On the Impossibility of Virtual Black-Box Obfuscation in Idealized Models

  • Mohammad Mahmoody
  • Ameer Mohammed
  • Soheil Nematihaji
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9562)


The celebrated work of Barak et al. (Crypto’01) ruled out the possibility of virtual black-box (VBB) obfuscation for general circuits. The recent work of Canetti, Kalai, and Paneth (TCC’15) extended this impossibility to the random oracle model as well assuming the existence of trapdoor permutations (TDPs). On the other hand, the works of Barak et al. (Crypto’14) and Brakerski-Rothblum (TCC’14) showed that general VBB obfuscation is indeed possible in idealized graded encoding models. The recent work of Pass and Shelat (Cryptology ePrint 2015/383) complemented this result by ruling out general VBB obfuscation in idealized graded encoding models that enable evaluation of constant-degree polynomials in finite fields.

In this work, we extend the above two impossibility results for general VBB obfuscation in idealized models. In particular we prove the following two results both assuming the existence of trapdoor permutations:

  • There is no general VBB obfuscation in the generic group model of Shoup (Eurocrypt’97) for any abelian group. By applying our techniques to the setting of Pass and Shelat we extend their result to any (even non-commutative) finite ring.

  • There is no general VBB obfuscation in the random trapdoor permutation oracle model. Note that as opposed to the random oracle which is an idealized primitive for symmetric primitives, random trapdoor permutation is an idealized public-key primitive.


Virtual black-box obfuscation Idealized models Graded encoding Generic group model 



We thank Victor Shoup and Hendrik W. Lenstra for pointing us out to the literature on solving linear equations over the ring \({\mathbb Z}_n\).


  1. [BGI+01]
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  2. [BGK+13]
    Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. IACR Cryptology ePrint Archive, 2013:631 (2013)Google Scholar
  3. [BGK+14]
    Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 221–238. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  4. [BP13]
    Bitansky, N., Paneth, O.: On the impossibility of approximate obfuscation and applications to resettable cryptography. In: Proceedings of the Forty-fifth Annual ACM Symposium on Theory of Computing, STOC 2013, pp. 241–250. ACM, New York (2013)Google Scholar
  5. [BR14]
    Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 1–25. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  6. [Can97]
    Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: Kaliski Jr, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  7. [CGH04]
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  8. [CKP15]
    Canetti, R., Tauman Kalai, Y.T., Paneth, O.: On obfuscation with random oracles. Cryptology ePrint Archive, Report 2015/048 (2015).
  9. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  10. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS), pp. 40–49. IEEE (2013)Google Scholar
  11. [GKLM12]
    Goyal, V., Kumar, V., Lokam, S., Mahmoody, M.: On black-box reductions between predicate encryption schemes. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 440–457. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  12. [HL02]
    Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  13. [IR89]
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: ACM Symposium on Theory of Computing (STOC), pp. 44–61. ACM Press (1989)Google Scholar
  14. [LPS04]
    Lynn, B.Y.S., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  15. [McC90]
    McCurley, K.S.: The discrete logarithm problem. In: Proceedings of the AMS Symposia in Applied Mathematics: Computational Number Theory and Cryptography, pp. 49–74. American Mathematical Society (1990)Google Scholar
  16. [MMN+15]
    Mahmoody, M., Mohammed, A., Nematihaji, S., Pass, R., Shelat, A.: Lower bounds on assumptions behind indistinguishability obfuscation (2015, in Submission)Google Scholar
  17. [Pas15]
    Pass, R., Shelat, A.: Impossibility of vbb obfuscation with ideal constant-degree graded encodings. Cryptology ePrint Archive, Report 2015/383 (2015).
  18. [RTV04]
    Reingold, O., Trevisan, L., Vadhan, S.P.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  19. [Sho97]
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  20. [Wee05]
    Wee, H.: On obfuscating point functions. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 523–532. ACM (2005)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Mohammad Mahmoody
    • 1
  • Ameer Mohammed
    • 1
  • Soheil Nematihaji
    • 1
  1. 1.University of VirginiaCharlottesvilleUSA

Personalised recommendations