We show that the common proof technique of padding a circuit before IO obfuscation is sometimes necessary. That is, assuming indistinguishability obfuscation (IO) and one-way functions exist, we define samplers Sam0, which outputs (aux0, C0), and Sam1, which outputs (aux1, C1) such that: • The distributions (aux0, iO(C0)) and (aux1, iO(C1)) are perfectly distinguishable. • For padding s = poly(λ), the distributions (aux0, iO(C0‖0)) and (aux1, iO(C1‖0)) are computationally indistinguishable. We note this refutes the recent “Superfluous Padding Assumption” of Brzuska and Mittelbach[BM15]. ∗Email: holmgren@csail.mit.edu. This work was done while the author was visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467. This research was also supported by NSF Eager CNS1347364, NSF Frontier CNS1413920, the Simons Foundation (agreement dated June 5, 2012), Air Force Laboratory FA875011-20225, and Lincoln Lab PO7000261954.
[1]
Brent Waters,et al.
Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits
,
2013,
2013 IEEE 54th Annual Symposium on Foundations of Computer Science.
[2]
Brent Waters,et al.
Constrained Pseudorandom Functions and Their Applications
,
2013,
ASIACRYPT.
[3]
Shafi Goldwasser,et al.
Functional Signatures and Pseudorandom Functions
,
2014,
Public Key Cryptography.
[4]
Yael Tauman Kalai,et al.
The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator
,
2014,
CRYPTO.
[5]
Arno Mittelbach,et al.
Universal Computational Extractors and the Superfluous Padding Assumption for Indistinguishability Obfuscation
,
2015,
IACR Cryptol. ePrint Arch..
[6]
Yael Tauman Kalai,et al.
On the impossibility of obfuscation with auxiliary input
,
2005,
46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).