Cryptanalysis on the HHSS Obfuscation Arising From Absence of Safeguards

Indistinguishability Obfuscation (<inline-formula> <tex-math notation="LaTeX">$iO$ </tex-math></inline-formula>) is a hopeful tool which obfuscates a program with the least-possible leakage, and produces various applications including functional encryption and deniable encryption. Recently, Halevi <italic>et. al.</italic> proposed a state-of-the-art obfuscator implementation, called HHSS obfuscation, in ACM-CCS’17. In this paper, we describe a polynomial time distinguishing attack on HHSS obfuscation. In other words, we show that there exist two functionally equivalent branching programs but obfuscated programs are actually distinguishable. This attack implies that HHSS obfuscation fails to achieve a general purpose of <inline-formula> <tex-math notation="LaTeX">$iO$ </tex-math></inline-formula> security. The idea of the attack is quite simple; we multiply a left kernel vector of the branching program <inline-formula> <tex-math notation="LaTeX">${\mathcal P}$ </tex-math></inline-formula> to an evaluation of obfuscated matrix, which yields a small value when the program <inline-formula> <tex-math notation="LaTeX">${\mathcal P}$ </tex-math></inline-formula> is obfuscated. Our attack algorithm is also applicable even if evasive functions are obfuscated.

[1]  Jean-Sébastien Coron,et al.  Zeroizing Attacks on Indistinguishability Obfuscation over CLT13 , 2017, Public Key Cryptography.

[2]  Craig Gentry,et al.  Cryptanalyses of Candidate Branching Program Obfuscators , 2017, EUROCRYPT.

[3]  Eric Miles,et al.  Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits , 2016, EUROCRYPT.

[4]  Daniel Wichs,et al.  Obfuscating Compute-and-Compare Programs under LWE , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[5]  Vinod Vaikuntanathan,et al.  GGH15 Beyond Permutation Branching Programs: Proofs, Attacks, and Candidates , 2018, IACR Cryptol. ePrint Arch..

[6]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[7]  Guy N. Rothblum,et al.  Obfuscating Conjunctions , 2015, Journal of Cryptology.

[8]  Eric Miles,et al.  Protecting obfuscation against arithmetic attacks , 2014, IACR Cryptol. ePrint Arch..

[9]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[10]  Boaz Barak,et al.  Hopes, fears, and software obfuscation , 2016, Commun. ACM.

[11]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[12]  Brent Waters,et al.  Lockable Obfuscation , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[13]  Eric Miles,et al.  Secure Obfuscation in a Weak Multilinear Map Model , 2016, TCC.

[14]  Jung Hee Cheon,et al.  Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from NTRU Attack , 2018, IACR Cryptol. ePrint Arch..

[15]  Yael Tauman Kalai,et al.  Obfuscation for Evasive Functions , 2014, IACR Cryptol. ePrint Arch..

[16]  Guy N. Rothblum,et al.  Obfuscating Conjunctions , 2015, Journal of Cryptology.

[17]  Craig Gentry,et al.  Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations , 2015, CRYPTO.

[18]  Jung Hee Cheon,et al.  Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem , 2018, CRYPTO.

[19]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[20]  Yuval Ishai,et al.  Optimizing Obfuscation: Avoiding Barrington's Theorem , 2014, CCS.

[21]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[22]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[23]  Shai Halevi,et al.  Implementing BP-Obfuscation Using Graph-Induced Encoding , 2017, CCS.

[24]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.