# On Strong Simulation and Composable Point Obfuscation

- 558 Downloads
- 7 Citations

## Abstract

The Virtual Black Box (VBB) property for program obfuscators provides a strong guarantee: anything computable by an efficient adversary, given the obfuscated program, can also be computed by an efficient simulator, with only oracle access to the program. However, we know how to achieve this notion only for very restricted classes of programs.

This work studies a simple relaxation of VBB: allow the simulator unbounded computation time, while still allowing only polynomially many queries to the oracle. We demonstrate the viability of this relaxed notion, which we call Virtual Grey Box (VGB), in the context of composable obfuscators for point programs: it is known that, with respect to VBB, if such obfuscators exist, then there exist multi-bit point obfuscators (also known as “digital lockers”) and subsequently also very strong variants of encryption that are resilient to various attacks, such as key leakage and key-dependent-messages. However, no composable VBB-obfuscators for point programs have been shown. We show composable *VGB*-obfuscators for point programs under a strong variant of the Decision Diffie–Hellman assumption. We show that VGB (instead of VBB) obfuscation still suffices for the above applications, as well as for new applications. This includes extensions to the public key setting and to encryption schemes with resistance to certain related key attacks (RKA).

## Key words

Obfuscation Strong simulation Composable point obfuscation Strong encryption Decision Diffie–Hellman## Notes

### Acknowledgements

We thank Sebastian Gajek and Mayank Varia for helpful comments.

## References

- [1]B. Applebaum, D. Harnik, Y. Ishai, Semantic security under related-key attacks and applications, in
*ICS*(2011), pp. 45–60 Google Scholar - [2]B. Applebaum, Fast cryptographic primitives based on the hardness of decoding random linear code. Technical Report TR-845-08, Princeton University (2008). Available at ftp://ftp.cs.princeton.edu/techreports/2008/845.pdf
- [3]B. Adida, D. Wikström, How to shuffle in public, in
*TCC*(2007), pp. 555–574 Google Scholar - [4]B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs, in
*CRYPTO*(2001), pp. 1–18 Google Scholar - [5]D. Boneh, S. Halevi, M. Hamburg, R. Ostrovsky, Circular-secure encryption from decision Diffie–Hellman, in
*CRYPTO*(2008), pp. 108–125 Google Scholar - [6]D. Boneh, The decision Diffie–Hellman problem, in
*ANTS*(1998), pp. 48–63 Google Scholar - [7]J. Black, P. Rogaway, T. Shrimpton, Encryption-scheme security in the presence of key-dependent messages, in
*Selected Areas in Cryptography*(2002), pp. 62–75 Google Scholar - [8]R. Canetti, Towards realizing random oracles: hash functions that hide all partial information, in
*CRYPTO*(1997), pp. 455–469 Google Scholar - [9]R. Canetti, R.R. Dakdouk, Obfuscating point functions with multibit output, in
*EUROCRYPT*(2008), pp. 489–508 Google Scholar - [10]R. Canetti, Y. Tauman Kalai, M. Varia, D. Wichs, On symmetric encryption and point obfuscation, in
*TCC*(2010), pp. 52–71 Google Scholar - [11]R. Canetti, D. Micciancio, O. Reingold, Perfectly one-way probabilistic hash functions (preliminary version), in
*STOC*(1998), pp. 131–140 Google Scholar - [12]R. Canetti, G.N. Rothblum, M. Varia, Obfuscation of hyperplane membership, in
*TCC*(2010), pp. 72–89 Google Scholar - [13]R. Canetti, M. Varia, Non-malleable obfuscation, in
*TCC*(2009), pp. 73–90 Google Scholar - [14]Y. Dodis, A. Smith, Correcting errors without leaking partial information, in
*STOC*(2005), pp. 654–663 Google Scholar - [15]S. Goldwasser, Y. Tauman Kalai, On the impossibility of obfuscation with auxiliary input, in
*FOCS*(2005), pp. 553–562 Google Scholar - [16]O. Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in
*STOC ’89: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing*(ACM, New York, 1989), pp. 25–32 CrossRefGoogle Scholar - [17]S. Goldwasser, G.N. Rothblum, On best-possible obfuscation, in
*TCC*(2007), pp. 194–213 Google Scholar - [18]S. Hada, Secure obfuscation for encrypted signatures, in
*Eurocrypt*(2010) Google Scholar - [19]I. Haitner, T. Holenstein, On the (im)possibility of key dependent encryption, in
*TCC*(2009), pp. 202–219 Google Scholar - [20]S. Halevi, H. Krawczyk, Security under key-dependent inputs, in
*ACM Conference on Computer and Communications Security*(2007), pp. 466–475 Google Scholar - [21]D. Hofheinz, M.-L. John, M. Stam, Obfuscation for cryptographic purposes, in
*TCC*(2007), pp. 214–232 Google Scholar - [22]S. Hohenberger, G.N. Rothblum, A. Shelat, V. Vaikuntanathan, Securely obfuscating re-encryption, in
*TCC*(2007), pp. 233–252 Google Scholar - [23]B. Lynn, M. Prabhakaran, A. Sahai, Positive results and techniques for obfuscation, in
*EUROCRYPT*(2004), pp. 20–39 Google Scholar - [24]V. Shoup, Lower bounds for discrete logarithms and related problems, in
*EUROCRYPT*(1997), pp. 256–266 Google Scholar - [25]H. Wee, On obfuscating point functions, in
*STOC*(2005), pp. 523–532 Google Scholar