Secret-Sharing for NP from Indistinguishability Obfuscation

A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function. It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing schemes. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be “qualified” and provide a witness attesting to this fact. Recently, there has been much excitement regarding the possibility of obtaining program obfuscation satisfying the “indistinguishability obfuscation” requirement: A transformation that takes a program and outputs an obfuscated version of it so that for any two functionally equivalent programs the output of the transformation is computationally indistinguishable. Our main result is a construction of a computational secret-sharing scheme for any monotone function in NP assuming the existence of an efficient indistinguishability obfuscator for P and one-way functions. Furthermore, we show how to get the same result but relying on a weaker obfuscator: an efficient indistinguishability obfuscator for 3CNF formulas. Research supported in part by a grant from the I-CORE Program of the Planning and Budgeting Committee, the Israel Science Foundation and the Citi Foundation. Incumbent of the Judith Kleeman Professorial Chair.

[1]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[2]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[3]  Russell Impagliazzo,et al.  A personal view of average-case complexity , 1995, Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference.

[4]  K. Srinathan,et al.  On the Power of Computational Secret Sharing , 2003, INDOCRYPT.

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[7]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[8]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[9]  Kai-Min Chung,et al.  On Extractability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[10]  Alon Rosen,et al.  There is no Indistinguishability Obfuscation in Pessiland , 2013, IACR Cryptol. ePrint Arch..

[11]  M. Sipser,et al.  Monotone complexity , 1992 .

[12]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[13]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[14]  Oded Goldreich,et al.  Computational complexity: a conceptual perspective , 2008, SIGA.

[15]  Iain A. Stewart Complete Problems for Monotone NP , 1995, Theor. Comput. Sci..

[16]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[17]  Guy N. Rothblum,et al.  Black-box obfuscation for d-CNFs , 2014, ITCS.

[18]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[19]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[20]  Nancy A. Lynch,et al.  NOTICE WARNING CONCERNING COPYRIGHT RESTRICTIONS , 2002 .

[21]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[22]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[23]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[24]  Noga Alon,et al.  The Probabilistic Method , 2015, Fundamentals of Ramsey Theory.

[25]  Brent Waters,et al.  Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[26]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[27]  Mihir Bellare,et al.  Robust computational secret sharing and a unified account of classical secret-sharing goals , 2007, CCS '07.

[28]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, Journal of Cryptology.

[29]  Mitsuru Ito,et al.  Multiple assignment scheme for sharing secret , 1993, Journal of Cryptology.

[30]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[31]  Leslie G. Valiant,et al.  A complexity theory based on Boolean algebra , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[32]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[33]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.