Theory of Cryptography Conference

TCC 2007: Theory of Cryptography pp 214-232

Obfuscation for Cryptographic Purposes

  • Dennis Hofheinz
  • John Malone-Lee
  • Martijn Stam
Conference paper

DOI: 10.1007/978-3-540-70936-7_12

Volume 4392 of the book series Lecture Notes in Computer Science (LNCS)


An obfuscation \(\mathcal{O}\) of a function F should satisfy two requirements: firstly, using \(\mathcal{O}\) it should be possible to evaluate F; secondly, \(\mathcal{O}\) should not reveal anything about F that cannot be learnt from oracle access to F. Several definitions for obfuscation exist. However, most of them are either too weak for or incompatible with cryptographic applications, or have been shown impossible to achieve, or both.

We give a new definition of obfuscation and argue for its reasonability and usefulness. In particular, we show that it is strong enough for cryptographic applications, yet we show that it has the potential for interesting positive results. We illustrate this with the following two results:

  1. 1

    If the encryption algorithm of a secure secret-key encryption scheme can be obfuscated according to our definition, then the result is a secure public-key encryption scheme.

  2. 1

    A uniformly random point function can be easily obfuscated according to our definition, by simply applying a one-way permutation. Previous obfuscators for point functions, under varying notions of security, are either probabilistic or in the random oracle model (but work for arbitrary distributions on the point function).

On the negative side, we show that
  1. 1

    Following Hada [12] and Wee [25], any family of deterministic functions that can be obfuscated according to our definition must already be “approximately learnable.” Thus, many deterministic functions cannot be obfuscated. However, a probabilistic functionality such as a probabilistic secret-key encryption scheme can potentially be obfuscated. In particular, this is possible for a public-key encryption scheme when viewed as a secret-key scheme.

  2. 1

    There exists a secure probabilistic secret-key encryption scheme that cannot be obfuscated according to our definition. Thus, we cannot hope for a general-purpose cryptographic obfuscator for encryption schemes.



obfuscationpoint functions
Download to read the full conference paper text

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Dennis Hofheinz
    • 1
  • John Malone-Lee
    • 2
  • Martijn Stam
    • 3
  1. 1.CWI, Amsterdam 
  2. 2.University of Bristol 
  3. 3.EPFL, Lausanne