Skip to main content

On the Complexity of Compressing Obfuscation

Abstract

Indistinguishability obfuscation has become one of the most exciting cryptographic primitives due to its far-reaching applications in cryptography and other fields. However, to date, obtaining a plausibly secure construction has been an illusive task, thus motivating the study of seemingly weaker primitives that imply it, with the possibility that they will be easier to construct. In this work, we provide a systematic study of compressing obfuscation, one of the most natural and simple to describe primitives that is known to imply indistinguishability obfuscation when combined with other standard assumptions. A compressing obfuscator is roughly an indistinguishability obfuscator that outputs just a slightly compressed encoding of the truth table. This generalizes notions introduced by Lin et al. (Functional signatures and pseudorandom functions, PKC, 2016) and Bitansky et al. (From Cryptomania to Obfustopia through secret-key functional encryption, TCC, 2016) by allowing for a broader regime of parameters. We view compressing obfuscation as an independent cryptographic primitive and show various positive and negative results concerning its power and plausibility of existence, demonstrating significant differences from full-fledged indistinguishability obfuscation. First, we show that as a cryptographic building block, compressing obfuscation is weak. In particular, when combined with one-way functions, it cannot be used (in a black-box way) to achieve public-key encryption, even under (sub-)exponential security assumptions. This is in sharp contrast to indistinguishability obfuscation, which together with one-way functions implies almost all cryptographic primitives. Second, we show that to construct compressing obfuscation with perfect correctness, one only needs to assume its existence with a very weak correctness guarantee and polynomial hardness. Namely, we show a correctness amplification transformation with optimal parameters that relies only on polynomial hardness assumptions. This implies a universal construction assuming only polynomially secure compressing obfuscation with approximate correctness. In the context of indistinguishability obfuscation, we know how to achieve such a result only under sub-exponential security assumptions together with derandomization assumptions. Lastly, we characterize the existence of compressing obfuscation with statistical security. We show that in some range of parameters and for some classes of circuits such an obfuscator exists, whereas it is unlikely to exist with better parameters or for larger classes of circuits. These positive and negative results reveal a deep connection between compressing obfuscation and various concepts in complexity theory and learning theory.

This is a preview of subscription content, access via your institution.

Notes

  1. Some of the attacks apply directly to the candidate construction, while some only apply to the underlying graded encoding scheme [41, 42, 51]. See Ananth et al. [1, Appendix A] for an overview.

  2. Assuming any average- or worst-case hardness assumption. This is necessary as XiO exists unconditionally if \({\mathsf {P}}=\mathsf {NP}\).

  3. The obfuscator we get is weak due to two reasons. First, the class for which we obtain XiO does not contain (puncturable) PRFs and thus is not sufficient for known transformations to iO. Second, the compression we achieve is not enough for cryptographic applications.

  4. Using the recent work of [69], we believe that the assumption on NIZKs can be removed. We leave this modification to future work.

  5. While the whole proof can be applied to XiO, this last step does not work for SXiO since we cannot go over all inputs and check the correctness of the obfuscation.

  6. This formalization allows us to capture functionalities like mux, even if an oracle gate returns \(\bot \).

  7. Throughout this section, we will restrict \(\ell (s,n) = 2^{n\epsilon } \cdot s^{2}\), but we note that the proof holds when \(\ell (s,n) = 2^{n\epsilon } \cdot s^{c}\) for any constant \(c > 1\).

  8. We note that this technique, of enumerating all inputs, can only be done because we are constructing XiO. In particular, this step is the reason that this separation does not apply to perfectly correct SXiO.

  9. In Theorems 6.10 and 6.11 it is enough that the labels are for uniformly random inputs (i.e., random examples).

  10. Recently, Carmosino et al. [36] generalized their result to get an implication from “tolerant” natural proofs to agnostic learning [67]. In agnostic learning, it is the same as in PAC learning except that the learner is only guaranteed that f is close to the concept class \({\mathcal {C}} \) (rather than assuming it belongs to it).

  11. The argument works even with sub-exponential security by increasing the size of the key.

References

  1. P. Ananth, A. Jain, M. Naor, A. Sahai, E. Yogev, Universal constructions and robust combiners for indistinguishability obfuscation and witness encryption, in Advances in Cryptology - CRYPTO (2016), pp. 491–520

  2. P. Ananth, A. Jain, A. Sahai, Robust transforming combiners from indistinguishability obfuscation to functional encryption, in Advances in Cryptology - EUROCRYPT (2017), pp. 91–121

  3. P. Ananth, A. Jain, Indistinguishability obfuscation from compact functional encryption, in Advances in Cryptology - CRYPTO (2015), pp. 308–326

  4. P. Ananth, A. Sahai, Projective arithmetic functional encryption and indistinguishability obfuscation from degree-5 multilinear maps, in Advances in Cryptology - EUROCRYPT (2017), pp. 152–181

  5. P.V. Ananth, D. Gupta, Y. Ishai, A. Sahai, Optimizing obfuscation: Avoiding barrington’s theorem, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), pp. 646–658

  6. D. Angluin, Queries and concept learning. Mach. Learn. 2(4), 319–342 (1987)

    MathSciNet  MATH  Google Scholar 

  7. D. Apon, N. Döttling, S. Garg, P. Mukherjee, Cryptanalysis of indistinguishability obfuscations of circuits over GGH13, in 44th International Colloquium on Automata, Languages, and Programming, ICALP (2017), pp. 38:1–38:16

  8. B. Applebaum, Z. Brakerski, Obfuscating circuits via composite-order graded encoding, in Theory of Cryptography - TCC (2015), pp. 528–556

  9. G. Asharov, G. Segev, Limits on the power of indistinguishability obfuscation and functional encryption. SIAM J. Comput. 45(6), 2117–2176 (2016)

    MathSciNet  Article  Google Scholar 

  10. G. Asharov, G. Segev, On constructing one-way permutations from indistinguishability obfuscation, in Theory of Cryptography Conference (2016)

  11. C.A. Asmuth, G.R. Blakley, An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems. Comput. Math. Appl. 7(6), 447 – 450 (1981)

    MathSciNet  Article  Google Scholar 

  12. B. Barak, Z. Brakerski, I. Komargodski, P.K. Kothari, Limits on low-degree pseudorandom generators (or: Sum-of-squares meets program obfuscation), in Advances in Cryptology - EUROCRYPT (2018), pp. 649–679

  13. B. Barak, S. Garg, Y.T. Kalai, O. Paneth, A. Sahai, Protecting obfuscation against algebraic attacks, in Advances in Cryptology - EUROCRYPT (2014), pp. 221–238

  14. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs. J. ACM 59(2), 6:1–6:48 (2012)

  15. N. Bitansky, A. Degwekar, V. Vaikuntanathan, Structure vs. hardness through the obfuscation lens, in Advances in Cryptology - CRYPTO (2017), pp. 696–723

  16. N. Bitansky, H. Lin, O. Paneth, On removing graded encodings from functional encryption, in Advances in Cryptology - EUROCRYPT (2017), pp. 3–29

  17. N. Bitansky, R. Nishimaki, A. Passelègue, D. Wichs, From Cryptomania to Obfustopia through secret-key functional encryption, in Theory of Cryptography - TCC (2016), pp. 391–418

  18. N. Bitansky, O. Paneth, Zaps and non-interactive witness indistinguishability from indistinguishability obfuscation, in Theory of Cryptography - TCC (2015), pp. 401–427

  19. N. Bitansky, O. Paneth, D. Wichs, Perfect structure on the edge of chaos - trapdoor permutations from indistinguishability obfuscation, in Theory of Cryptography - TCC (2016), pp. 474–502

  20. N. Bitansky, V. Vaikuntanathan, Indistinguishability obfuscation from functional encryption, in IEEE 56th Annual Symposium on Foundations of Computer Science, FOCS (2015), pp. 171–190

  21. N. Bitansky, V. Vaikuntanathan, Indistinguishability obfuscation: From approximate to exact, in Theory of Cryptography - TCC (2016), pp. 67–95

  22. N. Bitansky, V. Vaikuntanathan, A note on perfect correctness by derandomization, in Advances in Cryptology - EUROCRYPT (2017), pp. 592–606

  23. D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, V. Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy, Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits, in Advances in Cryptology - EUROCRYPT (2014), pp. 533–556

  24. D. Boneh, A. Sahai, B. Waters, Functional encryption: a new vision for public-key cryptography. Commun. ACM 55(11), 56–64 (2012)

    Article  Google Scholar 

  25. D. Boneh, B. Waters, Constrained pseudorandom functions and their applications, in Advances in Cryptology - ASIACRYPT (2013), pp. 280–300

  26. D. Boneh, D.J. Wu, J. Zimmerman, Immunizing multilinear maps against zeroizing attacks. IACR Cryptology ePrint Archive 2014:930 (2014)

    Google Scholar 

  27. E. Boyle, S. Goldwasser, I. Ivan, Functional signatures and pseudorandom functions, in Public-Key Cryptography - PKC (2014), pp. 501–519

  28. Z. Brakerski, C. Brzuska, N. Fleischhacker, On statistically secure obfuscation with approximate correctness, in Advances in Cryptology - CRYPTO (2016), pp. 551–578

  29. Z. Brakerski, N. Döttling, S. Garg, G. Malavolta, Candidate io from homomorphic encryption schemes, in EUROCRYPT (1), volume 12105 of Lecture Notes in Computer Science (Springer, 2020), pp. 79–109

  30. Z. Brakerski, N. Döttling, S. Garg, G. Malavolta, Factoring and pairings are not necessary for io: Circular-secure LWE suffices, IACR Cryptol. ePrint Arch., 2020:1024 (2020)

    Google Scholar 

  31. Z. Brakerski, A. Jain, I. Komargodski, A. Passelègue, D. Wichs, Non-trivial witness encryption and null-io from standard assumptions, IACR Cryptology ePrint Archive, 2017:874 (2017)

    MATH  Google Scholar 

  32. Z. Brakerski, J. Katz, G. Segev, A. Yerukhimovich, Limits on the power of zero-knowledge proofs in cryptographic constructions, in Theory of Cryptography - TCC (2011), pp. 559–578

  33. Z. Brakerski, G.N. Rothblum, Virtual black-box obfuscation for all circuits via generic graded encoding, in Theory of Cryptography - TCC (2014), pp. 1–25

  34. N.H. Bshouty, C. Tamon, On the fourier spectrum of monotone functions. J. ACM 43(4), 747–770 (1996)

    MathSciNet  Article  Google Scholar 

  35. M.L. Carmosino, R. Impagliazzo, V. Kabanets, A. Kolokolova, Learning algorithms from natural proofs, in 31st Conference on Computational Complexity, CCC (2016), pp. 10:1–10:24

  36. M.L. Carmosino, R. Impagliazzo, V. Kabanets, A. Kolokolova, Agnostic learning from tolerant natural proofs, in Approximation, Randomization, and Combinatorial Optimization, APPROX/RANDOM (2017), pp. 35:1–35:19

  37. R. Chen, V. Kabanets, A. Kolokolova, R. Shaltiel, D. Zuckerman, Mining circuit lower bound proofs for meta-algorithms. Comput. Complex. 24(2), 333–392 (2015)

    MathSciNet  Article  Google Scholar 

  38. Y. Chen, C. Gentry, S. Halevi, Cryptanalyses of candidate branching program obfuscators, in Advances in Cryptology - EUROCRYPT (2017), pp. 278–307

  39. J.H. Cheon, K. Han, C. Lee, H. Ryu, D. Stehlé, Cryptanalysis of the multilinear map over the integers, in Advances in Cryptology - EUROCRYPT (2015), pp. 3–12

  40. J.-S. Coron, C. Gentry, S. Halevi, T. Lepoint, H.K. Maji, E. Miles, M. Raykova, A. Sahai, M. Tibouchi, Zeroizing without low-level zeroes: New MMAP attacks and their limitations, in Advances in Cryptology - CRYPTO (2015), pp. 247–266

  41. J.-S. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in Advances in Cryptology - CRYPTO (2013), pp. 476–493

  42. Jean-Sébastien Coron, Tancrède Lepoint, Mehdi Tibouchi. New multilinear maps over the integers, in Advances in Cryptology - CRYPTO (2015), pp. 267–286

  43. W. Diffie, M.E. Hellman, Multiuser cryptographic techniques, in American Federation of Information Processing Societies (1976), pp. 109–112

  44. M. Fischlin, A. Herzberg, H.B. Noon, H. Shulman, Obfuscation combiners, in Advances in Cryptology - CRYPTO (2016), pp. 521–550

  45. S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS (IEEE Computer Society, 2013), pp. 40–49

  46. S. Garg, C. Gentry, A. Sahai, B. Waters, Witness encryption and its applications, in Symposium on Theory of Computing Conference, STOC (2013), pp. 467–476

  47. S. Garg, M. Hajiabadi, M. Mahmoody, A. Mohammed, Limits on the power of garbling techniques for public-key encryption, in Advances in Cryptology - CRYPTO (2018), pp. 335–364

  48. Sanjam Garg, Mohammad Mahmoody, Ameer Mohammed. Lower bounds on obfuscation from all-or-nothing encryption primitives, in Advances in Cryptology - CRYPTO (2017), pp. 661–695

  49. S. Garg, M. Mahmoody, A. Mohammed, When does functional encryption imply obfuscation? In Theory of Cryptography - TCC (2017), pp. 82–115

  50. R. Gay, R. Pass, Indistinguishability obfuscation from circular security, in STOC (ACM, 2021), pp. 736–749

  51. C. Gentry, S. Gorbunov, S. Halevi, Graph-induced multilinear maps from lattices, in Theory of Cryptography - TCC (2015), pp. 498–527

  52. C. Gentry, A.B. Lewko, A. Sahai, B. Waters, Indistinguishability obfuscation from the multilinear subgroup elimination assumption, in IEEE 56th Annual Symposium on Foundations of Computer Science, FOCS (2015), pp. 151–170

  53. O. Goldreich, The Foundations of Cryptography - Volume 1, Basic Techniques, chapter 4.10.3.1 (Cambridge University Press, 2001)

  54. O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM 33(4), 792–807 (1986)

    MathSciNet  Article  Google Scholar 

  55. S. Goldwasser, S.D. Gordon, V. Goyal, A. Jain, J. Katz, F.-H. Liu, A. Sahai, E. Shi, H.-S. Zhou, Multi-input functional encryption, in Advances in Cryptology - EUROCRYPT (2014), pp. 578–602

  56. S. Goldwasser, Y.T. Kalai, R.A. Popa, V. Vaikuntanathan, N. Zeldovich, Reusable garbled circuits and succinct functional encryption, in Symposium on Theory of Computing Conference, STOC (2013), pp. 555–564

  57. S. Goldwasser, G.N. Rothblum, On best-possible obfuscation, in Theory of Cryptography - TCC (2007), pp. 194–213

  58. S. Gorbunov, V. Vaikuntanathan, H. Wee, Functional encryption with bounded collusions via multi-party computation, in Advances in Cryptology - CRYPTO (2012), pp. 162–179

  59. V. Guruswami, A. Rudra, M. Sudan, Essential coding theory, 2013. https://cse.buffalo.edu/faculty/atri/courses/coding-theory/book/index.html. Accessed May 31, 2018

  60. V. Guruswami, M. Sudan, List decoding algorithms for certain concatenated codes, in Proceedings of the 32nd annual ACM symposium on Theory of computing, STOC (ACM, 2000), pp. 181–190

  61. D. Harnik, J. Kilian, M. Naor, O. Reingold, A. Rosen, On robust combiners for oblivious transfer and other primitives, in Advances in Cryptology - EUROCRYPT (2005), pp. 96–113

  62. J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    MathSciNet  Article  Google Scholar 

  63. L. Hellerstein, R.A. Servedio, On PAC learning algorithms for rich boolean function classes. Theor. Comput. Sci. 384(1), 66–76 (2007)

    MathSciNet  Article  Google Scholar 

  64. A. Herzberg, On tolerant cryptographic constructions, in Topics in Cryptology - CT-RSA (2005), pp. 172–190

  65. A. Herzberg, Folklore, practice and theory of robust combiners. J. Comput. Secur. 17(2), 159–189 (2009)

    MathSciNet  Article  Google Scholar 

  66. R. Impagliazzo, S. Rudich, Limits on the provable consequences of one-way permutations, in Proceedings of the 21st annual ACM symposium on Theory of computing, STOC (ACM, 1989), pp. 44–61

  67. M.J. Kearns, R.E. Schapire, L. Sellie, Toward efficient agnostic learning. Mach. Learn. 17(2-3), 115–141 (1994)

    MATH  Google Scholar 

  68. A. Kiayias, S. Papadopoulos, N. Triandopoulos, T. Zacharias, Delegatable pseudorandom functions and applications, in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (ACM, 2013), pp. 669–684

  69. S. Kim, D.J. Wu, Multi-theorem preprocessing nizks from lattices, in Advances in Cryptology - CRYPTO (2018)

  70. F. Kitagawa, R. Nishimaki, K. Tanaka, Obfustopia built on secret-key functional encryption, in Advances in Cryptology - EUROCRYPT (2018), pp. 603–648

  71. I. Komargodski, T. Moran, M. Naor, R. Pass, A. Rosen, E. Yogev, One-way functions and (im)perfect obfuscation, in 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS (2014), pp. 374–383

  72. L.A. Levin, One-way functions and pseudorandom generators. Combinatorica 7(4), 357–363 (1987)

    MathSciNet  Article  Google Scholar 

  73. H. Lin, Indistinguishability obfuscation from constant-degree graded encoding schemes, in Advances in Cryptology - EUROCRYPT (2016), pp. 28–57

  74. H. Lin, Indistinguishability obfuscation from SXDH on 5-linear maps and locality-5 PRGs, in Advances in Cryptology - CRYPTO (2017), pp. 599–629

  75. H. Lin, R. Pass, K. Seth, S. Telang, Indistinguishability obfuscation with non-trivial efficiency, in Public-Key Cryptography - PKC (2016), pp. 447–462

  76. H. Lin, R. Pass, K. Seth, S. Telang, Output-compressing randomized encodings and applications, in Theory of Cryptography - TCC (2016), pp. 96–124

  77. H. Lin, V. Vaikuntanathan, Indistinguishability obfuscation from ddh-like assumptions on constant-degree graded encodings, in IEEE 57th Annual Symposium on Foundations of Computer Science, FOCS (2016), pp. 11–20

  78. N. Linial, Y. Mansour, Noam Nisan. Constant depth circuits, fourier transform, and learnability, in 30th Annual Symposium on Foundations of Computer Science, FOCS (1989), pp. 574–579

  79. Q. Liu, M. Zhandry, Decomposable obfuscation: A framework for building applications of obfuscation from polynomial hardness, in Theory of Cryptography - TCC (2017), pp. 138–169

  80. A. Lombardi, V. Vaikuntanathan, Limits on the locality of pseudorandom generators and applications to indistinguishability obfuscation, in Theory of Cryptography - TCC (2017), pp. 119–137

  81. M. Mahmoody, A. Mohammed, S. Nematihaji, R. Pass, A. Shelat, Lower bounds on assumptions behind indistinguishability obfuscation, in Theory of Cryptography - TCC (2016), pp. 49–66

  82. M. Mahmoody, D. Xiao, On the power of randomized reductions and the checkability of SAT, in Proceedings of the 25th Annual IEEE Conference on Computational Complexity, CCC (IEEE Computer Society, 2010), pp. 64–75

  83. S. Micali, C. Peikert, M. Sudan, D.A Wilson, Optimal error correction against computationally bounded noise, in Theory of Cryptography - TCC (Springer, 2005), pp. 1–16

  84. E. Miles, A. Sahai, M. Zhandry, Annihilation attacks for multilinear maps: Cryptanalysis of indistinguishability obfuscation over GGH13, in Advances in Cryptology - CRYPTO (2016), pp. 629–658

  85. M. Naor, Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991)

    Article  Google Scholar 

  86. T. Okamoto, On relationships between statistical zero-knowledge proofs. J. Comput. Syst. Sci. 60(1), 47–108 (2000)

    MathSciNet  Article  Google Scholar 

  87. A. O’Neill, Definitional issues in functional encryption. IACR Cryptology ePrint Archive 2010:556 (2010)

    Google Scholar 

  88. R. Pass, K. Seth, S. Telang, Indistinguishability obfuscation from semantically-secure multilinear encodings, in Advances in Cryptology - CRYPTO (2014), pp. 500–517

  89. A. Sahai, S.P. Vadhan, A complete problem for statistical zero knowledge. J. ACM 50(2), 196–249 (2003)

    MathSciNet  Article  Google Scholar 

  90. A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in Symposium on Theory of Computing, STOC (2014), pp. 475–484

  91. L.G. Valiant, A theory of the learnable. Commun. ACM 27(11), 1134–1142 (1984)

    Article  Google Scholar 

  92. H. Wee, D. Wichs, Candidate obfuscation via oblivious LWE sampling, in EUROCRYPT (3), volume 12698 of Lecture Notes in Computer Science (Springer, 2021), pp. 127–156

  93. R.R. Williams, Strong ETH breaks with merlin and arthur: Short non-interactive proofs of batch evaluation, in 31st Conference on Computational Complexity, CCC (2016), pp. 2:1–2:17

  94. J. Zimmerman, How to obfuscate programs directly, in Advances in Cryptology - EUROCRYPT (2015), pp. 439–467

Download references

Acknowledgements

We thank Zvika Brakerski for discussions about the possibility of SXiO and XiO with statistical security. This work is supported in part by a Junior Fellow award from the Simons Foundation, by the Israel Science Foundation (Grants no. 2439/20 and 1774/20), by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office, by the European Union’s Horizon 2020 research and innovation program under the Marie Skłodowska-Curie grant agreement No. 891234, by a Packard Foundation Fellowship, by an AFOSR grant FA9550-15-1-0262, by an Alon Young Faculty Fellowship, by NSF Award CNS-1561209, NSF Award CNS-1217821, NSF Award CNS-1704788, a Microsoft Faculty Fellowship, and a Google Faculty Research Award.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Gilad Asharov.

Additional information

Communicated by Marc Fischlin.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A preliminary version of this work appeared in IACR-CRYPTO 2018.

Gilad Asharov and Ilan Komargodski: Most of the work was conducted while at Cornell Tech, New York, NY 10044.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Asharov, G., Komargodski, I., Pass, R. et al. On the Complexity of Compressing Obfuscation. J Cryptol 35, 21 (2022). https://doi.org/10.1007/s00145-022-09431-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-022-09431-5