There is some evidence that indistinguishability obfuscation (iO) requires either exponentially many assumptions or (sub)exponentially hard assumptions, and indeed, all known ways of building obfuscation suffer one of these two limitations. As such, any application built from iO suffers from these limitations as well. However, for most applications, such limitations do not appear to be inherent to the application, just the approach using iO. Indeed, several recent works have shown how to base applications of iO instead on functional encryption (FE), which can in turn be based on the polynomial hardness of just a few assumptions. However, these constructions are quite complicated and recycle a lot of similar techniques. In this work, we unify the results of previous works in the form of a weakened notion of obfuscation, called decomposable obfuscation. We show (1) how to build decomposable obfuscation from functional encryption and (2) how to build a variety of applications from decomposable obfuscation, including all of the applications already known from FE. The construction in (1) hides most of the difficult techniques in the prior work, whereas the constructions in (2) are much closer to the comparatively simple constructions from iO. As such, decomposable obfuscation represents a convenient new platform for obtaining more applications from polynomial hardness.

有一些证据表明，不可区分性混淆 (iO) 需要成倍数的假设或（亚）指数级的困难假设，并且实际上，所有已知的构建混淆的方法都受到这两个限制之一。因此，任何由 iO 构建的应用程序也会受到这些限制。但是，对于大多数应用程序，此类限制似乎不是应用程序固有的，只是使用 iO 的方法。事实上，最近的几项工作已经展示了如何将 iO 的应用程序建立在功能加密 (FE) 上，而功能加密又可以基于仅几个假设的多项式硬度。然而，这些结构相当复杂，并且循环使用了很多类似的技术。在这项工作中，我们以弱化的混淆概念的形式统一了先前工作的结果，称为可分解的混淆。我们展示了 (1) 如何从功能加密构建可分解​​的混淆和 (2) 如何从可分解的混淆构建各种应用程序，包括从 FE 已知的所有应用程序。(1) 中的构造隐藏了先前工作中的大部分困难技术，而 (2) 中的构造更接近于 iO 中相对简单的构造。因此，可分解混淆代表了一个方便的新平台，可以从多项式硬度中获得更多应用。