TY - GEN
T1 - On extractability obfuscation
AU - Boyle, Elette
AU - Chung, Kai Min
AU - Pass, Rafael
PY - 2014
Y1 - 2014
N2 - We initiate the study of extractability obfuscation, a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator for a class of algorithms guarantees that if an efficient attacker can distinguish between obfuscations of two algorithms, then can efficiently recover (given M 1 and M 2) an input on which M 1 and M 2 provide different outputs. We rely on the recent candidate virtual black-box obfuscation constructions to provide candidate constructions of extractability obfuscators for NC 1; next, following the blueprint of Garg et al. (FOCS 2013), we show how to bootstrap the obfuscator for NC 1 to an obfuscator for all non-uniform polynomial-time Turing machines. In contrast to the construction of Garg et al., which relies on indistinguishability obfuscation for NC 1, our construction enables succinctly obfuscating non-uniform Turing machines (as opposed to circuits), without turning running-time into description size. We introduce a new notion of functional witness encryption, which enables encrypting a message m with respect to an instance x, language L, and function f, such that anyone (and only those) who holds a witness w for x â̂̂ L can compute f(m,w) on the message and particular known witness. We show that functional witness encryption is, in fact, equivalent to extractability obfuscation. We demonstrate other applications of extractability extraction, including the first construction of fully (adaptive-message) indistinguishability-secure functional encryption for an unbounded number of key queries and unbounded message spaces. We finally relate indistinguishability obfuscation and extractability obfuscation and show special cases when indistinguishability obfuscation can be turned into extractability obfuscation.
AB - We initiate the study of extractability obfuscation, a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator for a class of algorithms guarantees that if an efficient attacker can distinguish between obfuscations of two algorithms, then can efficiently recover (given M 1 and M 2) an input on which M 1 and M 2 provide different outputs. We rely on the recent candidate virtual black-box obfuscation constructions to provide candidate constructions of extractability obfuscators for NC 1; next, following the blueprint of Garg et al. (FOCS 2013), we show how to bootstrap the obfuscator for NC 1 to an obfuscator for all non-uniform polynomial-time Turing machines. In contrast to the construction of Garg et al., which relies on indistinguishability obfuscation for NC 1, our construction enables succinctly obfuscating non-uniform Turing machines (as opposed to circuits), without turning running-time into description size. We introduce a new notion of functional witness encryption, which enables encrypting a message m with respect to an instance x, language L, and function f, such that anyone (and only those) who holds a witness w for x â̂̂ L can compute f(m,w) on the message and particular known witness. We show that functional witness encryption is, in fact, equivalent to extractability obfuscation. We demonstrate other applications of extractability extraction, including the first construction of fully (adaptive-message) indistinguishability-secure functional encryption for an unbounded number of key queries and unbounded message spaces. We finally relate indistinguishability obfuscation and extractability obfuscation and show special cases when indistinguishability obfuscation can be turned into extractability obfuscation.
UR - http://www.scopus.com/inward/record.url?scp=84958538748&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-642-54242-8_3
DO - https://doi.org/10.1007/978-3-642-54242-8_3
M3 - منشور من مؤتمر
SN - 9783642542411
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 52
EP - 73
BT - Theory of Cryptography - 11th Theory of Cryptography Conference, TCC 2014, Proceedings
T2 - 11th Theory of Cryptography Conference on Theory of Cryptography, TCC 2014
Y2 - 24 February 2014 through 26 February 2014
ER -