Abstract
There is some evidence that indistinguishability obfuscation (iO) requires either exponentially many assumptions or (sub)exponentially hard assumptions, and indeed, all known ways of building obfuscation suffer one of these two limitations. As such, any application built from iO suffers from these limitations as well. However, for most applications, such limitations do not appear to be inherent to the application, just the approach using iO. Indeed, several recent works have shown how to base applications of iO instead on functional encryption (FE), which can in turn be based on the polynomial hardness of just a few assumptions. However, these constructions are quite complicated and recycle a lot of similar techniques. In this work, we unify the results of previous works in the form of a weakened notion of obfuscation, called decomposable obfuscation. We show (1) how to build decomposable obfuscation from functional encryption and (2) how to build a variety of applications from decomposable obfuscation, including all of the applications already known from FE. The construction in (1) hides most of the difficult techniques in the prior work, whereas the constructions in (2) are much closer to the comparatively simple constructions from iO. As such, decomposable obfuscation represents a convenient new platform for obtaining more applications from polynomial hardness.
Similar content being viewed by others
Notes
With additional mild assumptions such as the existence of one-way functions.
The kind of functional encryption that is used as a starting point only allows for a single secret key query.
The two encryptions would clearly be distinguishable if \(f(m_0)\ne f(m_1)\) just by decrypting using the secret function key. Thus, this is the best one can hope for with an indistinguishability-type definition.
By assigning \(\bot \) instead, which does not propagate down the tree.
In the sense that for each leaf, the path from root to leaf contains exactly one element in S.
One may wonder whether the same arguments apply to the seemingly similar setting of zero knowledge, where zero knowledge must hold for true instances, but soundness must hold for false instances. The crucial difference is that soundness does not prevent the zero knowledge simulator from working on false instances. Therefore, a reduction from a hard problem to zero knowledge does not need to determine whether the instance is in the language. In contrast, for iO, the security property must apply to equivalent circuits, but correctness implies that it cannot apply to inequivalent circuits.
Circuit equivalence is trivially in \(co\text {-}NP\); a point on which the two circuits differ is a witness that they are not equivalent.
This is no longer a random element in the codomain of the PRG, but it suffices for the security proof.
If \(P=NP\), one-way functions do not exist but circuit minimization can be used to obfuscate.
References
P. Ananth, A. Jain, Indistinguishability obfuscation from compact functional encryption, in Annual Cryptology Conference. (Springer, 2015), pp. 308–326
P. Ananth, A. Jain, A. Sahai, Achieving compactness generically: Indistinguishability obfuscation from non-compact functional encryption. Cryptology ePrint Archive, Report 2015/730, 2015. http://eprint.iacr.org/
T. Abbott, D. Kane, P. Valiant, On algorithms for nash equilibria, 2004
B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, K. Yang, On the (im) possibility of obfuscating programs, in Annual International Cryptology Conference. (Springer, 2001), pp. 1–18
N. Bitansky, O. Paneth, ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation. (Springer, Berlin, 2015), pp. 401–427
N. Bitansky, O. Paneth, A. Rosen, On the cryptographic hardness of finding a nash equilibrium, in 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS). (IEEE, 2015), pp. 1480–1498
N. Bitansky, O. Paneth, D. Wichs, Perfect Structure on the Edge of Chaos. (Springer, Berlin, 2016), pp 474–502
M. Bellare, I. Stepanovs, S. Tessaro, Poly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation. (Springer, Berlin, 2014), pp. 102–121
D. Boneh, A. Sahai, B. Waters, Functional encryption: Definitions and challenges, in Theory of Cryptography Conference. (Springer, 2011), pp. 253–273
N. Bitansky, V. Vaikuntanathan, Indistinguishability obfuscation from functional encryption, in 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS). (IEEE, 2015), pp. 171–190
D. Boneh, M. Zhandry, Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation. (Springer, Berlin, 2014), pp. 480–499
M. Bun, M. Zhandry, Order-Revealing Encryption and the Hardness of Private Learning. (Springer, Berlin, 2016), pp. 176–206
R. Canetti, H. Lin, S. Tessaro, V. Vaikuntanathan, Obfuscation of Probabilistic Circuits and Applications. (Springer, Berlin, 2015), pp. 468–497
S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. (Springer, 2013), pp. 1–17
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in Proceedings of the 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, FOCS ’13, Washington, DC, USA, 2013. IEEE Computer Society, pp. 40–49
S. Garg, C. Gentry, S. Halevi, M. Zhandry, Functional Encryption Without Obfuscation. (Springer, Berlin, 2016), pp. 480–511
O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. Journal of the ACM (JACM), 33(4):792–807, 1986
S. Garg, C. Gentry, A. Sahai, B. Waters, Witness encryption and its applications, in Proceedings of the Forty-fifth Annual ACM Symposium on Theory of Computing, STOC ’13, New York, NY, USA, 2013. ACM, pp. 467–476
C. Gentry, A.B. Lewko, A. Sahai, B. Waters, Indistinguishability obfuscation from the multilinear subgroup elimination assumption, in Proceedings of the 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS), FOCS ’15, Washington, DC, USA, 2015. IEEE Computer Society, pp. 151–170
S. Garg, O. Pandey, A. Srinivasan, Revisiting the cryptographic hardness of finding a nash equilibrium, in Annual Cryptology Conference. (Springer, 2016), pp. 579–604
S. Garg, O. Pandey, A. Srinivasan, M. Zhandry, Breaking the sub-exponential barrier in obfustopia. Technical report, Cryptology ePrint Archive, Report 2016/102, 2016. http://eprint.iacr.org/2016/102, 2016
S. Garg, A. Srinivasan, Single-key to multi-key functional encryption with polynomial loss, in Theory of Cryptography Conference. (Springer, 2016), pp. 419–442
S. Goldwasser, Y.T. Kalai, Cryptographic Assumptions: A Position Paper. (Springer, Berlin, 2016), pp. 505–522
D. Hofheinz, T. Jager, D. Khurana, A. Sahai, B. Waters, M. Zhandry, How to Generate and Use Universal Samplers. (Springer, Berlin, 2016), pp. 715–744
P. Hubacek, D. Wichs, On the communication complexity of secure function evaluation with long output, in Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS ’15, New York, NY, USA, 2015. ACM, pp. 163–172
R. Impagliazzo, A personal view of average-case complexity, in Structure in Complexity Theory Conference, 1995. Proceedings of Tenth Annual IEEE. (IEEE, 1995), pp. 134–147
I. Komargodski, T. Moran, M. Naor, R. Pass, A. Rosen, E. Yogev, One-way functions and (im)perfect obfuscation, in 2014 IEEE 55th Annual Symposium on Foundations of Computer Science (FOCS), 2014, pp. 374–383
I. Komargodski, G. Segev, From minicrypt to obfustopia via private-key functional encryption, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. (Springer, 2017), pp. 122–151
B. Li, D. Micciancio, Compactness vs collusion resistance in functional encryption, in Theory of Cryptography Conference. (Springer, 2016), pp. 443–468
Y. Lindell, B. Pinkas, A proof of security of yao?s protocol for two-party computation. Journal of Cryptology, 22(2):161–188, 2009
M. Naor, On Cryptographic Assumptions and Challenges. (Springer, Berlin, 2003), pp. 96–109
A. O’Neill, Definitional issues in functional encryption, in IACR Cryptology ePrint Archive, 2010:556, 2010
C.H. Papadimitriou, On the complexity of the parity argument and other inefficient proofs of existence. Journal of Computer and system Sciences, 48(3):498–532, 1994
A. Sahai, B. Waters, Fuzzy identity-based encryption, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. (Springer, 2005), pp. 457–473
A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing. (ACM, 2014), pp. 475–484
A.C.-C. Yao, How to generate and exchange secrets, in 27th Annual Symposium on Foundations of Computer Science, 1986. (IEEE, 1986), pp. 162–167
Acknowledgements
This work is supported in part by NSF. The views expressed are those of the authors and do not reflect the official policy or position of the National Science Foundation or the U.S. Government.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Rafail Ostrovsky.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
@ IACR 2020. This article is the final version submitted by the author(s) to the IACR and to Springer-Verlag on 10 Dec 2020. The version published by Springer-Verlag is available at <DOI>.
Rights and permissions
About this article
Cite this article
Liu, Q., Zhandry, M. Decomposable Obfuscation: A Framework for Building Applications of Obfuscation from Polynomial Hardness. J Cryptol 34, 35 (2021). https://doi.org/10.1007/s00145-021-09400-4
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00145-021-09400-4