Skip to main content
SpringerLink
Log in

Decomposable Obfuscation: A Framework for Building Applications of Obfuscation from Polynomial Hardness

  • Published:
Journal of Cryptology Aims and scope Submit manuscript

Abstract

There is some evidence that indistinguishability obfuscation (iO) requires either exponentially many assumptions or (sub)exponentially hard assumptions, and indeed, all known ways of building obfuscation suffer one of these two limitations. As such, any application built from iO suffers from these limitations as well. However, for most applications, such limitations do not appear to be inherent to the application, just the approach using iO. Indeed, several recent works have shown how to base applications of iO instead on functional encryption (FE), which can in turn be based on the polynomial hardness of just a few assumptions. However, these constructions are quite complicated and recycle a lot of similar techniques. In this work, we unify the results of previous works in the form of a weakened notion of obfuscation, called decomposable obfuscation. We show (1) how to build decomposable obfuscation from functional encryption and (2) how to build a variety of applications from decomposable obfuscation, including all of the applications already known from FE. The construction in (1) hides most of the difficult techniques in the prior work, whereas the constructions in (2) are much closer to the comparatively simple constructions from iO. As such, decomposable obfuscation represents a convenient new platform for obtaining more applications from polynomial hardness.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. With additional mild assumptions such as the existence of one-way functions.

  2. The kind of functional encryption that is used as a starting point only allows for a single secret key query.

  3. The two encryptions would clearly be distinguishable if \(f(m_0)\ne f(m_1)\) just by decrypting using the secret function key. Thus, this is the best one can hope for with an indistinguishability-type definition.

  4. By assigning \(\bot \) instead, which does not propagate down the tree.

  5. In the sense that for each leaf, the path from root to leaf contains exactly one element in S.

  6. One may wonder whether the same arguments apply to the seemingly similar setting of zero knowledge, where zero knowledge must hold for true instances, but soundness must hold for false instances. The crucial difference is that soundness does not prevent the zero knowledge simulator from working on false instances. Therefore, a reduction from a hard problem to zero knowledge does not need to determine whether the instance is in the language. In contrast, for iO, the security property must apply to equivalent circuits, but correctness implies that it cannot apply to inequivalent circuits.

  7. Circuit equivalence is trivially in \(co\text {-}NP\); a point on which the two circuits differ is a witness that they are not equivalent.

  8. This is no longer a random element in the codomain of the PRG, but it suffices for the security proof.

  9. If \(P=NP\), one-way functions do not exist but circuit minimization can be used to obfuscate.

References

  1. P. Ananth, A. Jain, Indistinguishability obfuscation from compact functional encryption, in Annual Cryptology Conference. (Springer, 2015), pp. 308–326

  2. P. Ananth, A. Jain, A. Sahai, Achieving compactness generically: Indistinguishability obfuscation from non-compact functional encryption. Cryptology ePrint Archive, Report 2015/730, 2015. http://eprint.iacr.org/

  3. T. Abbott, D. Kane, P. Valiant, On algorithms for nash equilibria, 2004

  4. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, K. Yang, On the (im) possibility of obfuscating programs, in Annual International Cryptology Conference. (Springer, 2001), pp. 1–18

  5. N. Bitansky, O. Paneth, ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation. (Springer, Berlin, 2015), pp. 401–427

  6. N. Bitansky, O. Paneth, A. Rosen, On the cryptographic hardness of finding a nash equilibrium, in 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS). (IEEE, 2015), pp. 1480–1498

  7. N. Bitansky, O. Paneth, D. Wichs, Perfect Structure on the Edge of Chaos. (Springer, Berlin, 2016), pp 474–502

  8. M. Bellare, I. Stepanovs, S. Tessaro, Poly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation. (Springer, Berlin, 2014), pp. 102–121

  9. D. Boneh, A. Sahai, B. Waters, Functional encryption: Definitions and challenges, in Theory of Cryptography Conference. (Springer, 2011), pp. 253–273

  10. N. Bitansky, V. Vaikuntanathan, Indistinguishability obfuscation from functional encryption, in 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS). (IEEE, 2015), pp. 171–190

  11. D. Boneh, M. Zhandry, Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation. (Springer, Berlin, 2014), pp. 480–499

  12. M. Bun, M. Zhandry, Order-Revealing Encryption and the Hardness of Private Learning. (Springer, Berlin, 2016), pp. 176–206

  13. R. Canetti, H. Lin, S. Tessaro, V. Vaikuntanathan, Obfuscation of Probabilistic Circuits and Applications. (Springer, Berlin, 2015), pp. 468–497

  14. S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. (Springer, 2013), pp. 1–17

  15. S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in Proceedings of the 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, FOCS ’13, Washington, DC, USA, 2013. IEEE Computer Society, pp. 40–49

  16. S. Garg, C. Gentry, S. Halevi, M. Zhandry, Functional Encryption Without Obfuscation. (Springer, Berlin, 2016), pp. 480–511

  17. O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. Journal of the ACM (JACM), 33(4):792–807, 1986

  18. S. Garg, C. Gentry, A. Sahai, B. Waters, Witness encryption and its applications, in Proceedings of the Forty-fifth Annual ACM Symposium on Theory of Computing, STOC ’13, New York, NY, USA, 2013. ACM, pp. 467–476

  19. C. Gentry, A.B. Lewko, A. Sahai, B. Waters, Indistinguishability obfuscation from the multilinear subgroup elimination assumption, in Proceedings of the 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS), FOCS ’15, Washington, DC, USA, 2015. IEEE Computer Society, pp. 151–170

  20. S. Garg, O. Pandey, A. Srinivasan, Revisiting the cryptographic hardness of finding a nash equilibrium, in Annual Cryptology Conference. (Springer, 2016), pp. 579–604

  21. S. Garg, O. Pandey, A. Srinivasan, M. Zhandry, Breaking the sub-exponential barrier in obfustopia. Technical report, Cryptology ePrint Archive, Report 2016/102, 2016. http://eprint.iacr.org/2016/102, 2016

  22. S. Garg, A. Srinivasan, Single-key to multi-key functional encryption with polynomial loss, in Theory of Cryptography Conference. (Springer, 2016), pp. 419–442

  23. S. Goldwasser, Y.T. Kalai, Cryptographic Assumptions: A Position Paper. (Springer, Berlin, 2016), pp. 505–522

  24. D. Hofheinz, T. Jager, D. Khurana, A. Sahai, B. Waters, M. Zhandry, How to Generate and Use Universal Samplers. (Springer, Berlin, 2016), pp. 715–744

  25. P. Hubacek, D. Wichs, On the communication complexity of secure function evaluation with long output, in Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS ’15, New York, NY, USA, 2015. ACM, pp. 163–172

  26. R. Impagliazzo, A personal view of average-case complexity, in Structure in Complexity Theory Conference, 1995. Proceedings of Tenth Annual IEEE. (IEEE, 1995), pp. 134–147

  27. I. Komargodski, T. Moran, M. Naor, R. Pass, A. Rosen, E. Yogev, One-way functions and (im)perfect obfuscation, in 2014 IEEE 55th Annual Symposium on Foundations of Computer Science (FOCS), 2014, pp. 374–383

  28. I. Komargodski, G. Segev, From minicrypt to obfustopia via private-key functional encryption, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. (Springer, 2017), pp. 122–151

  29. B. Li, D. Micciancio, Compactness vs collusion resistance in functional encryption, in Theory of Cryptography Conference. (Springer, 2016), pp. 443–468

  30. Y. Lindell, B. Pinkas, A proof of security of yao?s protocol for two-party computation. Journal of Cryptology, 22(2):161–188, 2009

  31. M. Naor, On Cryptographic Assumptions and Challenges. (Springer, Berlin, 2003), pp. 96–109

  32. A. O’Neill, Definitional issues in functional encryption, in IACR Cryptology ePrint Archive, 2010:556, 2010

  33. C.H. Papadimitriou, On the complexity of the parity argument and other inefficient proofs of existence. Journal of Computer and system Sciences, 48(3):498–532, 1994

  34. A. Sahai, B. Waters, Fuzzy identity-based encryption, in Annual International Conference on the Theory and Applications of Cryptographic Techniques. (Springer, 2005), pp. 457–473

  35. A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing. (ACM, 2014), pp. 475–484

  36. A.C.-C. Yao, How to generate and exchange secrets, in 27th Annual Symposium on Foundations of Computer Science, 1986. (IEEE, 1986), pp. 162–167

Download references

Acknowledgements

This work is supported in part by NSF. The views expressed are those of the authors and do not reflect the official policy or position of the National Science Foundation or the U.S. Government.

Author information

Authors and Affiliations

  1. Princeton University, Princeton, USA

    Qipeng Liu & Mark Zhandry

Authors
  1. Qipeng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Zhandry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qipeng Liu.

Additional information

Communicated by Rafail Ostrovsky.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

@ IACR 2020. This article is the final version submitted by the author(s) to the IACR and to Springer-Verlag on 10 Dec 2020. The version published by Springer-Verlag is available at <DOI>.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, Q., Zhandry, M. Decomposable Obfuscation: A Framework for Building Applications of Obfuscation from Polynomial Hardness. J Cryptol 34, 35 (2021). https://doi.org/10.1007/s00145-021-09400-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-021-09400-4

Keywords

Search

Navigation