On the (Im)possibility of Obfuscating Programs

Extended Abstract
  • Boaz Barak
  • Oded Goldreich
  • Rusell Impagliazzo
  • Steven Rudich
  • Amit Sahai
  • Salil Vadhan
  • Ke Yang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2139)


Informally, an obfuscator \( \mathcal{O} \) is an (efficient, probabilistic) “compiler” that takes as input a program (or circuit) P and produces a new program \( \mathcal{O} \)(P) that has the same functionality as P yet is “unintelligible” in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic encryption to complexity-theoretic analogues of Rice’s theorem. Most of these applications are based on an interpretation of the “unintelligibility” condition in obfuscation as meaning that \( \mathcal{O} \) is a “virtual black box,” in the sense that anything one can efficiently compute given \( \mathcal{O} \), one could also efficiently compute given oracle access to P.

In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above intuition, obfuscation is impossible. We prove this by constructing a family of functions \( \mathcal{F} \) that are inherently unobfuscatable in the following sense: there is a property π: \( \mathcal{F} \) → {0,1} such that (a) given any program that computes a function f\( \mathcal{F} \), the value π(f) can be efficiently computed, yet (b) given oracle access to a (randomly selected) function f\( \mathcal{F} \), no efficient algorithm can compute π(f) much better than random guessing. We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC 0). We also rule out several potential applications of obfuscators, by constructing “unobfuscatable” signature schemes, encryption schemes, and pseudorandom function families.


Encryption Scheme Turing Machine Random Oracle Impossibility Result Homomorphic Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BGI+01]
    Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. On the (im)possibility of obfuscating programs. Technical report, Electronic Colloquium on Computational Complexity, 2001.
  2. [BR93]
    Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the First Annual Conference on Computer and Communications Security. ACM, November 1993.Google Scholar
  3. [BL96]
    Dan Boneh and Richard Lipton. Algorithms for black-box fields and their applications to cryptography. In M. Wiener, editor, Advances in Cryptology—CRYPTO’ 96, volume 1109 of Lecture Notes in Computer Science, pages 283–297. Springer-Verlag, August 1996.Google Scholar
  4. [CGH98]
    Ran Canetti, Oded Goldreich, and Shai Halevi. The random oracle methodology, revisited. In Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, pages 209–218, Dallas, 23–26 May 1998.Google Scholar
  5. [CT00]
    Christian Collberg and Clark Thomborson. Watermarking, tamperproofing, and obfuscation-tools for software protection. Technical Report TR00-03, The Department of Computer Science, University of Arizona, February 2000.Google Scholar
  6. [DDN00]
    Danny Dolev, Cynthia Dwork, and Moni Naor. Nonmalleable cryptography. SIAM Journal on Computing, 30(2):391–437 (electronic), 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [FM91]
    Joan Feigenbaum and Michael Merritt, editors. Distributed computing and cryptography, Providence, RI, 1991. American Mathematical Society.Google Scholar
  8. [FS87]
    Amos Fiat and Adi Shamir. How to prove yourself: practical solutions to identification and signature problems. In Advances in cryptology— CRYPTO’ 86 (Santa Barbara, Calif., 1986), pages 186–194. Springer, Berlin, 1987.Google Scholar
  9. [GGM86]
    Oded Goldreich, Shafi Goldwasser, and Silvio Micali. How to construct random functions. Journal of the Association for Computing Machinery, 33(4):792–807, 1986.MathSciNetGoogle Scholar
  10. [GO96]
    Oded Goldreich and Rafail Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 43(3):431–473, 1996.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [GM84]
    Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, April 1984.Google Scholar
  12. [Had00]
    Satoshi Hada. Zero-knowledge and code obfuscation. In T. Okamoto, editor, Advances in Cryptology-ASIACRYPT’ 2000, Lecture Notes in Computer Science, pages 443–457, Kyoto, Japan, 2000. International Association for Cryptologic Research, Springer-Verlag, Berlin Germany.CrossRefGoogle Scholar
  13. [KY00]
    Jonathan Katz and Moti Yung. Complete characterization of security notions for private-key encryption. In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, pages 245–254, Portland, OR, May 2000. ACM.Google Scholar
  14. [NSS99]
    David Naccache, Adi Shamir, and Julien P. Stern. How to copyright a function? In H. Imai and Y. Zheng, editors, Public Key Cryptography— PKC’ 99, volume 1560 of Lecture Notes in Computer Science, pages 188–196. Springer-Verlag, March 1999.CrossRefGoogle Scholar
  15. [NR97]
    Moni Naor and Omer Reingold. Number-theoretic constructions of efficient pseudo-random functions. In 38th Annual Symposium on Foundations of Computer Science, pages 458–467, Miami Beach, Florida, 20-22 October 1997. IEEE.Google Scholar
  16. [RAD78]
    Ronald L. Rivest, Len Adleman, and Michael L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of secure computation (Workshop, Georgia Inst. Tech., Atlanta, Ga., 1977), pages 169–179. Academic, New York, 1978.Google Scholar
  17. [SYY99]
    Thomas Sander, Adam Young, and Moti Yung. Non-interactive cryptocomputing for NC1. In 40th Annual Symposium on Foundations of Computer Science, pages 554–566, New York, NY, 17-19 October 1999. IEEE.Google Scholar
  18. [vD98]
    Frans van Dorsselaer. Obsolescent feature. Winning entry for the 1998 International Obfuscated C Code Contest, 1998.

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Boaz Barak
    • 1
  • Oded Goldreich
    • 1
  • Rusell Impagliazzo
    • 2
  • Steven Rudich
    • 3
  • Amit Sahai
    • 4
  • Salil Vadhan
    • 5
  • Ke Yang
    • 3
  1. 1.Department of Computer ScienceWeizmann Institute of ScienceRehovotIsrael
  2. 2.Department of Computer Science and EngineeringUniversity of CaliforniaSan Diego, La Jolla
  3. 3.Computer Science DepartmentCarnegie Mellon UniversityPittsburgh
  4. 4.Department of Computer SciencePrinceton UniversityPrinceton
  5. 5.Division of Engineering and Applied SciencesHarvard UniversityCambridge

Personalised recommendations