On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input

The notion of differing-inputs obfuscation (diO) was introduced by Barak et al. (CRYPTO, pp 1–18, 2001). It guarantees that, for any two circuits $$C_0, C_1$$C0,C1 for which it is difficult to come up with an input x on which $$C_0(x) \ne C_1(x)$$C0(x)≠C1(x), it should also be difficult to distinguish the obfuscation of $$C_0$$C0 from that of $$C_1$$C1. This is a strengthening of indistinguishability obfuscation, where the above is only guaranteed for circuits that agree on all inputs. Two recent works of Ananth et al. (Differing-inputs obfuscation and applications, http://eprint.iacr.org/, 2013) and Boyle et al. (Lindell, pp 52–73, 2014) study the notion of diO in the setting where the attacker is also given some auxiliary information related to the circuits, showing that this notion leads to many interesting applications. In this work, we show that the existence of general-purpose diO with general auxiliary input has a surprising consequence: it implies that a specific circuit $$C^*$$C∗ with specific auxiliary input $${\mathsf {aux}}^*$$aux∗ cannot be obfuscated in a way that hides some specific information. In other words, under the conjecture that such special-purpose obfuscation exists, we show that general-purpose diO cannot exist. This conjecture is a falsifiable assumption which we do not know how to break for candidate obfuscation schemes. We also show similar implausibility results for extractable witness encryption with auxiliary input and for “output-only dependent” hardcore bits for general one-way functions.

[1]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[2]  Mihir Bellare,et al.  Poly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation , 2014, ASIACRYPT.

[3]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[4]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[5]  Nir Bitansky,et al.  More on the Impossibility of Virtual-Black-Box Obfuscation with Auxiliary Input , 2013, IACR Cryptol. ePrint Arch..

[6]  Brent Waters,et al.  Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[7]  Amit Sahai,et al.  Obfuscation-Based Non-black-box Simulation and Four Message Concurrent Zero Knowledge for NP , 2015, TCC.

[8]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[9]  Nir Bitansky,et al.  On the existence of extractable one-way functions , 2014, SIAM J. Comput..

[10]  Nir Bitansky,et al.  Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall , 2013, IACR Cryptol. ePrint Arch..

[11]  Amit Sahai,et al.  Functional Encryption for Randomized Functionalities , 2015, TCC.

[12]  Yuval Ishai,et al.  Public-Coin Differing-Inputs Obfuscation and Its Applications , 2015, TCC.

[13]  Yael Tauman Kalai,et al.  A note on the impossibility of obfuscation , 2014 .

[14]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[15]  Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014 , 2014, STOC.

[16]  Yael Tauman Kalai,et al.  How to Run Turing Machines on Encrypted Data , 2013, CRYPTO.

[17]  Kai-Min Chung,et al.  On Extractability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[18]  Yehuda Lindell Theory of cryptography : 11th theory of cryptography conference, TCC 2014 San Diego, CA, USA, February 24-26, 2014 : proceedings , 2014 .

[19]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[20]  Yael Tauman Kalai,et al.  The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator , 2014, CRYPTO.

[21]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[22]  Rafael Pass,et al.  Limits of Extractability Assumptions with Distributional Auxiliary Input , 2015, ASIACRYPT.

[23]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[24]  Mark Zhandry,et al.  Differing-Inputs Obfuscation and Applications , 2013, IACR Cryptol. ePrint Arch..

[25]  Benny Applebaum,et al.  Bootstrapping Obfuscators via Fast Pseudorandom Functions , 2014, ASIACRYPT.

[26]  Satoshi Hada,et al.  Zero-Knowledge and Code Obfuscation , 2000, ASIACRYPT.

[27]  Tetsu Iwata,et al.  Advances in Cryptology – ASIACRYPT 2014 , 2014, Lecture Notes in Computer Science.

[28]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[29]  Craig Gentry,et al.  On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input , 2014, CRYPTO.

[30]  Craig Gentry,et al.  Two-Round Secure MPC from Indistinguishability Obfuscation , 2014, TCC.

[31]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.