On Quantum Obfuscation

Encryption of data is fundamental to secure communication in the modern world. Beyond encryption of data lies obfuscation, i.e., encryption of functionality. It is well-known that the most powerful means of obfuscating classical programs, so-called ``black-box obfuscation',' is provably impossible [Barak et al '12]. However, several recent results have yielded candidate schemes that satisfy a definition weaker than black-box, and yet still have numerous applications. In this work, we initialize the rigorous study of obfuscating programs via quantum-mechanical means. We define notions of quantum obfuscation which encompass several natural variants. The input to the obfuscator can describe classical or quantum functionality, and the output can be a circuit description or a quantum state. The obfuscator can also satisfy one of a number of obfuscation conditions: black-box, information-theoretic black-box, indistinguishability, and best possible; the last two conditions come in three variants: perfect, statistical, and computational. We discuss many applications, including CPA-secure quantum encryption, quantum fully-homomorphic encryption, and public-key quantum money. We then prove several impossibility results, extending a number of foundational papers on classical obfuscation to the quantum setting. We prove that quantum black-box obfuscation is impossible in a setting where adversaries can possess more than one output of the obfuscator. In particular, generic transformation of quantum circuits into black-box-obfuscated quantum circuits is impossible. We also show that statistical indistinguishability obfuscation is impossible, up to an unlikely complexity-theoretic collapse. Our proofs involve a new tool: chosen-ciphertext-secure encryption of quantum data, which was recently shown to be possible assuming quantum-secure one-way functions exist [Alagic et al '16].

[1]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[2]  Scott Aaronson,et al.  Quantum money from hidden subspaces , 2012, STOC '12.

[3]  David J. Rosenbaum,et al.  Uselessness for an Oracle model with internal randomness , 2011, Quantum Inf. Comput..

[4]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[5]  Gilles Brassard,et al.  Quantum Cryptography, or Unforgeable Subway Tokens , 1982, CRYPTO.

[6]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[7]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[8]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[9]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[10]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, CRYPTO.

[11]  Gilles Brassard,et al.  Strengths and Weaknesses of Quantum Computing , 1997, SIAM J. Comput..

[12]  John Watrous,et al.  Limits on the power of quantum statistical zero-knowledge , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  SahaiAmit,et al.  On the (im)possibility of obfuscating programs , 2012 .

[15]  Leonard J. Schulman Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, Cambridge, Massachusetts, USA, 5-8 June 2010 , 2010, STOC.

[16]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[17]  Aiden A. Bruen,et al.  Error-correcting Codes, Finite Geometries and Cryptography , 2010 .

[18]  R. Gennaro,et al.  Advances in cryptology - CRYPTO 2015 : 35th annual cryptology conference Santa Barbara, CA, USA, August 16-20, 2015 : proceedings , 2015 .

[19]  Bill Rosgen,et al.  On the hardness of distinguishing mixed-state quantum computations , 2004, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[20]  Craig Gentry,et al.  On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input , 2014, CRYPTO.

[21]  M. Mosca,et al.  Quantum Coins , 2009, 0911.1295.

[22]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[23]  Ran Canetti,et al.  Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[24]  Brent Waters,et al.  Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[25]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[26]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[27]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[28]  Tommaso Gagliardoni,et al.  Computational Security of Quantum Encryption , 2016, ICITS.

[29]  Stacey Jeffery,et al.  Circuit Obfuscation Using Braids , 2014, TQC.

[30]  Avinatan Hassidim,et al.  Quantum money from knots , 2010, ITCS '12.

[31]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[32]  Pawel Wocjan,et al.  "NON-IDENTITY-CHECK" IS QMA-COMPLETE , 2005 .

[33]  Scott Aaronson,et al.  Quantum Copy-Protection and Quantum Money , 2009, 2009 24th Annual IEEE Conference on Computational Complexity.

[34]  Yael Tauman Kalai,et al.  The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator , 2014, CRYPTO.

[35]  Stacey Jeffery,et al.  Quantum Homomorphic Encryption for Circuits of Low T-gate Complexity , 2014, CRYPTO.

[36]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[37]  Tang Dian-hu Fully homomorphic encryption scheme from RLWE , 2014 .

[38]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[39]  Daniel Nagaj,et al.  Quantum 3-SAT Is QMA1-Complete , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.