Obfuscation for Cryptographic Purposes

  • Dennis Hofheinz
  • John Malone-Lee
  • Martijn Stam
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4392)


An obfuscation \(\mathcal{O}\) of a function F should satisfy two requirements: firstly, using \(\mathcal{O}\) it should be possible to evaluate F; secondly, \(\mathcal{O}\) should not reveal anything about F that cannot be learnt from oracle access to F. Several definitions for obfuscation exist. However, most of them are either too weak for or incompatible with cryptographic applications, or have been shown impossible to achieve, or both.

We give a new definition of obfuscation and argue for its reasonability and usefulness. In particular, we show that it is strong enough for cryptographic applications, yet we show that it has the potential for interesting positive results. We illustrate this with the following two results:

  1. 1

    If the encryption algorithm of a secure secret-key encryption scheme can be obfuscated according to our definition, then the result is a secure public-key encryption scheme.

  2. 1

    A uniformly random point function can be easily obfuscated according to our definition, by simply applying a one-way permutation. Previous obfuscators for point functions, under varying notions of security, are either probabilistic or in the random oracle model (but work for arbitrary distributions on the point function).

On the negative side, we show that
  1. 1

    Following Hada [12] and Wee [25], any family of deterministic functions that can be obfuscated according to our definition must already be “approximately learnable.” Thus, many deterministic functions cannot be obfuscated. However, a probabilistic functionality such as a probabilistic secret-key encryption scheme can potentially be obfuscated. In particular, this is possible for a public-key encryption scheme when viewed as a secret-key scheme.

  2. 1

    There exists a secure probabilistic secret-key encryption scheme that cannot be obfuscated according to our definition. Thus, we cannot hope for a general-purpose cryptographic obfuscator for encryption schemes.



obfuscation point functions 


  1. 1.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001), Full version available at, http://eprint.iacr.org/2001/069/ CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, pp. 394–403. IEEE Computer Society Press, Los Alamitos (1997)CrossRefGoogle Scholar
  3. 3.
    Canetti, R.: Towards realizing random oracles: Hash functions that hide all partial information. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Canetti, R., Micciancio, D., Reingold, O.: Perfectly one-way probabilistic hash functions. In: 30th ACM Symposium on Theory of Computing, pp. 131–140. ACM Press, New York (1998)Google Scholar
  5. 5.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: 37th ACM Symposium on Theory of Computing, pp. 654–663. ACM Press, New York (2005)Google Scholar
  7. 7.
    Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258–277. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 210–217 (1986)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Goldreich, O., Levin, L.: A hard-core predicate to any one-way function. In: 21st ACM Symposium on Theory of Computing, pp. 25–32. ACM Press, New York (1989)Google Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Goldwasser, S., Tauman Kalai, Y.: On the impossibility of obfuscation with auxiliary input. In: 46th IEEE Symposium on Foundations of Computer Science, pp. 553–562. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
  12. 12.
    Hada, S.: Zero-knowledge and code obfuscation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 443–457. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Jaeschke, R.: Encrypting C source for distribution. Journal of C Language Translation 2(1) (1990)Google Scholar
  14. 14.
    Katz, J., Yung, M.: Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: 10th ACM Conference on Computer and Communications Security, pp. 290–299. ACM Press, New York (2003)CrossRefGoogle Scholar
  17. 17.
    Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004)Google Scholar
  18. 18.
    Micali, S., Reyzin, L.: Physically observable cryptography (extended abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004), Full version available at, http://eprint.iacr.org/2003/120/ Google Scholar
  19. 19.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attack. In: 22nd ACM Symposium on Theory of Computing, pp. 427–437. ACM Press, New York (1990)Google Scholar
  20. 20.
    Narayanan, A., Shmatikov, V.: On the Limits of Point Function Obfuscation. IACR ePrint Archive (May 2006), Online available at http://eprint.iacr.org/2006/182.ps
  21. 21.
    National Institute of Standards and Technology. Data Encryption Standard (DES) (1993), FIPS Publication 46-2Google Scholar
  22. 22.
    Pass, R., Shelat, A., Vaikuntanathan, V.: Construction of a Non-Malleable Encryption Scheme From Any Semantically Secure One. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, Springer, Heidelberg (2006)Google Scholar
  23. 23.
    Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  24. 24.
    Stinson, D.R.: Cryptography: Theory and Practice. CRC Press, Boca Raton (1995)MATHGoogle Scholar
  25. 25.
    Wee, H.: On obfuscating point functions. In: 37th ACM Symposium on Theory of Computing, pp. 523–532. ACM Press, New York (2005)Google Scholar
  26. 26.
    Yao, A.C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, pp. 80–91. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Dennis Hofheinz
    • 1
  • John Malone-Lee
    • 2
  • Martijn Stam
    • 3
  1. 1.CWI, Amsterdam 
  2. 2.University of Bristol 
  3. 3.EPFL, Lausanne 

Personalised recommendations