The Experts below are selected from a list of 31980 Experts worldwide ranked by ideXlab platform
Guy N. Rothblum - One of the best experts on this subject based on the ideXlab platform.
-
On Best-Possible Obfuscation
Journal of Cryptology, 2014Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is “unintelligible”. Obfuscation has applications for cryptography and for software protection. Barak et al. (CRYPTO 2001, pp. 1–18, 2001 ) initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation , where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation . Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak information that cannot be obtained from a black box. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: (1) A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. (2) A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the Polynomial-Time Hierarchy. (3) An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
-
TCC - On Best-Possible Obfuscation
Journal of Cryptology, 2013Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. (CRYPTO 2001, pp. 1---18, 2001) initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation. Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak information that cannot be obtained from a black box. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: (1) A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. (2) A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the Polynomial-Time Hierarchy. (3) An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
-
ASIACRYPT - Program Obfuscation with leaky hardware
Lecture Notes in Computer Science, 2011Co-Authors: Nir Bitansky, Ran Canetti, Shai Halevi, Shafi Goldwasser, Yael Tauman Kalai, Guy N. RothblumAbstract:We consider general program Obfuscation mechanisms using "somewhat trusted" hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties: (i) The Obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices. (ii) The number of hardware devices used in an Obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function's complexity. (iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple "software-based" Obfuscations sent by different vendors.
-
on best possible Obfuscation
Theory of Cryptography Conference, 2007Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation. Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak non black-box information. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: 1. A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. 2. A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the polynomial hierarchy. 3. An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
-
TCC - On best-possible Obfuscation
Theory of Cryptography, 2007Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation. Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak non black-box information. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: 1. A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. 2. A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the polynomial hierarchy. 3. An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
Shafi Goldwasser - One of the best experts on this subject based on the ideXlab platform.
-
On Best-Possible Obfuscation
Journal of Cryptology, 2014Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is “unintelligible”. Obfuscation has applications for cryptography and for software protection. Barak et al. (CRYPTO 2001, pp. 1–18, 2001 ) initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation , where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation . Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak information that cannot be obtained from a black box. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: (1) A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. (2) A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the Polynomial-Time Hierarchy. (3) An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
-
TCC - On Best-Possible Obfuscation
Journal of Cryptology, 2013Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. (CRYPTO 2001, pp. 1---18, 2001) initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation. Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak information that cannot be obtained from a black box. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: (1) A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. (2) A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the Polynomial-Time Hierarchy. (3) An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
-
ASIACRYPT - Program Obfuscation with leaky hardware
Lecture Notes in Computer Science, 2011Co-Authors: Nir Bitansky, Ran Canetti, Shai Halevi, Shafi Goldwasser, Yael Tauman Kalai, Guy N. RothblumAbstract:We consider general program Obfuscation mechanisms using "somewhat trusted" hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties: (i) The Obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices. (ii) The number of hardware devices used in an Obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function's complexity. (iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple "software-based" Obfuscations sent by different vendors.
-
on best possible Obfuscation
Theory of Cryptography Conference, 2007Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation. Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak non black-box information. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: 1. A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. 2. A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the polynomial hierarchy. 3. An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
-
TCC - On best-possible Obfuscation
Theory of Cryptography, 2007Co-Authors: Shafi Goldwasser, Guy N. RothblumAbstract:An obfuscator is a compiler that transforms any program (which we will view in this work as a boolean circuit) into an obfuscated program (also a circuit) that has the same input-output functionality as the original program, but is "unintelligible". Obfuscation has applications for cryptography and for software protection. Barak et al. initiated a theoretical study of Obfuscation, which focused on black-box Obfuscation, where the obfuscated circuit should leak no information except for its (black-box) input-output functionality. A family of functionalities that cannot be obfuscated was demonstrated. Subsequent research has showed further negative results as well as positive results for obfuscating very specific families of circuits, all with respect to black box Obfuscation. This work is a study of a new notion of Obfuscation, which we call best-possible Obfuscation. Best possible Obfuscation makes the relaxed requirement that the obfuscated program leaks as little information as any other program with the same functionality (and of similar size). In particular, this definition allows the program to leak non black-box information. Best-possible Obfuscation guarantees that any information that is not hidden by the obfuscated program is also not hidden by any other similar-size program computing the same functionality, and thus the Obfuscation is (literally) the best possible. In this work we study best-possible Obfuscation and its relationship to previously studied definitions. Our main results are: 1. A separation between black-box and best-possible Obfuscation. We show a natural Obfuscation task that can be achieved under the best-possible definition, but cannot be achieved under the black-box definition. 2. A hardness result for best-possible Obfuscation, showing that strong (information-theoretic) best-possible Obfuscation implies a collapse in the polynomial hierarchy. 3. An impossibility result for efficient best-possible (and black-box) Obfuscation in the presence of random oracles. This impossibility result uses a random oracle to construct hard-to-obfuscate circuits, and thus it does not imply impossibility in the standard model.
Stephen Drape - One of the best experts on this subject based on the ideXlab platform.
-
Intellectual Property Protection using Obfuscation
2010Co-Authors: Stephen DrapeAbstract:1 Definitions of Code Obfuscation 3 1.1 Collberg et al . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Barak et al . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3 Assertion Obfuscations . . . . . . . . . . . . . . . . . . . . . . 7 1.4 Slicing Obfuscations . . . . . . . . . . . . . . . . . . . . . . . 7 1.5 Using Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
-
SAS - Creating Transformations for Matrix Obfuscation
Static Analysis, 2009Co-Authors: Stephen Drape, Irina VoiculescuAbstract:There are many programming situations where it would be convenient to conceal the meaning of code, or the meaning of certain variables. This can be achieved through program transformations which are grouped under the term Obfuscation . Obfuscation is one of a number of techniques that can be employed to protect sensitive areas of code. This paper presents Obfuscation methods for the purpose of concealing the meaning of matrices by changing the pattern of the elements. We give two separate methods: one which, through splitting a matrix, changes its size and shape, and one which, through a change of basis in a ring of polynomials, changes the values of the matrix and any patterns formed by these. Furthermore, the paper illustrates how matrices can be used in order to obfuscate a scalar value. This is an improvement on previous methods for matrix Obfuscation because we will provide a range of techniques which can be used in concert. This paper considers Obfuscations as data refinements. Thus we consider Obfuscations at a more abstract level without worrying about implementation issues. For our Obfuscations, we can construct proofs of correctness easily. We show how the refinement approach enables us to generalise and combine existing Obfuscations. We then evaluate our methods by considering how our Obfuscations perform under certain relevant program analysis-based attacks.
-
The Suitability of Different Binary Tree Obfuscations
2007Co-Authors: Stephen DrapeAbstract:An Obfuscation aims to transform a program, without affecting the functionality, so that some secret information within the program can be hidden for as long as possible from an adversary. Proving that an obfuscating transform is correct (i.e. it preserves functionality) is considered to be a challenging task. We use data refinement to specify data Obfuscations, model our operations using the functional language Haskell and consider obfuscating abstract data-types. This approach allows us to prove properties, including correctness, of our operations easily. In this paper our focus is on how to obfuscate a data-type of binary trees for which we specify a set of operations and a list of properties that these operations satisfy. We consider different tree transformations and discuss their suitability as Obfuscations. In particular we show what our tree operations would be like under these different transformations. We also discuss various ways of defining obfuscated operations including the use of folds and unfolds and how we can exploit properties of Haskell to add extra confusion in our obfuscated definitions.
-
Design and Evaluation of Slicing Obfuscations
2007Co-Authors: Stephen DrapeAbstract:The goal of Obfuscation is to transform a program, without affecting its functionality, so that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks. We show in this paper how we can utilise the information gained from slicing a program to aid us in designing Obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results.
-
Generalising the array split Obfuscation
Information Sciences, 2007Co-Authors: Stephen DrapeAbstract:Abstract An Obfuscation is a behaviour-preserving program transformation whose aim is to make a program “harder to understand”. Obfuscations are mainly applied to make reverse engineering of object-oriented programs more difficult. In this paper, we propose a fresh approach by obfuscating abstract data-types allowing us to develop structure-dependent Obfuscations that would otherwise (traditionally) not be available. We regard Obfuscation as data refinement enabling us to produce equations for proving correctness. We model the data-type operations as functional programs making our proofs easy to construct. We show how we can generalise an imperative Obfuscation – an array split – so that we can apply it to abstract data-types and we give specific examples for lists and matrices. We develop a theorem which allows us, under certain conditions, to produce obfuscated operations directly. Our approach also allows us to produce random Obfuscations and we give an example for our list data-type.
Amit Sahai - One of the best experts on this subject based on the ideXlab platform.
-
annihilation attacks for multilinear maps cryptanalysis of indistinguishability Obfuscation over ggh13
International Cryptology Conference, 2016Co-Authors: Eric Miles, Amit Sahai, Mark ZhandryAbstract:In this work, we present a new class of polynomial-time attacks on the original multilinear maps of Garg, Gentry, and Halevi 2013. Previous polynomial-time attacks on GGH13 were "zeroizing" attacks that generally required the availability of low-level encodings of zero. Most significantly, such zeroizing attacks were not applicable to candidate indistinguishability Obfuscation iO schemes. iO has been the subject of intense study. To address this gap, we introduce annihilation attacks, which attack multilinear maps using non-linear polynomials. Annihilation attacks can work in situations where there are no low-level encodings of zero. Using annihilation attacks, we give the first polynomial-time cryptanalysis of candidate iO schemes over GGH13. More specifically, we exhibit two simple programs that are functionally equivalent, and show how to efficiently distinguish between the Obfuscations of these two programs. Given the enormous applicability of iO, it is important to devise iO schemes that can avoid attack. We discuss some initial directions for safeguarding against annihilating attacks.
-
candidate indistinguishability Obfuscation and functional encryption for all circuits
SIAM Journal on Computing, 2016Co-Authors: Sanjam Garg, Amit Sahai, Craig Gentry, Shai Halevi, Mariana Raykova, Brent WatersAbstract:In this work, we study indistinguishability Obfuscation and functional encryption for general circuits: Indistinguishability Obfuscation requires that given any two equivalent circuits $C_0$ and $C_1$ of similar size, the Obfuscations of $C_0$ and $C_1$ should be computationally indistinguishable. In functional encryption, ciphertexts encrypt inputs $x$ and keys are issued for circuits $C$. Using the key $\mathrm{SK}_C$ to decrypt a ciphertext $\mathrm{CT}_x={\sf Enc}(x)$ yields the value $C(x)$ but does not reveal anything else about $x$. Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability Obfuscation and functional encryption that supports all polynomial-size circuits. We accomplish this goal in three steps: (1) We describe a candidate construction for indistinguishability Obfuscation for $\mathbf{NC}^1$ circuits. The security of this construction is based on a new al...
-
public coin differing inputs Obfuscation and its applications
Theory of Cryptography Conference, 2015Co-Authors: Yuval Ishai, Omkant Pandey, Amit SahaiAbstract:Differing inputs Obfuscation (diO) is a strengthening of indistinguishability Obfuscation (iO) that has recently found applications to improving the efficiency and generality of Obfuscation, functional encryption, and related primitives. Roughly speaking, a diO scheme ensures that the Obfuscations of two efficiently generated programs are indistinguishable not only if the two programs are equivalent, but also if it is hard to find an input on which their outputs differ. The above “indistinguishability” and “hardness” conditions should hold even in the presence of an auxiliary input that is generated together with the programs.
-
candidate indistinguishability Obfuscation and functional encryption for all circuits
Foundations of Computer Science, 2013Co-Authors: Sanjam Garg, Amit Sahai, Craig Gentry, Shai Halevi, Mariana Raykova, Brent WatersAbstract:In this work, we study indistinguishability Obfuscation and functional encryption for general circuits: Indistinguishability Obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the Obfuscations of C0 and C1 should be computationally indistinguishable. In functional encryption, cipher texts encrypt inputs x and keys are issued for circuits C. Using the key SKC to decrypt a cipher text CTx = Enc(x), yields the value C(x) but does not reveal anything else about x. Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability Obfuscation and functional encryption that supports all polynomial-size circuits. We accomplish this goal in three steps: - (1) We describe a candidate construction for indistinguishability Obfuscation for NC1 circuits. The security of this construction is based on a new algebraic hardness assumption. The candidate and assumption use a simplified variant of multilinear maps, which we call Multilinear Jigsaw Puzzles. (2) We show how to use indistinguishability Obfuscation for NC1 together with Fully Homomorphic Encryption (with decryption in NC1) to achieve indistinguishability Obfuscation for all circuits. (3) Finally, we show how to use indistinguishability Obfuscation for circuits, public-key encryption, and non-interactive zero knowledge to achieve functional encryption for all circuits. The functional encryption scheme we construct also enjoys succinct cipher texts, which enables several other applications.
-
candidate indistinguishability Obfuscation and functional encryption for all circuits
IACR Cryptology ePrint Archive, 2013Co-Authors: Sanjam Garg, Amit Sahai, Craig Gentry, Shai Halevi, Mariana Raykova, Brent WatersAbstract:In this work, we study indistinguishability Obfuscation and functional encryption for general circuits: Indistinguishability Obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the Obfuscations of C0 and C1 should be computationally indistinguishable. In functional encryption, ciphertexts encrypt inputs x and keys are issued for circuits C. Using the key SKC to decrypt a ciphertext CTx = Enc(x), yields the value C(x) but does not reveal anything else about x. Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability Obfuscation and functional encryption that supports all polynomial-size circuits. We accomplish this goal in three steps: • We describe a candidate construction for indistinguishability Obfuscation for NC circuits. The security of this construction is based on a new algebraic hardness assumption. The candidate and assumption use a simplified variant of multilinear maps, which we call Multilinear Jigsaw Puzzles. • We show how to use indistinguishability Obfuscation for NC together with Fully Homomorphic Encryption (with decryption in NC) to achieve indistinguishability Obfuscation for all circuits. • Finally, we show how to use indistinguishability Obfuscation for circuits, public-key encryption, and non-interactive zero knowledge to achieve functional encryption for all circuits. The functional encryption scheme we construct also enjoys succinct ciphertexts, which enables several other applications. The first and fifth authors were supported in part from NSF grants 1228984, 1136174, 1118096, 1065276, 0916574 and 0830803, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. The views expressed are those of the author and do not reflect the official policy or position of the National Science Foundation, or the U.S. Government. The second and third authors were supported by the Intelligence Advanced Research Projects Activity (IARPA) via Department of Interior National Business Center (DoI/NBC) contract number D11PC20202. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. Disclaimer: The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of IARPA, DoI/NBC, or the U.S. Government. The fourth author is supported by NSF Grant No.1017660. The sixth author is supported by NSF CNS-0915361 and CNS-0952692, CNS-1228599, DARPA N11AP20006, Google Faculty Research award, the Alfred P. Sloan Fellowship, Microsoft Faculty Fellowship, and Packard Foundation Fellowship.
Ran Canetti - One of the best experts on this subject based on the ideXlab platform.
-
Obfuscation of probabilistic circuits and applications
Theory of Cryptography Conference, 2015Co-Authors: Ran Canetti, Huijia Lin, Stefano Tessaro, Vinod VaikuntanathanAbstract:This paper studies the question of how to define, construct, and use obfuscators for probabilistic programs. Such obfuscators compile a possibly randomized program into a deterministic one, which achieves computationally indistinguishable behavior from the original program as long as it is run on each input at most once. For Obfuscation, we propose a notion that extends indistinguishability Obfuscation to probabilistic circuits: It should be hard to distinguish between the Obfuscations of any two circuits whose output distributions at each input are computationally indistinguishable, possibly in presence of some auxiliary input. We call the resulting notion probabilistic indistinguishability Obfuscation (pIO).
-
Obfuscation of Probabilistic Circuits and Applications.
IACR Cryptology ePrint Archive, 2014Co-Authors: Ran Canetti, Huijia Lin, Stefano Tessaro, Vinod VaikuntanathanAbstract:This paper studies the question of how to define, construct, and use obfuscators for probabilistic programs. Such obfuscators compile a possibly randomized program into a deterministic one, which achieves computationally indistinguishable behavior from the original program as long as it is run on each input at most once. For Obfuscation, we propose a notion that extends indistinguishability Obfuscation to probabilistic circuits: It should be hard to distinguish between the Obfuscations of any two circuits whose output distributions at each input are computationally indistinguishable, possibly in presence of some auxiliary input. We call the resulting notion probabilistic indistinguishability Obfuscation (pIO). We define several variants of pIO, using different approaches to formalizing the above security requirement, and study non-trivial relations among them. Moreover, we give a construction of one of our pIO variants from sub-exponentially hard indistinguishability Obfuscation (for deterministic circuits) and one-way functions, and conjecture this construction to be a good candidate for other pIO variants. We then move on to show a number of applications of pIO: • We give a general and natural methodology to achieve leveled homomorphic encryption (LHE) from variants of semantically secure encryption schemes and of pIO. In particular, we propose instantiations from lossy and re-randomizable encryption schemes, assuming the two weakest notions of pIO. • We enhance the above constructions to obtain a full-fledged (i.e., non-leveled) FHE scheme under the same (or slightly stronger) assumptions. In particular, this constitutes the first construction of full-fledged FHE that does not rely on encryption with circular security. • Finally, we show that assuming sub-exponentially secure puncturable PRFs computable in NC, sub-exponentially-secure indistinguishability Obfuscation for (deterministic) NC circuits can be bootstrapped to obtain indistinguishability Obfuscation for arbitrary (deterministic) poly-size circuits. ∗Boston University and Tel Aviv University, canetti@bu.edu †UC Santa Barbara, rachel.lin@cs.ucsb.edu ‡UC Santa Barbara, tessaro@cs.ucsb.edu §MIT CSAIL, vinodv@csail.mit.edu
-
ASIACRYPT - Program Obfuscation with leaky hardware
Lecture Notes in Computer Science, 2011Co-Authors: Nir Bitansky, Ran Canetti, Shai Halevi, Shafi Goldwasser, Yael Tauman Kalai, Guy N. RothblumAbstract:We consider general program Obfuscation mechanisms using "somewhat trusted" hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties: (i) The Obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices. (ii) The number of hardware devices used in an Obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function's complexity. (iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple "software-based" Obfuscations sent by different vendors.
