Obfuscating Low-Rank Matrix Branching Programs

In this work, we seek to extend the capabilities of the “core obfuscator” from the work of Garg, Gentry, Halevi, Raykova, Sahai, and Waters (FOCS 2013), and all subsequent works constructing general-purpose obfuscators. This core obfuscator builds upon approximate multilinear maps, and applies to matrix branching programs. All previous works, however, limited the applicability of such core obfuscators to matrix branching programs where each matrix was of full rank. As we illustrate by example, this limitation is quite problematic, and intuitively limits the core obfuscator to obfuscating matrix branching programs that cannot “forget.” At a technical level, this limitation arises in previous work because all previous work relies on Kilian’s statistical simulation theorem, which is false when applied to matrices not of full rank. In our work, we build the first core obfuscator that can apply to matrix branching programs where matrices can be of arbitrary rank. We prove security of our obfuscator in the generic multilinear model, demonstrating a new proof technique that bypasses Kilian’s statistical simulation theorem. Furthermore, our obfuscator achieves two other notable advances over previous work: - Our construction allows for non-square matrices of arbitrary dimensions. We also show that this flexibility yields concrete efficiency gains. - Our construction allows for a single obfuscation to yield multiple bits of output. All previous work yielded only one bit of output. Our work leads to significant efficiency gains for obfuscation. Furthermore, our work can be applied to achieve efficiency gains even in applications not directly using obfuscation

Block cipher based Public Key Encryption viaIndistinguishability Obfuscation

The article is devoted to generation techniques of thenew public key crypto-systems, which are based on applicationof indistinguishability obfuscation methods to selected privatekey crypto-systems. The techniques are applied to symmetrickey crypto-system and the target system is asymmetric one.As an input for our approach an implementation of symmetricblock cipher with a given private-key is considered. Differentobfuscation methods are subjected to processing. The targetsystem would be treated as a public-key for newly createdpublic crypto-system. The approach seems to be interestingfrom theoretical point of view. Moreover, it can be useful forinformation protection in a cloud-computing model

Obfuscation without Multilinear Maps

Known methods for obfuscating a circuit need to represent the circuit as a branching program and then use a multilinear map to encrypt the branching program. Multilinear maps are, however, too inefficient for encrypting the branching program. We found a dynamic encoding method which effectively singles out different inputs in the context of the matrix randomization technique of Kilian and Gentry et al., so that multilinear maps are no longer needed. To make the method work, we need the branching programs to be regular. For such branching programs, we also give most efficient constructions for NC1 circuits. This results in a much more efficient core obfuscator for NC1 circuits

Implementing Cryptographic Program Obfuscation

Program obfuscation is the process of making a program unintelligible without changing the program\u27s underlying input/output behavior. Although there is a long line of work on heuristic techniques for obfuscation, such approaches do not provide any cryptographic guarantee on their effectiveness. A recent result by Garg et al. (FOCS 2013), however, shows that cryptographic program obfuscation is indeed possible based on a new primitive called a \emph{graded encoding scheme}. In this work, we present the first implementation of such an obfuscator. We describe several challenges and optimizations we made along the way, present a detailed evaluation of our implementation, and discuss research problems that need to be addressed before such obfuscators can be used in practice

On the Equivalence of Obfuscation and Multilinear Maps

Garg et al. [FOCS 2013] showed how to construct indistinguishability obfuscation (iO) from a restriction of cryptographic multilinear maps called Multilinear Jigsaw Puzzles. Since then, a number of other works have shown constructions and security analyses for iO from different abstractions of multilinear maps. However, the converse question --- whether some form of multilinear maps follows from iO --- has remained largely open. We offer an abstraction of multilinear maps called Polynomial Jigsaw Puzzles, and show that iO for circuits implies Polynomial Jigsaw Puzzles. This implication is unconditional: no additional assumptions, such as one-way functions, are needed. Furthermore, we show that this abstraction of Polynomial Jigsaw Puzzles is sufficient to construct iO for NC1, thus showing a near-equivalence of these notions

How Fast Can We Obfuscate Using Ideal Graded Encoding Schemes

In this work, we present a new obfuscator using a Graded Encoding Scheme (GES) with a binary slot. We characterize a class of circuits taking locally keyed input (each input bit of the circuit is a keyed function over c>1 bits of a binary-variable vector X of length n, where c is called the locality), called ideal functions, such that any function of algebraic degree d (called d-function) over them, can be obfuscated with multilinearity \mu=(d+1)n/c. Next we show that obfuscation of a general circuit C can be bootstrapped by O(n)-functions (the circuit (called RE) composing a garbled circuit (GC) with a pseudorandom function (PRF)), following an approach similar to that of Zimmerman and Applebaum et al., assuming PRF (or more precisely RE) exists among d-functions with constant d. To instantiate the above scheme, we achieve the following: 1. A concrete GC of algebraic degree 3 over its random bits, which has output size no more than 20\lambda|C| and random tape length about 10\lambda|C|, where \lambda is the security parameter, |C| denotes the number of gates of the circuit C. 2. A candidate d-function construction, where we argue that d=1 suffices to stop linear distinguishing attacks and d=2 seems enough for fully secure PRF. 3. Instantiation of the GES with a simplified version of the CLT multilinear map, and various techniques that further reduce \mu of the core obfuscator cost-equivalently to dn/(2c)+1 in cases of our interest. If we replace the PRF with d-functions, then we get various heuristic obfuscation-friendly REs, and thus general obfuscators with explicit complexities. For the most optimistic choice, we have \mu=1.5n\u27/c +2.5, n\u27\approx n+\log |C|+\log \lambda, n is the number of input bits of C, and c is a selectable constant which result in a {2^c}/{c} times increase of the key size of the RE. Our general obfuscator is VBB secure assuming that our RE is secure and our simplified CLT map is a secure instantiation of our GES (defined relative to known attacks). We leave these assumptions with concrete parameter sets as open challenges. We illustrate the efficiency of our methods with some examples: 1. Our obfuscated AES (c=13, \mu=20.5) has code size <1.5\times 10^{17} bits, whereas no implementable solution is known prior to this work. 2. We can practically obfuscate conjunction functions for n=64, while the latest implementation can only handle n=32 with comparable resources. We also verify the security against algebraic attacks in this example

Semantically Secure Order-Revealing Encryption: Multi-Input Functional Encryption Without Obfuscation

Deciding greater-than relations among data items just given their encryptions is at the heart of search algorithms on encrypted data, most notably, non-interactive binary search on encrypted data. Order-preserving encryption provides one solution, but provably provides only limited security guarantees. Two-input functional encryption is another approach, but requires the full power of obfuscation machinery and is currently not implementable. We construct the first implementable encryption system supporting greater-than comparisons on encrypted data that provides the best-possible semantic security. In our scheme there is a public algorithm that given two ciphertexts as input, reveals the order of the corresponding plaintexts and nothing else. Our constructions are inspired by obfuscation techniques, but do not use obfuscation. For example, to compare two 16-bit encrypted values (e.g., salaries or age) we only need a 9-way multilinear map. More generally, comparing $k$-bit values requires only a $(k/2+1)$-way multilinear map. The required degree of multilinearity can be further reduced, but at the cost of increasing ciphertext size. Beyond comparisons, our results give an implementable secret-key multi-input functional encryption scheme for functionalities that can be expressed as (generalized) branching programs of polynomial length and width. Comparisons are a special case of this class, where for $k$-bit inputs the branching program is of length $k+1$ and width $4$