Journal of Cryptology

, Volume 27, Issue 2, pp 317–357 | Cite as

On Strong Simulation and Composable Point Obfuscation

  • Nir Bitansky
  • Ran Canetti


The Virtual Black Box (VBB) property for program obfuscators provides a strong guarantee: anything computable by an efficient adversary, given the obfuscated program, can also be computed by an efficient simulator, with only oracle access to the program. However, we know how to achieve this notion only for very restricted classes of programs.

This work studies a simple relaxation of VBB: allow the simulator unbounded computation time, while still allowing only polynomially many queries to the oracle. We demonstrate the viability of this relaxed notion, which we call Virtual Grey Box (VGB), in the context of composable obfuscators for point programs: it is known that, with respect to VBB, if such obfuscators exist, then there exist multi-bit point obfuscators (also known as “digital lockers”) and subsequently also very strong variants of encryption that are resilient to various attacks, such as key leakage and key-dependent-messages. However, no composable VBB-obfuscators for point programs have been shown. We show composable VGB-obfuscators for point programs under a strong variant of the Decision Diffie–Hellman assumption. We show that VGB (instead of VBB) obfuscation still suffices for the above applications, as well as for new applications. This includes extensions to the public key setting and to encryption schemes with resistance to certain related key attacks (RKA).

Key words

Obfuscation Strong simulation Composable point obfuscation Strong encryption Decision Diffie–Hellman 



We thank Sebastian Gajek and Mayank Varia for helpful comments.


  1. [1]
    B. Applebaum, D. Harnik, Y. Ishai, Semantic security under related-key attacks and applications, in ICS (2011), pp. 45–60 Google Scholar
  2. [2]
    B. Applebaum, Fast cryptographic primitives based on the hardness of decoding random linear code. Technical Report TR-845-08, Princeton University (2008). Available at
  3. [3]
    B. Adida, D. Wikström, How to shuffle in public, in TCC (2007), pp. 555–574 Google Scholar
  4. [4]
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs, in CRYPTO (2001), pp. 1–18 Google Scholar
  5. [5]
    D. Boneh, S. Halevi, M. Hamburg, R. Ostrovsky, Circular-secure encryption from decision Diffie–Hellman, in CRYPTO (2008), pp. 108–125 Google Scholar
  6. [6]
    D. Boneh, The decision Diffie–Hellman problem, in ANTS (1998), pp. 48–63 Google Scholar
  7. [7]
    J. Black, P. Rogaway, T. Shrimpton, Encryption-scheme security in the presence of key-dependent messages, in Selected Areas in Cryptography (2002), pp. 62–75 Google Scholar
  8. [8]
    R. Canetti, Towards realizing random oracles: hash functions that hide all partial information, in CRYPTO (1997), pp. 455–469 Google Scholar
  9. [9]
    R. Canetti, R.R. Dakdouk, Obfuscating point functions with multibit output, in EUROCRYPT (2008), pp. 489–508 Google Scholar
  10. [10]
    R. Canetti, Y. Tauman Kalai, M. Varia, D. Wichs, On symmetric encryption and point obfuscation, in TCC (2010), pp. 52–71 Google Scholar
  11. [11]
    R. Canetti, D. Micciancio, O. Reingold, Perfectly one-way probabilistic hash functions (preliminary version), in STOC (1998), pp. 131–140 Google Scholar
  12. [12]
    R. Canetti, G.N. Rothblum, M. Varia, Obfuscation of hyperplane membership, in TCC (2010), pp. 72–89 Google Scholar
  13. [13]
    R. Canetti, M. Varia, Non-malleable obfuscation, in TCC (2009), pp. 73–90 Google Scholar
  14. [14]
    Y. Dodis, A. Smith, Correcting errors without leaking partial information, in STOC (2005), pp. 654–663 Google Scholar
  15. [15]
    S. Goldwasser, Y. Tauman Kalai, On the impossibility of obfuscation with auxiliary input, in FOCS (2005), pp. 553–562 Google Scholar
  16. [16]
    O. Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in STOC ’89: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing (ACM, New York, 1989), pp. 25–32 CrossRefGoogle Scholar
  17. [17]
    S. Goldwasser, G.N. Rothblum, On best-possible obfuscation, in TCC (2007), pp. 194–213 Google Scholar
  18. [18]
    S. Hada, Secure obfuscation for encrypted signatures, in Eurocrypt (2010) Google Scholar
  19. [19]
    I. Haitner, T. Holenstein, On the (im)possibility of key dependent encryption, in TCC (2009), pp. 202–219 Google Scholar
  20. [20]
    S. Halevi, H. Krawczyk, Security under key-dependent inputs, in ACM Conference on Computer and Communications Security (2007), pp. 466–475 Google Scholar
  21. [21]
    D. Hofheinz, M.-L. John, M. Stam, Obfuscation for cryptographic purposes, in TCC (2007), pp. 214–232 Google Scholar
  22. [22]
    S. Hohenberger, G.N. Rothblum, A. Shelat, V. Vaikuntanathan, Securely obfuscating re-encryption, in TCC (2007), pp. 233–252 Google Scholar
  23. [23]
    B. Lynn, M. Prabhakaran, A. Sahai, Positive results and techniques for obfuscation, in EUROCRYPT (2004), pp. 20–39 Google Scholar
  24. [24]
    V. Shoup, Lower bounds for discrete logarithms and related problems, in EUROCRYPT (1997), pp. 256–266 Google Scholar
  25. [25]
    H. Wee, On obfuscating point functions, in STOC (2005), pp. 523–532 Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.Tel Aviv UniversityTel AvivIsrael
  2. 2.Boston UniversityBostonUSA

Personalised recommendations