# Virtual Grey-Boxes Beyond Obfuscation: A Statistical Security Notion for Cryptographic Agents

## Abstract

We extend the simulation-based definition of Virtual Grey Box (VGB) security – originally proposed for obfuscation (Bitansky and Canetti 2010) – to a broad class of cryptographic primitives. These include functional encryption, graded encoding schemes, bi-linear maps (with über assumptions), as well as unexplored ones like homomorphic functional encryption.

Our main result is a characterization of VGB security, in all these cases, in terms of an *indistinguishability-preserving* notion of security, called \(\Gamma ^*\)-\(\textit{s-}{\textsf {IND}}\text{- }\!{\textsf {PRE}} \) security, formulated using an extension of the recently proposed *Cryptographic Agents* framework (Agrawal et al. 2015). We further show that this definition is equivalent to an indistinguishability based security definition that is restricted to “concentrated” distributions (wherein the outcome of any computation on encrypted data is essentially known ahead of the computation).

A result of Bitansky et al. (2014), who showed that VGB obfuscation is equivalent to strong indistinguishability obfuscation (SIO), is obtained by specializing our result to obfuscation. Our proof, while sharing various elements from the proof of Bitansky et al., is simpler and significantly more general, as it uses \(\Gamma ^*\)-\(\textit{s-}{\textsf {IND}}\text{- }\!{\textsf {PRE}} \) security as an intermediate notion. Our characterization also shows that the semantic security for graded encoding schemes (Pass et al. 2014), is in fact an instance of this same definition.

We also present a composition theorem for \(\Gamma ^*\)-\(\textit{s-}{\textsf {IND}}\text{- }\!{\textsf {PRE}} \) security. We can then recover the result of Bitansky et al. (2014) regarding the existence of VGB obfuscation for all \({\textsf {NC}}^{1}\) circuits, simply by instantiating this composition theorem with a reduction from obfuscation of \({\textsf {NC}}^{1}\) circuits to graded encoding schemas (Barak et al. 2014) and the assumption that there exists an \(\Gamma ^*\)-\(\textit{s-}{\textsf {IND}}\text{- }\!{\textsf {PRE}} \) secure scheme for the graded encoding schema (Pass et al. 2014).

## Notes

### Acknowledgments

This work was supported in part by NSF grant 12-28856. Part of this work was carried out while the authors were visiting the Simons Institute for Theoretical Computer Science, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant CNS 15-23467.

Part of this work was done when the first author was at the University of Illinois at Urbana-Champaign. At University of Texas at Austin, he is supported by NSF CNS-1228599, CNS-1414082 and DARPA SafeWare.

### References

- 1.Agrawal, S., Agrawal, S., Badrinarayanan, S., Kumarasubramanian, A., Prabhakaran, M., Sahai, A.: On the practical security of inner product functional encryption. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 777–798. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_35 Google Scholar
- 2.Agrawal, S., Agrawal, S., Prabhakaran, M.: Cryptographic agents: towards a unified theory of computing on encrypted data. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 501–531. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_17 Google Scholar
- 3.Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_28 CrossRefGoogle Scholar
- 4.Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_1 CrossRefGoogle Scholar
- 5.Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 221–238. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_13 CrossRefGoogle Scholar
- 6.Barbosa, M., Farshim, P.: On the semantic security of functional encryption schemes. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 143–161. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_10 CrossRefGoogle Scholar
- 7.Bellare, M., O’Neill, A.: Semantically-secure functional encryption: possibility results, impossibility results and the quest for a general definition. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 218–234. Springer, Heidelberg (2013)CrossRefGoogle Scholar
- 8.Bitansky, N., Canetti, R.: On strong simulation and composable point obfuscation. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 520–537. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_28 CrossRefGoogle Scholar
- 9.Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O.: On virtual grey box obfuscation for general circuits. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 108–125. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_7 CrossRefGoogle Scholar
- 10.Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_16 CrossRefGoogle Scholar
- 11.Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science. FOCS 2001 (2001)Google Scholar
- 12.De Caro, A., Iovino, V., Jain, A., O’Neill, A., Paneth, O., Persiano, G.: On the achievability of simulation-based security for functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 519–535. Springer, Heidelberg (2013)CrossRefGoogle Scholar
- 13.Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013). http://eprint.iacr.org/
- 14.Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science. FOCS 2005 (2005)Google Scholar
- 15.Goldwasser, S., Rothblum, G.N.: On best-possible obfuscation. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 194–213. Springer, Heidelberg (2007)CrossRefGoogle Scholar
- 16.Hada, S.: Zero-knowledge and code obfuscation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 443–457. Springer, Heidelberg (2000). doi: 10.1007/3-540-44448-3_34 CrossRefGoogle Scholar
- 17.Maurer, U.: Constructive cryptography - a new paradigm for security definitions and proofs. In: Theory of Security and Applications - Joint Workshop, TOSCA 2011, Saarbrücken, Germany, 31 March–1 April 2011, Revised Selected Papers, pp. 33–56 (2011). http://dx.doi.org/10.1007/978-3-642-27375-9_3
- 18.O’Neill, A.: Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556 (2010). http://eprint.iacr.org/
- 19.Pass, R., Seth, K., Telang, S.: Indistinguishability obfuscation from semantically-secure multilinear encodings. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 500–517. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_28 CrossRefGoogle Scholar