On Statistically Secure Obfuscation with Approximate Correctness

  • Zvika Brakerski
  • Christina Brzuska
  • Nils Fleischhacker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9815)

Abstract

Goldwasser and Rothblum (TCC ’07) prove that statistical indistinguishability obfuscation (iO) cannot exist if the obfuscator must maintain perfect correctness (under a widely believed complexity theoretic assumption: \(\mathcal {NP}\not \subseteq \mathcal {SZK}\subseteq \mathcal {AM}\cap \mathbf {co}\mathcal {AM}\)). However, for many applications of iO, such as constructing public-key encryption from one-way functions (one of the main open problems in theoretical cryptography), approximate correctness is sufficient. It had been unknown thus far whether statistical approximate iO (saiO) can exist.

We show that saiO does not exist, even for a minimal correctness requirement, if \(\mathcal {NP}\not \subseteq \mathcal {AM}\cap \mathbf {co}\mathcal {AM}\), and if one-way functions exist. A simple complementary observation shows that if one-way functions do not exist, then average-case saiO exists. Technically, previous approaches utilized the behavior of the obfuscator on evasive functions, for which saiO always exists. We overcome this barrier by using a PRF as a “baseline” for the obfuscated program.

We broaden our study and consider relaxed notions of security for iO. We introduce the notion of correlation obfuscation, where the obfuscations of equivalent circuits only need to be mildly correlated (rather than statistically indistinguishable). Perhaps surprisingly, we show that correlation obfuscators exist via a trivial construction for some parameter regimes, whereas our impossibility result extends to other regimes. Interestingly, within the gap between the parameters regimes that we show possible and impossible, there is a small fraction of parameters that still allow to build public-key encryption from one-way functions and thus deserve further investigation.

References

  1. 1.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)Google Scholar
  2. 2.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    Bitansky, N., Paneth, O.: On the impossibility of approximate obfuscation and applications to resettable cryptography. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th Annual ACM Symposium on Theory of Computing, Palo Alto, CA, USA, 1–4 June 2013, pp. 241–250. ACM Press (2013)Google Scholar
  4. 4.
    Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation: from approximate to exact. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016-A. LNCS, vol. 9562, pp. 67–95. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49096-9_4 CrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Lee, C.H.: Limits of provable security for homomorphic encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 111–128. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501–519. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Kalai, Y.T., Paneth, O.: On Obfuscation with random oracles. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 456–467. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  9. 9.
    Diffie, W., Hellman, M.E.: Multiuser cryptographic techniques. In: American Federation of Information Processing Societies, 1976 National Computer Conference. AFIPS Conference Proceedings, New York, NY, USA, 7–10 June 1976, vol. 45, pp. 109–112. AFIPS Press (1976)Google Scholar
  10. 10.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th Annual Symposium on Foundations of Computer Science, Berkeley, CA, USA, 26–29 October 2013, pp. 40–49. IEEE Computer Society Press (2013)Google Scholar
  11. 11.
    Goldreich, O.: Computational Complexity - A Conceptual Perspective. Cambridge University Press, Cambridge (2008)CrossRefMATHGoogle Scholar
  12. 12.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions (extended abstract). In: 25th Annual Symposium on Foundations of Computer Science, Singer Island, Florida, 24–26 October 1984, pp. 464–479. IEEE Computer Society Press (1984)Google Scholar
  13. 13.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Goldwasser, S., Rothblum, G.N.: On best-possible obfuscation. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 194–213. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Goldwasser, S., Rothblum, G.N.: On best-possible obfuscation. J. Cryptology 27(3), 480–505 (2014)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Hada, S., Sakurai, K.: A note on the (im)possibility of using obfuscators to transform private-key encryption into public-key encryption. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Holenstein, T.: Strengthening Key Agreement Using Hard-Core Sets. Ph.D. thesis, ETH Zurich (2006)Google Scholar
  19. 19.
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography (extended abstract). In: 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, 30 October - 1 November 1989, pp. 230–235. IEEE Computer Society Press (1989)Google Scholar
  20. 20.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st Annual ACM Symposium on Theory of Computing, Seattle, Washington, USA, 15–17 May 1989, pp. 44–61. ACM Press (1989)Google Scholar
  21. 21.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 8–26. Springer, Heidelberg (1990)Google Scholar
  22. 22.
    Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 13, 20th Conference on Computer and Communications Security, Berlin, Germany, 4–8 November 2013, pp. 669–684. ACM Press (2013)Google Scholar
  23. 23.
    Komargodski, I., Moran, T., Naor, M., Pass, R., Rosen, A., Yogev, E.: One-way functions and (im)perfect obfuscation. In: 55th Annual Symposium on Foundations of Computer Science, Philadelphia, PA, USA, 18–21 October 2014, pp. 374–383. IEEE Computer Society Press (2014)Google Scholar
  24. 24.
    Lin, H., Pass, R., Seth, K., Telang, S.: Output-compressing randomized encodings and applications. Cryptology ePrint Archive, Report 2015/720 (2015). http://eprint.iacr.org/2015/720
  25. 25.
    Mahmoody, M., Mohammed, A., Nematihaji, S.: On the impossibility of virtual black-box obfuscation in idealized models. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016-A. LNCS, vol. 9562, pp. 18–48. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49096-9_2 CrossRefGoogle Scholar
  26. 26.
    Mahmoody, M., Mohammed, A., Nematihaji, S., Pass, R., Shelat, A.: Lower bounds on assumptions behind indistinguishability obfuscation. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016-A. LNCS, vol. 9562, pp. 49–66. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49096-9_3 CrossRefGoogle Scholar
  27. 27.
    Mahmoody, M., Xiao, D.: On the power of randomized reductions and the checkability of SAT. In: Proceedings of the 25th Annual IEEE Conference on Computational Complexity, CCC 2010, Cambridge, Massachusetts, 9–12 June 2010, pp. 64–75. IEEE Computer Society (2010)Google Scholar
  28. 28.
    Pass, R., Shelat, A.: Impossibility of VBB obfuscation with ideal constant-degree graded encodings. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016-A. LNCS, vol. 9562, pp. 3–17. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49096-9_1 CrossRefGoogle Scholar
  29. 29.
    Sahai, A., Vadhan, S.P.: A complete promise problem for statistical zero-knowledge. In: 38th Annual Symposium on Foundations of Computer Science, Miami Beach, Florida, 19–22 October 1997, pp. 448–457. IEEE Computer Society Press (1997)Google Scholar
  30. 30.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th Annual ACM Symposium on Theory of Computing, New York, NY, USA, 31 May - 3 June 2014, pp. 475–484. ACM Press (2014)Google Scholar
  31. 31.
    Leslie, G.: Valiant.: a theory of the learnable. Commun. ACM 27(11), 1134–1142 (1984)CrossRefGoogle Scholar
  32. 32.
    Valiant, L.G., Vazirani, V.V.: NP is as easy as detecting unique solutions. In: Sedgewick, R. (ed.) 17th Annual ACM Symposium on Theory of Computing, Providence, Rhode Island, USA, 6–8 May 1985, pp. 458–463. ACM Press (1985)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Zvika Brakerski
    • 1
  • Christina Brzuska
    • 2
  • Nils Fleischhacker
    • 3
  1. 1.Weizmann Institute of ScienceRehovotIsrael
  2. 2.Technical University of HamburgHamburgGermany
  3. 3.CISPASaarland UniversitySaarbrückenGermany

Personalised recommendations