Obfuscating Point Functions with Multibit Output
- Cite this paper as:
- Canetti R., Dakdouk R.R. (2008) Obfuscating Point Functions with Multibit Output. In: Smart N. (eds) Advances in Cryptology – EUROCRYPT 2008. EUROCRYPT 2008. Lecture Notes in Computer Science, vol 4965. Springer, Berlin, Heidelberg
We construct obfuscators of point functions with multibit output and other related functions. A point function with multibit output returns a fixed string on a single input point and zero everywhere else. Obfuscation of such functions has a useful application as a strong form of symmetric encryption which guarantees security even when the key has very low entropy: Essentially, learning information about the plaintext is paramount to finding the key via exhaustive search on the key space.
Although the constructions appear to be simple and modular, their analysis turns out to be quite intricate. In particular, we uncover some weaknesses in the current definitions of obfuscation. One weakness is that current definitions do not guarantee security even under very weak forms of composition. We thus define a notion of obfuscation that is preserved under an appropriate composition operation. The constructions can use any obfuscator of point functions under the proposed definition. Alternatively, they can use perfect one way (POW) functions with statistical indistinguishability, or with computational indistinguishability at the price of somewhat weaker security.