Counterexamples to New Circular Security Assumptions Underlying iO

We study several strengthening of classical circular security assumptions which were recently introduced in four new lattice-based constructions of indistinguishability obfuscation: Brakerski-Döttling-GargMalavolta (Eurocrypt 2020), Gay-Pass (STOC 2021), Brakerski-DöttlingGarg-Malavolta (Eprint 2020) and Wee-Wichs (Eprint 2020). We provide explicit counterexamples to the 2-circular shielded randomness leakage assumption w.r.t. the Gentry-Sahai-Waters fully homomorphic encryption scheme proposed by Gay-Pass, and the homomorphic pseudorandom LWE samples conjecture proposed by Wee-Wichs. Our work suggests a separation between classical circular security of the kind underlying un-levelled fully-homomorphic encryption from the strengthened versions underlying recent iO constructions, showing that they are not (yet) on the same footing. Our counterexamples exploit the flexibility to choose specific implementations of circuits, which is explicitly allowed in the Gay-Pass assumption and unspecified in the Wee-Wichs assumption. Their indistinguishabilty obfuscation schemes are still unbroken. Our work shows that the assumptions, at least, need refinement. In particular, generic leakage-resilient circular security assumptions are delicate, and their security is sensitive to the specific structure of the leakages involved.

[1]  Ron Rothblum,et al.  On the Circular Security of Bit-Encryption , 2013, TCC.

[2]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[3]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[4]  Shweta Agrawal,et al.  Indistinguishability Obfuscation Without Maps: Attacks and Fixes for Noisy Linear FE , 2020, IACR Cryptol. ePrint Arch..

[5]  David Cash,et al.  Cryptographic Agility and Its Relation to Circular Encryption , 2010, EUROCRYPT.

[6]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[7]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[8]  Amit Sahai,et al.  Indistinguishability Obfuscation Without Multilinear Maps: New Paradigms via Low Degree Weak Pseudorandomness and Security Amplification , 2019, IACR Cryptol. ePrint Arch..

[9]  Amit Sahai,et al.  Indistinguishability Obfuscation from Simple-to-State Hard Problems: New Assumptions, New Techniques, and Simplification , 2020, IACR Cryptol. ePrint Arch..

[10]  Brent Waters,et al.  Separations in Circular Security for Arbitrary Length Key Cycles , 2015, TCC.

[11]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[12]  Matthew Green,et al.  New Definitions and Separations for Circular Security , 2012, Public Key Cryptography.

[13]  Daniel Wichs,et al.  Obfuscating Compute-and-Compare Programs under LWE , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[14]  Brent Waters,et al.  Circular Security Separations for Arbitrary Length Cycles from LWE , 2016, CRYPTO.

[15]  Zvika Brakerski,et al.  Candidate iO from Homomorphic Encryption Schemes , 2020, Journal of Cryptology.

[16]  Matthew Green,et al.  CPA and CCA-Secure Encryption Systems that are not 2-Circular Secure , 2010, IACR Cryptol. ePrint Arch..

[17]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[18]  Shweta Agrawal,et al.  Indistinguishability Obfuscation Without Multilinear Maps: New Methods for Bootstrapping and Instantiation , 2019, EUROCRYPT.

[19]  Amit Sahai,et al.  Indistinguishability Obfuscation from Well-Founded Assumptions , 2020, IACR Cryptol. ePrint Arch..

[20]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2011, Studies in Complexity and Cryptography.

[21]  Shai Halevi,et al.  Four Round Secure Computation Without Setup , 2017, TCC.

[22]  Amit Sahai,et al.  How to leverage hardness of constant-degree expanding polynomials over ℝ to build iO , 2018, IACR Cryptol. ePrint Arch..

[23]  Eric Miles,et al.  Secure Obfuscation in a Weak Multilinear Map Model , 2016, TCC.

[24]  Craig Gentry,et al.  Obfuscation using Tensor Products , 2018, Electron. Colloquium Comput. Complex..

[25]  Amit Sahai,et al.  Indistinguishability Obfuscation Without Multilinear Maps: iO from LWE, Bilinear Maps, and Weak Pseudorandomness , 2018, IACR Cryptol. ePrint Arch..

[26]  Huijia Lin,et al.  Pseudo Flawed-Smudging Generators and Their Application to Indistinguishability Obfuscation , 2018, IACR Cryptol. ePrint Arch..

[27]  Matthew Green,et al.  Correlation-Resistant Storage via Keyword-Searchable Encryption , 2005, IACR Cryptol. ePrint Arch..

[28]  Amit Sahai,et al.  How to Leverage Hardness of Constant-Degree Expanding Polynomials over \mathbb R R to build i풪 i O , 2019, EUROCRYPT.

[29]  Brent Waters,et al.  Separating Semantic and Circular Security for Symmetric-Key Bit Encryption from the Learning with Errors Assumption , 2017, EUROCRYPT.

[30]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[31]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[32]  Allison Bishop,et al.  New Circular Security Counterexamples from Decision Linear and Learning with Errors , 2015, ASIACRYPT.

[33]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[34]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[35]  Rafael Pass,et al.  Indistinguishability obfuscation from circular security , 2021, IACR Cryptol. ePrint Arch..

[36]  Amit Sahai,et al.  Simplifying Constructions and Assumptions for iO , 2019 .

[37]  Hoeteck Wee,et al.  Candidate Obfuscation via Oblivious LWE Sampling , 2020, IACR Cryptol. ePrint Arch..

[38]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[39]  Zvika Brakerski,et al.  Factoring and Pairings are not Necessary for iO: Circular-Secure LWE Suffices , 2020, IACR Cryptol. ePrint Arch..

[40]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[41]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[42]  Claudio Orlandi,et al.  Obfuscation ==> (IND-CPA Security =/=> Circular Security) , 2013, IACR Cryptol. ePrint Arch..

[43]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[44]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.