Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Separation and Uninstantiability Results
Overview of Our Lockable Obfuscation Construction
More on Related Encoding Works
Analysis
References
All Topics
Computer Science
Theoretical Computer Science

Lockable Obfuscation

Profile image of rishab goyalrishab goyal

2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS)

https://doi.org/10.1109/FOCS.2017.62
visibility

description

78 pages

link

1 file

Abstract

In this paper we introduce the notion of lockable obfuscation. In a lockable obfuscation scheme there exists an obfuscation algorithm Obf that takes as input a security parameter λ, a program P , a message msg and "lock value" α and outputs an obfuscated program P . One can evaluate the obfuscated program P on any input x where the output of evaluation is the message msg if P (x) = α and otherwise receives a rejecting symbol ⊥. We proceed to provide a construction of lockable obfuscation and prove it secure under the Learning with Errors (LWE) assumption. Notably, our proof only requires LWE with polynomial hardness and does not require complexity leveraging. We follow this by describing multiple applications of lockable obfuscation. First, we show how to transform any attribute-based encryption (ABE) scheme into one in which the attributes used to encrypt the message are hidden from any user that is not authorized to decrypt the message. (Such a system is also know as predicate encryption with one-sided security.) The only previous construction due to Gorbunov, Vaikuntanathan and Wee is based off of a specific ABE scheme of Boneh et al. By enabling the transformation of any ABE scheme we can inherent different forms and features of the underlying scheme such as: multi-authority, adaptive security from polynomial hardness, regular language policies, etc. We also show applications of lockable obfuscation to separation and uninstantiability results. We first show how to create new separation results in circular encryption that were previously based on indistinguishability obfuscation. This results in new separation results from learning with error including a public key bit encryption scheme that it IND-CPA secure and not circular secure. The tool of lockable obfuscation allows these constructions to be almost immediately realized by translation from previous indistinguishability obfuscation based constructions. In a similar vein we provide random oracle uninstantiability results of the Fujisaki-Okamoto transformation (and related transformations) from the lockable obfuscation combined with fully homomorphic encryption. Again, we take advantage that previous work used indistinguishability obfuscation that obfuscated programs in a form that could easily be translated to lockable obfuscation.

Related papers

Indistinguishability Obfuscation from Simple-to-State Hard Problems: New Assumptions, New Techniques, and Simplification
Aayush Jain

Lecture Notes in Computer Science, 2021

In this work, we study the question of what set of simpleto-state assumptions suffice for constructing functional encryption and indistinguishability obfuscation (iO), supporting all functions describable by polynomial-size circuits. Our work improves over the state-ofthe-art work of Jain, Lin, Matt, and Sahai (Eurocrypt 2019) in multiple dimensions. New Assumption: Previous to our work, all constructions of iO from simple assumptions required novel pseudorandomness generators involving LWE samples and constant-degree polynomials over the integers, evaluated on the error of the LWE samples. In contrast, Boolean pseudorandom generators (PRGs) computable by constant-degree polynomials have been extensively studied since the work of Goldreich (2000). (Goldreich and follow-up works study Boolean pseudorandom generators with constant-locality, which can be computed by constant-degree polynomials.) We show how to replace the novel pseudorandom objects over the integers used in previous works, with appropriate Boolean pseudorandom generators with sufficient stretch, when combined with LWE with binary error over suitable parameters. Both binary error LWE and constant degree Goldreich PRGs have been a subject of extensive cryptanalysis since much before our work and thus we back the plausibility of our assumption with security against algorithms studied in context of cryptanalysis of these objects. New Techniques: we introduce a number of new techniques:

View PDFchevron_right
Computation-Trace Indistinguishability Obfuscation and its Applications
Wei-Kai Lin

IACR Cryptol. ePrint Arch., 2015

We introduce a new, instance-based notion of indistinguishability obfuscation, called computation-trace indistinguishability obfuscation (CiO), for (parallel) RAM computation. CiO only obfuscates a fixed, single computation instance, as opposed to iO which obfuscates a function on all input instances. Specifically, for Π defined by (P, x) consisting of a (parallel) RAM program P and an input x, the obfuscations of two instances Π and Π′ are required to be indistinguishable only when the execution of Π and Π′ generate an identical computation trace; namely, identical sequences of CPU states and memory content. On the other hand, we require the obfuscation to be (i) fully succinct: the runtime of the obfuscator (and thus the size of the obfuscated instance) depends only on the description and input/output size of Π, but is independent of the time and space complexities of Π, and (ii) efficiency preserving: the obfuscated instance is a (parallel) RAM program that preserves parallel/tot...

View PDFchevron_right
Universal Obfuscation and Witness Encryption: Boosting Correctness and Combining Security
Amit Sahai

IACR Cryptology ePrint Archive, 2016

Over the last few years a new breed of cryptographic primitives has arisen: on one hand they have previously unimagined utility and on the other hand they are not based on simple to state and tried out assumptions. With the on-going study of these primitives, we are left with several different candidate constructions each based on a different, not easy to express, mathematical assumptions, where some even turn out to be insecure. A combiner for a cryptographic primitive takes several candidate constructions of the primitive and outputs one construction that is as good as any of the input constructions. Furthermore, this combiner must be efficient: the resulting construction should remain polynomial-time even when combining polynomially many candidate. Combiners are especially important for a primitive where there are several competing constructions whose security is hard to evaluate, as is the case for indistinguishability obfuscation (IO) and witness encryption (WE). One place where the need for combiners appears is in design of a universal construction, where one wishes to find "one construction to rule them all": an explicit construction that is secure if any construction of the primitive exists. In a recent paper, Goldwasser and Kalai posed as a challenge finding universal constructions for indistinguishability obfuscation and witness encryption. In this work we resolve this issue: we construct universal schemes for IO, and for witness encryption, and also resolve the existence of combiners for these primitives along the way. For IO, our universal construction and combiners can be built based on either assuming DDH, or assuming LWE, with security against subexponential adversaries. For witness encryption, we need only one-way functions secure against polynomial time adversaries.

View PDFchevron_right
On Best-Possible Obfuscation
Jonathan Katz

Journal of Cryptology, 2013

An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. (CRYPTO 2001, pp. 1-18, 2001) initiated a theoretical study of obfuscation, which focused on black-box obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box obfuscation. This work is a study of a new notion of obfuscation, which we call best-possible obfuscation. Best possible obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak information that cannot be obtained from a black box. Best-possible obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the obfuscation is (literally) the best possible. In this work we study best-possible obfuscation and its relationship to previously studied definitions. Our main results are: (1) A separation between blackbox and best-possible obfuscation. We show a natural obfuscation task that can be

View PDFchevron_right
Separating Semantic and Circular Security for Symmetric-Key Bit Encryption from the Learning with Errors Assumption
rishab goyal

Lecture Notes in Computer Science, 2017

In this work we separate private-key semantic security from 1-circular security for bit encryption using the Learning with Error assumption. Prior works used the less standard assumptions of multilinear maps or indistinguishability obfuscation. To achieve our results we develop new techniques for obliviously evaluating branching programs.

View PDFchevron_right
Cryptographic Formula Obfuscation
Giovanni Di Crescenzo

Foundations and Practice of Security, 2019

Under intractability assumptions commonly used in cryptography, we show an efficient program obfuscator for large classes of programs, including any arbitrary monotone formula over statements expressed as equalities to a secret. Previously, only a handful set of individual functions were known to have such program obfuscators. This result has both theoretical and practical relevance. On the theoretical side, it significantly increases the class of functions that are known to have a cryptographically secure program obfuscator, and it shows that general-purpose program obfuscation results do exist with at least some level of generality, despite the likely impossibility, proved in [2], to achieve a related notion of obfuscation for any arbitrary polynomial-time program. On the practical side, there are many computational programs that can be expressed as monotone formulae over equality statements, and can now be securely obfuscated. Our most foundational contribution is a new type of obfuscation: protecting the privacy of the formula gates, and thus of much of the computation carried out by the program, in addition to the privacy of secrets used by the program. Previous program obfuscators only targeted the privacy of secrets used by the program.

View PDFchevron_right
Compiled Obfuscation for Data Structures in Encrypted Computing
Peter Breuer

ArXiv, 2019

Encrypted computing is an emerging technology based on a processor that `works encrypted', taking encrypted inputs to encrypted outputs while data remains in encrypted form throughout. It aims to secure user data against possible insider attacks by the operator and operating system (who do not know the user's encryption key and cannot access it in the processor). Formally `obfuscating' compilation for encrypted computing is such that on each recompilation of the source code, machine code of the same structure is emitted for which runtime traces also all have the same structure but each word beneath the encryption differs from nominal with maximal possible entropy across recompilations. That generates classic cryptographic semantic security for data, relative to the security of the encryption, but it guarantees only single words and an adversary has more than that on which to base decryption attempts. This paper extends the existing integer-based technology to doubles, fl...

View PDFchevron_right
Candidate Indistinguishability Obfuscation and Functional Encryption for all circuits
Amit Sahai

IACR Cryptology ePrint Archive, 2013

In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the obfuscations of C0 and C1 should be computationally indistinguishable. In functional encryption, ciphertexts encrypt inputs x and keys are issued for circuits C. Using the key SKC to decrypt a ciphertext CTx = Enc(x), yields the value C(x) but does not reveal anything else about x. Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability obfuscation and functional encryption that supports all polynomial-size circuits. We accomplish this goal in three steps: • We describe a candidate construction for indistinguishability obfuscation for NC 1 circuits. The security of this construction is based on a new algebraic hardness assumption. The candidate and assumption use a simplified variant of multilinear maps, which we call Multilinear Jigsaw Puzzles. • We show how to use indistinguishability obfuscation for NC 1 together with Fully Homomorphic Encryption (with decryption in NC 1 ) to achieve indistinguishability obfuscation for all circuits. • Finally, we show how to use indistinguishability obfuscation for circuits, public-key encryption, and non-interactive zero knowledge to achieve functional encryption for all circuits. The functional encryption scheme we construct also enjoys succinct ciphertexts, which enables several other applications.

View PDFchevron_right
Protecting obfuscation against arithmetic attacks
Eric Miles

Obfuscation, the task of compiling circuits or programs to make the internal computation unintelligible while preserving input/output functionality, has become an object of central focus in the cryptographic community. A work of Garg et al. [FOCS 2013] gave the first candidate obfuscator for general polynomial-size circuits, and led to several other works constructing candidate obfuscators. Each of these constructions is built upon another cryptographic primitive called a multilinear map, or alternatively a graded encoding scheme. Several of these candidates have been shown to achieve the strongest notion of security (virtual black-box, or VBB) against "purely algebraic" attacks in a model that we call the fully-restricted graded encoding model. In this model, each operation performed by an adversary is required to obey the algebraic restrictions of the graded encoding scheme. These restrictions essentially impose strong forms of homogeneity and multilinearity on the allowed polynomials. While important, the scope of the security proofs is limited by the stringency of these restrictions. We propose and analyze another variant of the Garg et al. obfuscator in a setting that imposes fewer restrictions on the adversary, which we call the arithmetic setting. This setting captures a broader class of attacks than considered in previous works. We also explore connections between notions of obfuscation security and longstanding questions in arithmetic circuit complexity. Our results include the following.

View PDFchevron_right
On Obfuscating Compilation for Encrypted Computing
Peter Breuer

2017

Privacy for arbitrary encrypted remote computation in the cloud is known to be equivalent to security of the runtime data on the server against the operator in the computer room as an adversary. This paper shows mathematically that this is achieved on any platform running an appropriate machine code architecture, given the 'obfuscating' compiler described. Semantic security of the runtime data is obtained, modulo the encryption, because the instruction set permits arbitrary interpretations of the circulating data for any given object code and the compiler generates object codes that exercise all the possibilities with uniformly distributed probability.

View PDFchevron_right

References (100)

  1. Tolga Acar, Mira Belenkiy, Mihir Bellare, and David Cash. Cryptographic agility and its relation to circular encryption. In EUROCRYPT '10, volume 6110 of LNCS, pages 403-422. Springer, 2010. [ABC + 05] Michel Abdalla, Mihir Bellare, Dario Catalano, Eike Kiltz, Tadayoshi Kohno, Tanja Lange, John Malone-Lee, Gregory Neven, Pascal Paillier, and Haixia Shi. Searchable encryption revisited: Consistency properties, relation to anonymous ibe, and extensions. In Annual International Cryptology Conference, 2005.
  2. Pedro Adão, Gergei Bana, Jonathan Herzog, and Andre Scedrov. Soundness and completeness of formal encryption: The cases of key cycles and partial information leakage. Journal of Computer Security, 17(5):737-797, 2009.
  3. Michel Abdalla, Mihir Bellare, and Gregory Neven. Robust encryption. Cryptology ePrint Archive, Report 2008/440, 2008.
  4. Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In CRYPTO, pages 595-618, 2009.
  5. Daniel Apon, Nico Döttling, Sanjam Garg, and Pratyay Mukherjee. Cryptanalysis of indistin- guishability obfuscations of circuits over ggh13. Cryptology ePrint Archive, Report 2016/1003, 2016.
  6. Prabhanjan Ananth and Abhishek Jain. Indistinguishability obfuscation from compact func- tional encryption. In Advances in Cryptology -CRYPTO 2015 -35th Annual Cryptology Con- ference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part I, pages 308-326, 2015.
  7. Prabhanjan Ananth, Abhishek Jain, and Amit Sahai. Achieving compactness generically: Indis- tinguishability obfuscation from non-compact functional encryption. IACR Cryptology ePrint Archive, 2015.
  8. Miklós Ajtai. Generating hard instances of the short basis problem. In Automata, Languages and Programming, 26th International Colloquium, ICALP'99, Prague, Czech Republic, July 11-15, 1999, Proceedings, pages 1-9, 1999.
  9. Navid Alamati and Chris Peikert. Three's compromised too: Circular insecurity for any cycle length from (ring-)lwe. In Advances in Cryptology -CRYPTO 2016 -36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II, pages 659-680, 2016.
  10. Prabhanjan Ananth and Amit Sahai. Projective arithmetic functional encryption and indistin- guishability obfuscation from degree-5 multilinear maps. In EUROCRYPT, 2016.
  11. Nuttapong Attrapadung. Dual system encryption via doubly selective security: Framework, fully secure functional encryption for regular languages, and more. In Advances in Cryptology - EUROCRYPT 2014 -33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, pages 557- 577, 2014.
  12. D A Barrington. Bounded-width polynomial-size branching programs recognize exactly those languages in nc1. In Proceedings of the eighteenth annual ACM symposium on Theory of com- puting, STOC '86, 1986.
  13. BBC + 14] Boaz Barak, Nir Bitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, and Amit Sahai. Obfuscation for evasive functions. In Theory of Cryptography Conference, 2014.
  14. Mihir Bellare, Alexandra Boldyreva, Anand Desai, and David Pointcheval. Key-privacy in public-key encryption. In International Conference on the Theory and Application of Cryptology and Information Security, pages 566-582. Springer, 2001.
  15. Mihir Bellare, Alexandra Boldyreva, and Adam ONeill. Deterministic and efficiently searchable encryption. In Annual International Cryptology Conference, 2007.
  16. Adam Barth, Dan Boneh, and Brent Waters. Privacy in encrypted content distribution using private broadcast encryption. In Financial Cryptography and Data Security, 10th International Conference, FC 2006, Anguilla, British West Indies, February 27-March 2, 2006, Revised Se- lected Papers, pages 52-64, 2006.
  17. Allan Borodin, Danny Dolev, Faith E. Fich, and Wolfgang J. Paul. Bounds for width two branching programs. SIAM J. Comput., 15(2):549-560, 1986.
  18. Christina Brzuska, Pooya Farshim, and Arno Mittelbach. Random-oracle uninstantiability from indistinguishability obfuscation. In Theory of Cryptography -12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23-25, 2015, Proceedings, Part II, 2015.
  19. BGG + 14] Dan Boneh, Craig Gentry, Sergey Gorbunov, Shai Halevi, Valeria Nikolaenko, Gil Segev, Vinod Vaikuntanathan, and Dhinakaran Vinayagamurthy. Fully key-homomorphic encryption, arith- metic circuit ABE and compact garbled circuits. In Advances in Cryptology -EUROCRYPT 2014 -33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, pages 533-556, 2014.
  20. BGH + 15] Zvika Brakerski, Craig Gentry, Shai Halevi, Tancrède Lepoint, Amit Sahai, and Mehdi Tibouchi. Cryptanalysis of the quadratic zero-testing of GGH. IACR Cryptology ePrint Archive, 2015. [BGI + 01] Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang. On the (im)possibility of obfuscating programs. In CRYPTO, pages 1-18, 2001. [BGI + 12] Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang. On the (im)possibility of obfuscating programs. J. ACM, 59(2):6, 2012.
  21. BGK + 14] Boaz Barak, Sanjam Garg, Yael Tauman Kalai, Omer Paneth, and Amit Sahai. Protecting obfuscation against algebraic attacks. In Advances in Cryptology -EUROCRYPT 2014 -33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, 2014.
  22. Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. (leveled) fully homomorphic en- cryption without bootstrapping. In ITCS, 2012.
  23. Mihir Bellare and Viet Tung Hoang. Adaptive witness encryption and asymmetric password- based cryptography. In Public-Key Cryptography -PKC 2015 -18th IACR International Con- ference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30 -April 1, 2015, Proceedings, pages 308-331, 2015.
  24. Mihir Bellare, Shai Halevi, Amit Sahai, and Salil Vadhan. Many-to-one trapdoor functions and their relation to public-key cryptosystems. In Annual International Cryptology Conference, 1998.
  25. Allison Bishop, Susan Hohenberger, and Brent Waters. New circular security counterexamples from decision linear and learning with errors. In Advances in Cryptology -ASIACRYPT 2015 -21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 -December 3, 2015, Proceedings, Part II, pages 776-800, 2015.
  26. BLP + 13] Zvika Brakerski, Adeline Langlois, Chris Peikert, Oded Regev, and Damien Stehlé. Classical hardness of learning with errors. In Symposium on Theory of Computing Conference, STOC'13, Palo Alto, CA, USA, June 1-4, 2013, pages 575-584, 2013.
  27. Saikrishna Badrinarayanan, Eric Miles, Amit Sahai, and Mark Zhandry. Post-zeroizing obfus- cation: New mathematical tools, and the case of evasive circuits. In Advances in Cryptology - EUROCRYPT 2016 -35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part II, 2016.
  28. Abhishek Banerjee, Chris Peikert, and Alon Rosen. Pseudorandom functions and lattices. In Advances in Cryptology -EUROCRYPT 2012 -31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings, pages 719-737, 2012.
  29. Zvika Brakerski and Guy N Rothblum. Virtual black-box obfuscation for all circuits via generic graded encoding. In Theory of Cryptography Conference, 2014.
  30. John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy attribute-based encryp- tion. In IEEE Symposium on Security and Privacy, pages 321-334, 2007.
  31. Zvika Brakerski and Vinod Vaikuntanathan. Efficient fully homomorphic encryption from (stan- dard) lwe. In FOCS, pages 97-106, 2011.
  32. Nir Bitansky and Vinod Vaikuntanathan. Indistinguishability obfuscation from functional en- cryption. In IEEE 56th Annual Symposium on Foundations of Computer Science, FOCS 2015, Berkeley, CA, USA, 17-20 October, 2015, pages 171-190, 2015.
  33. Zvika Brakerski, Vinod Vaikuntanathan, Hoeteck Wee, and Daniel Wichs. Obfuscating con- junctions under entropic ring lwe. In Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science, 2016.
  34. Dan Boneh and Brent Waters. Conjunctive, subset, and range queries on encrypted data. In Proceedings of the 4th conference on Theory of cryptography, TCC'07, pages 535-554, Berlin, Heidelberg, 2007. Springer-Verlag.
  35. Dan Boneh, David J. Wu, and Joe Zimmerman. Immunizing multilinear maps against zeroizing attacks. Cryptology ePrint Archive, Report 2014/930, 2014.
  36. Melissa Chase and Sherman S. M. Chow. Improving privacy and security in multi-authority attribute-based encryption. In ACM Conference on Computer and Communications Security, pages 121-130, 2009.
  37. Ran Canetti and Yilei Chen. Constraint-hiding constrained prfs for nc1 from lwe. In EURO- CRYPT, 2017.
  38. CFL + 16] Jung Hee Cheon, Pierre-Alain Fouque, Changmin Lee, Brice Minaud, and Hansol Ryu. Crypt- analysis of the new clt multilinear map over the integers. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2016.
  39. Ran Canetti, Oded Goldreich, and Shai Halevi. The random oracle methodology, revisited (preliminary version). In STOC, pages 209-218, 1998.
  40. David Cash, Matthew Green, and Susan Hohenberger. New definitions and separations for circular security. In Public Key Cryptography -PKC, pages 540-557, 2012.
  41. CGH + 15] Jean-Sébastien Coron, Craig Gentry, Shai Halevi, Tancrède Lepoint, Hemanta K. Maji, Eric Miles, Mariana Raykova, Amit Sahai, and Mehdi Tibouchi. Zeroizing without low-level zeroes: New MMAP attacks and their limitations. In Advances in Cryptology -CRYPTO 2015 -35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part I, 2015.
  42. Stephen A. Cook and H. James Hoover. A depth-universal circuit. SIAM Journal on Computing, 14(4):833-839, 1985.
  43. Melissa Chase. Multi-authority attribute based encryption. In TCC, pages 515-534, 2007. [CHL + 15] Jung Hee Cheon, Kyoohyung Han, Changmin Lee, Hansol Ryu, and Damien Stehlé. Crypt- analysis of the multilinear map over the integers. In Advances in Cryptology -EUROCRYPT 2015 -34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, pages 3-12, 2015.
  44. Jung Hee Cheon, Jinhyuck Jeong, and Changmin Lee. An algorithm for ntru problems and cryptanalysis of the ggh multilinear map without a low-level encoding of zero. LMS Journal of Computation and Mathematics, 2016.
  45. Jan Camenisch and Anna Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. IACR Cryptology ePrint Archive, 2001:19, 2001.
  46. Jean-Sébastien Coron, Moon Sung Lee, Tancrède Lepoint, and Mehdi Tibouchi. Cryptanalysis of GGH15 multilinear maps. In Advances in Cryptology -CRYPTO 2016 -36th Annual Inter- national Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II, 2016.
  47. Jean-Sébastien Coron, Moon Sung Lee, Tancrède Lepoint, and Mehdi Tibouchi. Zeroizing attacks on indistinguishability obfuscation over CLT13. In Public-Key Cryptography -PKC 2017 -20th IACR International Conference on Practice and Theory in Public-Key Cryptography, Amsterdam, The Netherlands, March 28-31, 2017, Proceedings, Part I, 2017.
  48. Jean-Sébastien Coron, Tancrède Lepoint, and Mehdi Tibouchi. Practical multilinear maps over the integers. In Advances in Cryptology -CRYPTO 2013 -33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part I, pages 476-493, 2013.
  49. Jean-Sebastien Coron, Tancrede Lepoint, and Mehdi Tibouchi. Cryptanalysis of two candidate fixes of multilinear maps over the integers. Cryptology ePrint Archive, Report 2014/975, 2014.
  50. Jean-Sébastien Coron, Tancrède Lepoint, and Mehdi Tibouchi. New multilinear maps over the integers. In Advances in Cryptology -CRYPTO 2015 -35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part I, 2015.
  51. Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam D. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97-139, 2008.
  52. Yevgeniy Dodis, Leonid Reyzin, and Adam D. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Advances in Cryptology -EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, pages 523-540, 2004.
  53. Yevgeniy Dodis and Adam D. Smith. Correcting errors without leaking partial information. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22-24, 2005, pages 654-663, 2005.
  54. Amos Fiat and Moni Naor. Broadcast encryption. In Proceedings of the 13th Annual Interna- tional Cryptology Conference on Advances in Cryptology, CRYPTO '93, pages 480-491, 1994.
  55. Eiichiro Fujisaki and Tatsuaki Okamoto. How to enhance the security of public-key encryption at minimum cost. In International Workshop on Public Key Cryptography, pages 53-68. Springer, 1999.
  56. Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In CRYPTO '99, volume 1666 of LNCS, pages 537-554. Springer, 1999.
  57. Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009.
  58. Sanjam Garg, Craig Gentry, and Shai Halevi. Candidate multilinear maps from ideal lattices. In EUROCRYPT, 2013.
  59. GGH + 13b] Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters. Candidate indstinguishability obfuscation and functional encryption for all circuits. In FOCS, 2013.
  60. Craig Gentry, Sergey Gorbunov, and Shai Halevi. Graph-induced multilinear maps from lattices. In TCC, 2015.
  61. Sanjam Garg, Craig Gentry, Amit Sahai, and Brent Waters. Witness encryption and its appli- cations. In STOC, 2013.
  62. Vipul Goyal, Abhishek Jain, Omkant Pandey, and Amit Sahai. Bounded ciphertext policy at- tribute based encryption. In Automata, Languages and Programming, 35th International Collo- quium, ICALP 2008, Reykjavik, Iceland, July 7-11, 2008, Proceedings, Part II -Track B: Logic, Semantics, and Theory of Programming & Track C: Security and Cryptography Foundations, 2008.
  63. Rishab Goyal, Venkata Koppula, and Brent Waters. Separating IND-CPA and circular security for unbounded length key cycles. In Public-Key Cryptography -PKC 2017 -20th IACR In- ternational Conference on Practice and Theory in Public-Key Cryptography, Amsterdam, The Netherlands, March 28-31, 2017, Proceedings, Part I, 2017.
  64. Rishab Goyal, Venkata Koppula, and Brent Waters. Separating semantic and circular security for symmetric-key bit encryption from the learning with errors assumption. In EUROCRYPT, 2017.
  65. Craig Gentry, Allison Bishop Lewko, Amit Sahai, and Brent Waters. Indistinguishability obfus- cation from the multilinear subgroup elimination assumption. In IEEE 56th Annual Symposium on Foundations of Computer Science, FOCS 2015, Berkeley, CA, USA, 17-20 October, 2015, pages 151-170, 2015.
  66. Craig Gentry, Allison B. Lewko, and Brent Waters. Witness encryption from instance inde- pendent assumptions. In Advances in Cryptology -CRYPTO 2014 -34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part I, pages 426-443, 2014. [GMM + 16] Sanjam Garg, Eric Miles, Pratyay Mukherjee, Amit Sahai, Akshayaram Srinivasan, and Mark Zhandry. Secure obfuscation in a weak multilinear map model. In Theory of Cryptography Conference, pages 241-268. Springer, 2016.
  67. Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security, CCS '06, 2006.
  68. Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In STOC, pages 197-206, 2008.
  69. Craig Gentry, Amit Sahai, and Brent Waters. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In CRYPTO, 2013.
  70. Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. Attribute-based encryption for circuits. In STOC, 2013.
  71. Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. Predicate encryption for circuits from lwe. In Annual Cryptology Conference, 2015.
  72. Shai Halevi. Graded encoding, variations on a scheme. Cryptology ePrint Archive, Report 2015/866, 2015.
  73. Johan Håstad, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. A pseudorandom generator from any one-way function. SIAM J. Comput., 28(4):1364-1396, 1999.
  74. Yupu Hu and Huiwen Jia. Cryptanalysis of ggh map. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2016.
  75. Venkata Koppula, Kim Ramchen, and Brent Waters. Separations in circular security for arbi- trary length key cycles. In Theory of Cryptography Conference (TCC), 2015.
  76. Jonathan Katz, Amit Sahai, and Brent Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology, EU- ROCRYPT'08, 2008.
  77. Venkata Koppula and Brent Waters. Circular security counterexamples for arbitrary length cycles from LWE. In CRYPTO, 2016.
  78. Peeter Laud. Encryption cycles and two views of cryptography. In NORDSEC 2002 -Proceedings of the 7th Nordic Workshop on Secure IT Systems (Karlstad University Studies 2002:31, pages 85-100, 2002.
  79. Huijia Lin. Indistinguishability obfuscation from constant-degree graded encoding schemes. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2016.
  80. Huijia Lin. Indistinguishability obfuscation from ddh on 5-linear maps and locality-5 prgs. Cryptology ePrint Archive, Report 2016/1096, 2016.
  81. LOS + 10] Allison B. Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In EUROCRYPT, pages 62-91, 2010.
  82. Huijia Lin and Vinod Vaikuntanathan. Indistinguishability obfuscation from ddh-like assump- tions on constant-degree graded encodings. In Foundations of Computer Science (FOCS), 2016 IEEE 57th Annual Symposium on, 2016.
  83. Allison B. Lewko and Brent Waters. New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In Theory of Cryptography, 7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, February 9-11, 2010. Proceedings, pages 455-479, 2010.
  84. Allison B. Lewko and Brent Waters. Decentralizing attribute-based encryption. In EURO- CRYPT, pages 568-588, 2011.
  85. Antonio Marcedone and Claudio Orlandi. Obfuscation ⇒ (IND-CPA security !⇒ circular se- curity). In Security and Cryptography for Networks -9th International Conference, SCN 2014, Amalfi, Italy, September 3-5, 2014. Proceedings, pages 77-90, 2014.
  86. Daniele Micciancio and Chris Peikert. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Advances in Cryptology -EUROCRYPT 2012 -31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings, pages 700-718, 2012.
  87. Daniele Micciancio and Chris Peikert. Hardness of SIS and LWE with small parameters. In Advances in Cryptology -CRYPTO 2013 -33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part I, pages 21-39, 2013.
  88. Daniele Micciancio and Oded Regev. Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput., 37(1):267-302, April 2007.
  89. Eric Miles, Amit Sahai, and Mark Zhandry. Annihilation attacks for multilinear maps: Crypt- analysis of indistinguishability obfuscation over ggh13. In Annual Cryptology Conference, 2016.
  90. Chris Peikert. Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31 -June 2, 2009, pages 333-342, 2009.
  91. Rafael Pass, Karn Seth, and Sidharth Telang. Indistinguishability obfuscation from semantically-secure multilinear encodings. In International Cryptology Conference, 2014.
  92. Ron Rivest, Leonard Adleman, and Michael L. Dertouzos. On data banks and privacy homo- morphisms. In Foundations of Secure Computation, pages 169-180, 1978.
  93. Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22-24, 2005, pages 84-93, 2005.
  94. Ron Rothblum. On the circular security of bit-encryption. In Theory of Cryptography -10th Theory of Cryptography Conference, TCC 2013, Tokyo, Japan, March 3-6, 2013. Proceedings, pages 579-598, 2013.
  95. Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457- 473, 2005.
  96. Amit Sahai and Brent Waters. How to use indistinguishability obfuscation: deniable encryption, and more. In Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 -June 03, 2014, pages 475-484, 2014.
  97. Brent Waters. Dual system encryption: Realizing fully secure ibe and hibe under simple as- sumptions. In CRYPTO, pages 619-636, 2009.
  98. Brent Waters. Functional encryption for regular languages. In CRYPTO, 2012.
  99. Brent R Waters, Edward W Felten, and Amit Sahai. Receiver anonymity via incomparable public keys. In Proceedings of the 10th ACM conference on Computer and communications security, 2003.
  100. Daniel Wichs and Giorgos Zirdelis. Obfuscating compute-and-compare programs under lwe. Cryptology ePrint Archive, Report 2017/276, 2017.

Related papers

On Perfect Correctness in (Lockable) Obfuscation
rishab goyal

Theory of Cryptography, 2020

In a lockable obfuscation scheme [GKW17a, WZ17] a party takes as input a program P , a lock value α, a message msg and produces an obfuscated program P . The obfuscated program can be evaluated on an input x to learn the message msg if P (x) = α. The security of such schemes states that if α is randomly chosen (independent of P and msg), then one cannot distinguish an obfuscation of P from a "dummy" obfuscation. Existing constructions of lockable obfuscation achieve provable security under the Learning with Errors assumption. One limitation of these constructions is that they achieve only statistical correctness and allow for a possible one-sided error where the obfuscated program could output the msg on some value x where P (x) = α. In this work we motivate the problem of studying perfect correctness in lockable obfuscation for the case where the party performing the obfuscation might wish to inject a backdoor or hole in the correctness. We begin by studying the existing constructions and identify two components that are susceptible to imperfect correctness. The first is in the LWE-based pseudo-random generators (PRGs) that are non-injective, while the second is in the last level testing procedure of the core constructions. We address each in turn. First, we build upon previous work to design injective PRGs that are provably secure from the LWE assumption. Next, we design an alternative last level testing procedure that has additional structure to prevent correctness errors. We then provide surgical proof of security (to avoid redundancy) that connects our construction to the construction by Goyal, Koppula, and Waters (GKW) . Specifically, we show how for a random value α an obfuscation under our new construction is indistinguishable from an obfuscation under the existing GKW construction.

View PDFchevron_right
On the (im)possibility of obfuscating programs
Steven Rudich

Journal of the ACM, 2012

Informally, an obfuscator O is an (efficient, probabilistic) "compiler" that takes as input a program (or circuit) P and produces a new program O(P ) that has the same functionality as P yet is "unintelligible" in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic encryption to complexity-theoretic analogues of Rice's theorem. Most of these applications are based on an interpretation of the "unintelligibility" condition in obfuscation as meaning that O(P ) is a "virtual black box," in the sense that anything one can efficiently compute given O(P ), one could also efficiently compute given oracle access to P .

View PDFchevron_right
Non-malleable Obfuscation
Ran Canetti

Lecture Notes in Computer Science, 2009

Existing definitions of program obfuscation do not rule out malleability attacks, where an adversary that sees an obfuscated program is able to generate another (potentially obfuscated) program that is related to the original one in some way.

View PDFchevron_right
Obfuscation from Polynomial Hardness: Beyond Decomposable Obfuscation
Chengyu Lin

2018

Every known construction of general indistinguishability obfuscation (\(\mathsf {i}\mathcal {O}\)) is either based on a family of exponentially many assumptions, or is based on a single assumption – e.g. functional encryption (\(\mathsf {FE}\)) – using a reduction that incurs an exponential loss in security. This seems to be an inherent limitation if we insist on providing indistinguishability for any pair of functionally equivalent circuits.

View PDFchevron_right
How to use indistinguishability obfuscation
Amit Sahai

Proceedings of the forty-sixth annual ACM symposium on Theory of computing, 2014

We introduce a new technique, that we call punctured programs, to apply indistinguishability obfuscation towards cryptographic problems. We use this technique to carry out a systematic study of the applicability of indistinguishability obfuscation to a variety of cryptographic goals. Along the way, we resolve the 16-year-old open question of Deniable Encryption, posed by Canetti, Dwork, Naor, and Ostrovsky in 1997: In deniable encryption, a sender who is forced to reveal to an adversary both her message and the randomness she used for encrypting it should be able to convincingly provide "fake" randomness that can explain any alternative message that she would like to pretend that she sent. We resolve this question by giving the first construction of deniable encryption that does not require any pre-planning by the party that must later issue a denial. In addition, we show the generality of our punctured programs technique by also constructing a variety of core cryptographic objects from indistinguishability obfuscation and one-way functions (or close variants). In particular we obtain: public key encryption, short "hash-and-sign" selec-

View PDFchevron_right

Related topics

  • Mathematics
  • Computer Science
  • Mathematical Foundations of Comp...
  • Functional encryption

    • Cited by

    Collusion Resistant Broadcast and Trace from Positional Witness Encryption
    Satyanarayana Vusirikala

    IACR Cryptol. ePrint Arch., 2019

    An emerging trend is for researchers to identify cryptography primitives for which feasibility was first established under obfuscation and then move the realization to a different setting. In this work we explore a new such avenue—to move obfuscation-based cryptography to the assumption of (positional) witness encryption. Our goal is to develop techniques and tools, which we will dub “witness encryption friendly” primitives and use these to develop a methodology for building advanced cryptography from positional witness encryption.

    View PDFchevron_right
    Approximate Trapdoors for Lattices and Smaller Hash-and-Sign Signatures
    Pratyay Mukherjee

    Lecture Notes in Computer Science, 2019

    View PDFchevron_right
    Indistinguishability obfuscation from well-founded assumptions
    Aayush Jain

    Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing, 2021

    Indistinguishability obfuscation, introduced by Barak et al. [Crypto 2001], aims to compile programs into unintelligible ones while preserving functionality. It is a fascinating and powerful object that has been shown to enable a host of new cryptographic goals and beyond. However, constructions of indistinguishability obfuscation have remained elusive, with all other proposals relying on heuristics or newly conjectured hardness assumptions. In this work, we show how to construct indistinguishability obfuscation from the subexponential hardness of three well-founded assumptions. We prove the following. This is joint work with Aayush Jain (UCLA and NTT Research) and Amit Sahai (UCLA).

    View PDFchevron_right
    New Approaches to Traitor Tracing with Embedded Identities
    rishab goyal

    Theory of Cryptography, 2019

    In a traitor tracing (TT) system for n users, every user has his/her own secret key. Content providers can encrypt messages using a public key, and each user can decrypt the ciphertext using his/her secret key. Suppose some of the n users collude to construct a pirate decoding box. Then the tracing scheme has a special algorithm, called Trace, which can identify at least one of the secret keys used to construct the pirate decoding box. Traditionally, the trace algorithm output only the 'index' associated with the traitors. As a result, to use such systems, either a central master authority must map the indices to actual identities, or there should be a public mapping of indices to identities. Both these options are problematic, especially if we need public tracing with anonymity of users. Nishimaki, Wichs, and Zhandry (NWZ) [Eurocrypt 2016] addressed this problem by constructing a traitor tracing scheme where the identities of users are embedded in the secret keys, and the trace algorithm, given a decoding box D, can recover the entire identities of the traitors. We call such schemes 'Embedded Identity Traitor Tracing' schemes. NWZ constructed such schemes based on adaptively secure functional encryption (FE). Currently, the only known constructions of FE schemes are based on nonstandard assumptions such as multilinear maps and iO. In this work, we study the problem of embedded identities TT based on standard assumptions. We provide a range of constructions based on different assumptions such as public key encryption (PKE), bilinear maps and the Learning with Errors (LWE) assumption. The different constructions have different efficiency trade offs. In our PKE based construction, the ciphertext size grows linearly with the number of users; the bilinear maps based construction has sub-linear (√ n) sized ciphertexts. Both these schemes have public tracing. The LWE based scheme is a private tracing scheme with optimal ciphertexts (i.e., log(n)). Finally, we also present other notions of traitor tracing, and discuss how they can be build in a generic manner from our base embedded identity TT scheme.

    View PDFchevron_right
    Collusion resistant traitor tracing from learning with errors
    rishab goyal

    Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, 2018

    In this work we provide a traitor tracing construction with ciphertexts that grow polynomially in log(n) where n is the number of users and prove it secure under the Learning with Errors (LWE) assumption. This is the first traitor tracing scheme with such parameters provably secure from a standard assumption. In addition to achieving new traitor tracing results, we believe our techniques push forward the broader area of computing on encrypted data under standard assumptions. Notably, traitor tracing is substantially different problem from other cryptography primitives that have seen recent progress in LWE solutions. We achieve our results by first conceiving a novel approach to building traitor tracing that starts with a new form of Functional Encryption that we call Mixed FE. In a Mixed FE system the encryption algorithm is bimodal and works with either a public key or master secret key. Ciphertexts encrypted using the public key can only encrypt one type of functionality. On the other hand the secret key encryption can be used to encode many different types of programs, but is only secure as long as the attacker sees a bounded number of such ciphertexts. We first show how to combine Mixed FE with Attribute-Based Encryption to achieve traitor tracing. Second we build Mixed FE systems for polynomial sized branching programs (which corresponds to the complexity class logspace) by relying on the polynomial hardness of the LWE assumption with super-polynomial modulus-to-noise ratio.

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved