, Volume 79, Issue 4, pp 1014–1051 | Cite as

On Virtual Grey Box Obfuscation for General Circuits

  • Nir BitanskyEmail author
  • Ran Canetti
  • Yael Tauman Kalai
  • Omer Paneth


An obfuscator \(\mathcal {O}\) is Virtual Grey Box (VGB) for a class \(\mathcal {C}\) of circuits if, for any \(C\in \mathcal {C}\) and any predicate \(\pi \), deducing \(\pi (C)\) given \(\mathcal {O}(C)\) is tantamount to deducing \(\pi (C)\) given unbounded computational resources and polynomially many oracle queries to C. VGB obfuscation is often significantly more meaningful than indistinguishability obfuscation (IO). In fact, for some circuit families of interest VGB is equivalent to full-fledged Virtual Black Box obfuscation. We investigate the feasibility of obtaining VGB obfuscation for general circuits. We first formulate a natural strengthening of IO, called strong IO (SIO). Essentially, \(\mathcal {O}\) is SIO for class \(\mathcal {C}\) if \(\mathcal {O}(C_0)\approx \mathcal {O}(C_1)\) whenever the pair \((C_0,C_1)\) is taken from a distribution over \(\mathcal {C}\) where, for all x, \(C_0(x)\ne C_1(x)\) only with negligible probability. We then show that an obfuscator is VGB for a class \(\mathcal {C}\) if and only if it is SIO for \(\mathcal {C}\). This result is unconditional and holds for any \(\mathcal {C}\). We also show that, for some circuit collections, SIO implies virtual black-box obfuscation. Finally, we formulate a slightly stronger variant of the semantic security property of graded encoding schemes [Pass-Seth-Telang Crypto 14], and show that existing obfuscators, such as the obfuscator of Barak et al. [Eurocrypt 14], are SIO for all circuits in NC\(^1\), assuming that the underlying graded encoding scheme satisfies our variant of semantic security. Put together, we obtain VGB obfuscation for all \(NC^1\) circuits under assumptions that are almost the same as those used by Pass et al. to obtain IO for \(NC^1\) circuits. We also observe that VGB obfuscation for all polynomial-size circuits implies the existence of semantically-secure graded encoding schemes with limited functionality known as jigsaw puzzles.


Cryptography Obfuscation Simulation Learning 



We are grateful to Rafael Pass for enlightening discussions and valuable comments. We also thank Vincenzo Iovino for carefully reading our manuscript and for providing useful comments.


  1. 1.
    Applebaum, B., Brakerski, Z.: Obfuscating circuits via composite-order graded encoding. In: TCC (2015)Google Scholar
  2. 2.
    Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. Cryptology ePrint Archive, Report 2015/173. (2015)
  3. 3.
    Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: TCC, pp. 26–51 (2014)Google Scholar
  4. 4.
    Bitansky, N., Canetti, R.: On strong simulation and composable point obfuscation. In: CRYPTO, pp. 520–537 (2010)Google Scholar
  5. 5.
    Bitansky, N., Canetti, R., Cohn, H., Goldwasser, S., Kalai, Y.T., Paneth, O., Rosen, A.: The impossibility of obfuscation with auxiliary input or a universal simulator. CoRR, abs/1401.0348, (2014)Google Scholar
  6. 6.
    Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O.: On virtual grey box obfuscation for general circuits. In: IACR Cryptology ePrint Archive, p. 554 (2014). The EPRINT version of our workGoogle Scholar
  7. 7.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: CRYPTO, pp. 1–18 (2001)Google Scholar
  8. 8.
    Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. Cryptology ePrint Archive, Report 2013/631. (2013)
  9. 9.
    Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. Cryptology ePrint Archive, Report 2013/563. (2013)
  10. 10.
    Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. Cryptology ePrint Archive, Report 2015/163. (2015)
  11. 11.
    Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: CRYPTO, pp. 455–469 (1997)Google Scholar
  12. 12.
    Canetti, R., Dakdouk, R.R.: Obfuscating point functions with multibit output. In: Proceedings of Advances in Cryptology—EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp 489–508. Istanbul, 13–17 Apr 2008Google Scholar
  13. 13.
    Coron, J., Gentry, C., Halevi, S., de Lepoint, T., Maji, H.K., Miles, E., Raykova, M., Sahai, A., Tibouchi, M.: Zeroizing without low-level zeroes: new MMAP attacks and their limitations. In: Proceedings of Advances in Cryptology—CRYPTO 2015—35th Annual Cryptology Conference, Part I, pp. 247–266. Santa Barbara, 16–20 Aug 2015Google Scholar
  14. 14.
    Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Proceedings of Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Part I, pp. 3–12. Sofia, Bulgaria, 26–30 Apr 2015Google Scholar
  15. 15.
    Coron, J.S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. CRYPTO 1, 476–493 (2013)MathSciNetzbMATHGoogle Scholar
  16. 16.
    Coron, J.S., de Lepoint, T., Tibouchi, M.: New multilinear maps over the integers. In: CRYPTO (2015)Google Scholar
  17. 17.
    Canetti, R., Rothblum, G.N., Varia, M.: Obfuscation of hyperplane membership. In: TCC, pp. 72–89 (2010)Google Scholar
  18. 18.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: EUROCRYPT, pp. 1–17(2013)Google Scholar
  19. 19.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013)Google Scholar
  20. 20.
    Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: FOCS, pp. 553–562 (2005)Google Scholar
  21. 21.
    Gentry, C., Lewko, A., Sahai, A., Waters, B.: Indistinguishability obfuscation from the multilinear subgroup elimination assumption. Cryptology ePrint Archive, Report 2014/309. (2014)
  22. 22.
    Goldwasser, S., Rothblum, G.N.: On best-possible obfuscation. In: TCC, pp. 194–213 (2007)Google Scholar
  23. 23.
    Hada, S.: Zero-knowledge and code obfuscation. In: ASIACRYPT, pp. 443–457 (2000)Google Scholar
  24. 24.
    Hu, Y., Jia, H.: Cryptanalysis of GGH map. In: Proceedings of Advances in Cryptology—EUROCRYPT 2016—35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Part I, pp. 537–565. Vienna, 8–12 May 2016Google Scholar
  25. 25.
    Pass, R., Telang, S., Seth, K.: Obfuscation from semantically-secure multi-linear encodings. Cryptology ePrint Archive, Report 2013/781. (2013)
  26. 26.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. IACR Cryptol ePrint Arch 2013, 454 (2013)zbMATHGoogle Scholar
  27. 27.
    Wee, H.: On obfuscating point functions. IACR Cryptol ePrint Arch 2005, 1 (2005)zbMATHGoogle Scholar
  28. 28.
    Zimmerman, J.: How to obfuscate programs directly. In: Eurocrypt (2015)Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Nir Bitansky
    • 1
    Email author
  • Ran Canetti
    • 2
  • Yael Tauman Kalai
    • 3
  • Omer Paneth
    • 4
  1. 1.MITCambridgeUSA
  2. 2.Boston University and Tel Aviv UniversityTel AvivIsrael
  3. 3.Microsoft ResearchCambridgeUSA
  4. 4.Boston UniversityBostonUSA

Personalised recommendations