Non-trivial Witness Encryption and Null-iO from Standard Assumptions

  • Zvika Brakerski
  • Aayush Jain
  • Ilan Komargodski
  • Alain Passelègue
  • Daniel Wichs
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11035)


A witness encryption (WE) scheme can take any \({{\textsf {NP}}}\) statement as a public-key and use it to encrypt a message. If the statement is true then it is possible to decrypt the message given a corresponding witness, but if the statement is false then the message is computationally hidden. Ideally, the encryption procedure should run in polynomial time, but it is also meaningful to define a weaker notion, which we call non-trivially exponentially efficient WE (XWE), where the encryption run-time is only required to be much smaller than the trivial \(2^{m}\) bound for \({{\textsf {NP}}}\) relations with witness size m. We show how to construct such XWE schemes for all of \({{\textsf {NP}}}\) with encryption run-time \(2^{m/2}\) under the sub-exponential learning with errors (LWE) assumption. For \({{\textsf {NP}}}\) relations that can be verified in \({{\textsf {NC}}^1}\) (e.g., SAT) we can also construct such XWE schemes under the sub-exponential Decisional Bilinear Diffie-Hellman (DBDH) assumption. Although we find the result surprising, it follows via a very simple connection to attribute-based encryption.

We also show how to upgrade the above results to get non-trivially exponentially efficient indistinguishability obfuscation for null circuits (niO), which guarantees that the obfuscations of any two circuits that always output 0 are indistinguishable. In particular, under the LWE assumptions we get a XniO scheme where the obfuscation time is \(2^{n/2}\) for all circuits with input size n. It is known that in the case of indistinguishability obfuscation (iO) for all circuits, non-trivially efficient XiO schemes imply fully efficient iO schemes (Lin et al., PKC ’16) but it remains as a fascinating open problem whether any such connection exists for WE or niO.

Lastly, we explore a potential approach toward constructing fully efficient WE and niO schemes via multi-input ABE.



We thank Nir Bitansky for many initial discussions on the topics of this work. We thank Antigoni Polychroniadou and Hoeteck Wee for their helpful comments on a previous version of our work. We also thank the anonymous reviewers for their remarks.


  1. 1.
    Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012). Preliminary version appeared in CRYPTO 2001MathSciNetCrossRefGoogle Scholar
  2. 2.
    Bitansky, N., Nishimaki, R., Passelègue, A., Wichs, D.: From cryptomania to obfustopia through secret-key functional encryption. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 391–418. Springer, Heidelberg (2016). Scholar
  3. 3.
    Boneh, D., et al.: Fully key-homomorphic encryption, arithmetic circuit abe and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014). Scholar
  4. 4.
    Boneh, D., Sahai, A., Waters, B.: Functional encryption: a new vision for public-key cryptography. Commun. ACM 55(11), 56–64 (2012). Scholar
  5. 5.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). Scholar
  6. 6.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th Annual Symposium on Foundations of Computer Science, pp. 40–49. IEEE Computer Society Press, October 2013Google Scholar
  7. 7.
    Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Symposium on Theory of Computing Conference, STOC, pp. 467–476 (2013)Google Scholar
  8. 8.
    Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014). Scholar
  9. 9.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, 1–4 June 2013, pp. 545–554. ACM (2013)Google Scholar
  10. 10.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015). Scholar
  11. 11.
    Goyal, R., Koppula, V., Waters, B.: Lockable obfuscation. In: 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS, pp. 612–621. IEEE Computer Society (2017)Google Scholar
  12. 12.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. ACM (2006)Google Scholar
  13. 13.
    Komargodski, I., Naor, M., Yogev, E.: Secret-sharing for NP. J. Cryptol. 30(2), 444–469 (2017)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Komargodski, I., Segev, G.: From minicrypt to obfustopia via private-key functional encryption. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 122–151. Springer, Cham (2017). Scholar
  15. 15.
    Lin, H., Pass, R., Seth, K., Telang, S.: Indistinguishability obfuscation with non-trivial efficiency. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 447–462. Springer, Heidelberg (2016). Scholar
  16. 16.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th Annual ACM Symposium on Theory of Computing, pp. 84–93. ACM Press, May 2005Google Scholar
  17. 17.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th Annual ACM Symposium on Theory of Computing, pp. 475–484. ACM Press, May/Jun 2014Google Scholar
  18. 18.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  19. 19.
    Wichs, D., Zirdelis, G.: Obfuscating compute-and-compare programs under LWE. In: 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS, pp. 600–611. IEEE Computer Society (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Zvika Brakerski
    • 1
  • Aayush Jain
    • 2
  • Ilan Komargodski
    • 3
  • Alain Passelègue
    • 2
  • Daniel Wichs
    • 4
  1. 1.Weizmann Institute of ScienceRehovotIsrael
  2. 2.UCLALos AngelesUSA
  3. 3.Cornell TechNew YorkUSA
  4. 4.Northeastern UniversityBostonUSA

Personalised recommendations