2 research outputs found
Shorter Circuit Obfuscation in Challenging Security Models
The study of program obfuscation is seeing great progress in recent years,
which is crucially attributed to the introduction of graded encoding schemes
by Garg, Gentry and Halevi (Eurocrypt 2013). In such schemes, elements of a
ring can be encoded such that the content of the encoding is hidden, but
restricted algebraic manipulations, followed by zero-testing, can be performed
publicly. This primitive currently underlies all known constructions of
general-purpose obfuscators.
However, the security properties of the current candidate graded encoding
schemes are not well understood, and new attacks frequently introduced. It is
therefore important to assume as little as possible about the security of the
graded encoding scheme, and use as conservative security models as possible.
This often comes at a cost of reducing the efficiency or the functionality of
the obfuscator.
In this work, we present a candidate obfuscator, based on composite-order
graded encoding schemes, which obfuscates circuits directly a la Zimmerman
(Eurocrypt 2015) and Applebaum-Brakerski (TCC 2015). Our construction requires
a graded encoding scheme with only ``plaintext slots\u27\u27 (= sub-rings of the
underlying ring), which is directly related to the size and complexity of the
obfuscated program. We prove that our obfuscator is superior to previous works
in two different security models.
1. We prove that our obfuscator is indistinguishability-secure (iO) in the
\emph{Unique Representation Generic Graded Encoding} model. Previous works
either required a composite-order scheme with polynomially many slots, or were
provable in a milder security model. This immediately translates to a
polynomial improvement in efficiency, and shows that improved security does
not come at the cost of efficiency in this case.
2. Following Badrinarayanan et al.\ (Eurocrypt 2016), we consider a model
where finding any ``non-trivial\u27\u27 encoding of zero breaks the security of the
encoding scheme. We show that, perhaps surprisingly, secure obfuscation is
possible in this model even for some classes of \emph{non-evasive functions}
(for example, any class of conjunctions). We define the property required of
the function class, formulate an appropriate (generic) security model, and
prove that our aforementioned obfuscator is virtual-black-box (VBB) secure in
this model
The Birth of Cryptographic Obfuscation -- A Survey
The first candidate indistinguishability obfuscator (iO) of Garg et al. (FOCS 2013) changed the previously pessimistic attitude towards general-purpose cryptographic obfuscation. The potential realizability of such a powerful tool motivated a plethora of applications, including solutions for long-standing open problems, from almost all areas of cryptography. At the same time, the question of whether iO is realizable under standard assumptions is still open. In this work, we review the rapid development of candidate constructions and organize the results of the first four years since the breakthrough. Our goal is to give a bird\u27s-eye view of the infancy of cryptographic obfuscation, providing insight into the most important ideas and techniques