Advances in Cryptology — CRYPTO 2001
Volume 2139 of the series Lecture Notes in Computer Science pp 118
On the (Im)possibility of Obfuscating Programs
 Boaz BarakAffiliated withDepartment of Computer Science, Weizmann Institute of Science
 , Oded GoldreichAffiliated withDepartment of Computer Science, Weizmann Institute of Science
 , Rusell ImpagliazzoAffiliated withDepartment of Computer Science and Engineering, University of California
 , Steven RudichAffiliated withComputer Science Department, Carnegie Mellon University
 , Amit SahaiAffiliated withDepartment of Computer Science, Princeton University
 , Salil VadhanAffiliated withDivision of Engineering and Applied Sciences, Harvard University
 , Ke YangAffiliated withComputer Science Department, Carnegie Mellon University
Abstract
Informally, an obfuscator \( \mathcal{O} \) is an (efficient, probabilistic) “compiler” that takes as input a program (or circuit) P and produces a new program \( \mathcal{O} \)(P) that has the same functionality as P yet is “unintelligible” in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic and complexitytheoretic applications, ranging from software protection to homomorphic encryption to complexitytheoretic analogues of Rice’s theorem. Most of these applications are based on an interpretation of the “unintelligibility” condition in obfuscation as meaning that \( \mathcal{O} \) is a “virtual black box,” in the sense that anything one can efficiently compute given \( \mathcal{O} \), one could also efficiently compute given oracle access to P.
In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above intuition, obfuscation is impossible. We prove this by constructing a family of functions \( \mathcal{F} \) that are inherently unobfuscatable in the following sense: there is a property π: \( \mathcal{F} \) → {0,1} such that (a) given any program that computes a function f ∈ \( \mathcal{F} \), the value π(f) can be efficiently computed, yet (b) given oracle access to a (randomly selected) function f ∈ \( \mathcal{F} \), no efficient algorithm can compute π(f) much better than random guessing. We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC _{0}). We also rule out several potential applications of obfuscators, by constructing “unobfuscatable” signature schemes, encryption schemes, and pseudorandom function families.
 Title
 On the (Im)possibility of Obfuscating Programs
 Book Title
 Advances in Cryptology — CRYPTO 2001
 Book Subtitle
 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19–23, 2001 Proceedings
 Pages
 pp 118
 Copyright
 2001
 DOI
 10.1007/3540446478_1
 Print ISBN
 9783540424567
 Online ISBN
 9783540446477
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 2139
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag Berlin Heidelberg
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors

 Joe Kilian ^{(4)}
 Editor Affiliations

 4. Yianilos Labs.
 Authors

 Boaz Barak ^{(5)}
 Oded Goldreich ^{(5)}
 Rusell Impagliazzo ^{(6)}
 Steven Rudich ^{(7)}
 Amit Sahai ^{(8)}
 Salil Vadhan ^{(9)}
 Ke Yang ^{(7)}
 Author Affiliations

 5. Department of Computer Science, Weizmann Institute of Science, Rehovot, Israel
 6. Department of Computer Science and Engineering, University of California, San Diego, La Jolla, CA, 920930114
 7. Computer Science Department, Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA, 5213
 8. Department of Computer Science, Princeton University, 35 Olden St., Princeton, NJ, 08540
 9. Division of Engineering and Applied Sciences, Harvard University, 33 Oxford Street, Cambridge, MA, 02138
Continue reading...
To view the rest of this content please follow the download PDF link above.