scientific Research (AFOSR) grant FA9550-12-1-0162. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of AFOSR.C. Lin and T. Malkin are supported by NSF grants CNS-1445424 and CCF1423306, the Leona M. & Harry B. Helmsley Charitable Trust, the Defense Advanced Research Project Agency (DARPA) and Army Research Office (ARO) under Contract W911NF-15-C-0236.M. Raykova—Supported by NSF grants CNS-1633282, 1562888, 1565208, and DARPA SafeWare W911NF-15-C-0236, W911NF-16-1-0389.Any opinions, findings and conclusions or recommendations expressed are those of the authors and do not necessarily reflect the views of the Defense Advanced Research Projects Agency, Army Research Office, the National Science Foundation, or the U.S. Government.
ISBN:9783319981123
3319981129
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-98113-0_22