Lower bounds on assumptions behind indistinguishability obfuscation

Mohammad Mahmoody; Ameer Mohammed; Soheil Nematihaji; Rafael Pass; Abhi Shelat

doi:10.1007/978-3-662-49096-9_3

Lower bounds on assumptions behind indistinguishability obfuscation

Mohammad Mahmoody, Ameer Mohammed, Soheil Nematihaji, Rafael Pass, Abhi Shelat

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Since the seminal work of Garg et al. (FOCS’13) in which they proposed the first candidate construction for indistinguishability obfuscation (iO for short), iO has become a central cryptographic primitive with numerous applications. The security of the proposed construction of Garg et al. and its variants are proved based on multi-linear maps (Garg et al. Eurocrypt’13) and their idealized model called the graded encoding model (Brakerski and Rothblum TCC’14 and Barak et al. Eurocrypt’14). Whether or not iO could be based on standard and well-studied hardness assumptions has remain an elusive open question. In this work we prove lower bounds on the assumptions that imply iO in a black-box way, based on computational assumptions. Note that any lower bound for iO needs to somehow rely on computational assumptions, because if P = NP then statistically secure iO does exist. Our results are twofold:1. There is no fully black-box construction of iO from (exponentially secure) collision-resistant hash functions unless the polynomial hierarchy collapses. Our lower bound extends to (separate iO from) any primitive implied by a random oracle in a black-box way.2. Let P be any primitive that exists relative to random trapdoor permutations, the generic group model for any finite abelian group, or degree-O(1) graded encoding model for any finite ring. We show that achieving a black-box construction of iO from P is as hard as basing public-key cryptography on one-way functions. In particular, for any such primitive P we present a constructive procedure that takes any black-box construction of iO from P and turns it into a construction of semantically secure public-key encryption form any one-way functions. Our separations hold even if the construction of iO from P is semi-black-box (Reingold, Trevisan, and Vadhan, TCC’04) and the security reduction could access the adversary in a non-black-box way.

Original language	English
Title of host publication	Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings
Editors	Eyal Kushilevitz, Tal Malkin
Publisher	Springer Verlag
Pages	49-66
Number of pages	18
ISBN (Print)	9783662490952
DOIs	https://doi.org/10.1007/978-3-662-49096-9_3
State	Published - 2016
Externally published	Yes
Event	13th International Conference on Theory of Cryptography, TCC 2016 - Tel Aviv, Israel Duration: 10 Jan 2016 → 13 Jan 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9562

Conference

Conference	13th International Conference on Theory of Cryptography, TCC 2016
Country/Territory	Israel
City	Tel Aviv
Period	10/01/16 → 13/01/16

Keywords

Black-box separations
Indistinguishability obfuscation

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-662-49096-9_3

Cite this

Mahmoody, M., Mohammed, A., Nematihaji, S., Pass, R., & Shelat, A. (2016). Lower bounds on assumptions behind indistinguishability obfuscation. In E. Kushilevitz, & T. Malkin (Eds.), Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings (pp. 49-66). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9562). Springer Verlag. https://doi.org/10.1007/978-3-662-49096-9_3

Mahmoody, Mohammad ; Mohammed, Ameer ; Nematihaji, Soheil et al. / Lower bounds on assumptions behind indistinguishability obfuscation. Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings. editor / Eyal Kushilevitz ; Tal Malkin. Springer Verlag, 2016. pp. 49-66 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{091a8a299e7b45f29e5c846812d115dd,

title = "Lower bounds on assumptions behind indistinguishability obfuscation",

abstract = "Since the seminal work of Garg et al. (FOCS{\textquoteright}13) in which they proposed the first candidate construction for indistinguishability obfuscation (iO for short), iO has become a central cryptographic primitive with numerous applications. The security of the proposed construction of Garg et al. and its variants are proved based on multi-linear maps (Garg et al. Eurocrypt{\textquoteright}13) and their idealized model called the graded encoding model (Brakerski and Rothblum TCC{\textquoteright}14 and Barak et al. Eurocrypt{\textquoteright}14). Whether or not iO could be based on standard and well-studied hardness assumptions has remain an elusive open question. In this work we prove lower bounds on the assumptions that imply iO in a black-box way, based on computational assumptions. Note that any lower bound for iO needs to somehow rely on computational assumptions, because if P = NP then statistically secure iO does exist. Our results are twofold:1. There is no fully black-box construction of iO from (exponentially secure) collision-resistant hash functions unless the polynomial hierarchy collapses. Our lower bound extends to (separate iO from) any primitive implied by a random oracle in a black-box way.2. Let P be any primitive that exists relative to random trapdoor permutations, the generic group model for any finite abelian group, or degree-O(1) graded encoding model for any finite ring. We show that achieving a black-box construction of iO from P is as hard as basing public-key cryptography on one-way functions. In particular, for any such primitive P we present a constructive procedure that takes any black-box construction of iO from P and turns it into a construction of semantically secure public-key encryption form any one-way functions. Our separations hold even if the construction of iO from P is semi-black-box (Reingold, Trevisan, and Vadhan, TCC{\textquoteright}04) and the security reduction could access the adversary in a non-black-box way.",

keywords = "Black-box separations, Indistinguishability obfuscation",

author = "Mohammad Mahmoody and Ameer Mohammed and Soheil Nematihaji and Rafael Pass and Abhi Shelat",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2016.; 13th International Conference on Theory of Cryptography, TCC 2016 ; Conference date: 10-01-2016 Through 13-01-2016",

year = "2016",

doi = "10.1007/978-3-662-49096-9_3",

language = "الإنجليزيّة",

isbn = "9783662490952",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "49--66",

editor = "Eyal Kushilevitz and Tal Malkin",

booktitle = "Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings",

address = "ألمانيا",

}

Mahmoody, M, Mohammed, A, Nematihaji, S, Pass, R & Shelat, A 2016, Lower bounds on assumptions behind indistinguishability obfuscation. in E Kushilevitz & T Malkin (eds), Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9562, Springer Verlag, pp. 49-66, 13th International Conference on Theory of Cryptography, TCC 2016, Tel Aviv, Israel, 10/01/16. https://doi.org/10.1007/978-3-662-49096-9_3

Lower bounds on assumptions behind indistinguishability obfuscation. / Mahmoody, Mohammad; Mohammed, Ameer; Nematihaji, Soheil et al.
Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings. ed. / Eyal Kushilevitz; Tal Malkin. Springer Verlag, 2016. p. 49-66 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9562).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Lower bounds on assumptions behind indistinguishability obfuscation

AU - Mahmoody, Mohammad

AU - Mohammed, Ameer

AU - Nematihaji, Soheil

AU - Pass, Rafael

AU - Shelat, Abhi

PY - 2016

Y1 - 2016

N2 - Since the seminal work of Garg et al. (FOCS’13) in which they proposed the first candidate construction for indistinguishability obfuscation (iO for short), iO has become a central cryptographic primitive with numerous applications. The security of the proposed construction of Garg et al. and its variants are proved based on multi-linear maps (Garg et al. Eurocrypt’13) and their idealized model called the graded encoding model (Brakerski and Rothblum TCC’14 and Barak et al. Eurocrypt’14). Whether or not iO could be based on standard and well-studied hardness assumptions has remain an elusive open question. In this work we prove lower bounds on the assumptions that imply iO in a black-box way, based on computational assumptions. Note that any lower bound for iO needs to somehow rely on computational assumptions, because if P = NP then statistically secure iO does exist. Our results are twofold:1. There is no fully black-box construction of iO from (exponentially secure) collision-resistant hash functions unless the polynomial hierarchy collapses. Our lower bound extends to (separate iO from) any primitive implied by a random oracle in a black-box way.2. Let P be any primitive that exists relative to random trapdoor permutations, the generic group model for any finite abelian group, or degree-O(1) graded encoding model for any finite ring. We show that achieving a black-box construction of iO from P is as hard as basing public-key cryptography on one-way functions. In particular, for any such primitive P we present a constructive procedure that takes any black-box construction of iO from P and turns it into a construction of semantically secure public-key encryption form any one-way functions. Our separations hold even if the construction of iO from P is semi-black-box (Reingold, Trevisan, and Vadhan, TCC’04) and the security reduction could access the adversary in a non-black-box way.

AB - Since the seminal work of Garg et al. (FOCS’13) in which they proposed the first candidate construction for indistinguishability obfuscation (iO for short), iO has become a central cryptographic primitive with numerous applications. The security of the proposed construction of Garg et al. and its variants are proved based on multi-linear maps (Garg et al. Eurocrypt’13) and their idealized model called the graded encoding model (Brakerski and Rothblum TCC’14 and Barak et al. Eurocrypt’14). Whether or not iO could be based on standard and well-studied hardness assumptions has remain an elusive open question. In this work we prove lower bounds on the assumptions that imply iO in a black-box way, based on computational assumptions. Note that any lower bound for iO needs to somehow rely on computational assumptions, because if P = NP then statistically secure iO does exist. Our results are twofold:1. There is no fully black-box construction of iO from (exponentially secure) collision-resistant hash functions unless the polynomial hierarchy collapses. Our lower bound extends to (separate iO from) any primitive implied by a random oracle in a black-box way.2. Let P be any primitive that exists relative to random trapdoor permutations, the generic group model for any finite abelian group, or degree-O(1) graded encoding model for any finite ring. We show that achieving a black-box construction of iO from P is as hard as basing public-key cryptography on one-way functions. In particular, for any such primitive P we present a constructive procedure that takes any black-box construction of iO from P and turns it into a construction of semantically secure public-key encryption form any one-way functions. Our separations hold even if the construction of iO from P is semi-black-box (Reingold, Trevisan, and Vadhan, TCC’04) and the security reduction could access the adversary in a non-black-box way.

KW - Black-box separations

KW - Indistinguishability obfuscation

UR - http://www.scopus.com/inward/record.url?scp=84952690579&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-49096-9_3

DO - 10.1007/978-3-662-49096-9_3

M3 - منشور من مؤتمر

SN - 9783662490952

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 49

EP - 66

BT - Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings

A2 - Kushilevitz, Eyal

A2 - Malkin, Tal

PB - Springer Verlag

T2 - 13th International Conference on Theory of Cryptography, TCC 2016

Y2 - 10 January 2016 through 13 January 2016

ER -

Mahmoody M, Mohammed A, Nematihaji S, Pass R, Shelat A. Lower bounds on assumptions behind indistinguishability obfuscation. In Kushilevitz E, Malkin T, editors, Theory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings. Springer Verlag. 2016. p. 49-66. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-662-49096-9_3

Lower bounds on assumptions behind indistinguishability obfuscation

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this