TY - GEN
T1 - On statistically secure obfuscation with approximate correctness
AU - Brakerski, Zvika
AU - Brzuska, Christina
AU - Fleischhacker, Nils
N1 - Publisher Copyright: © International Association for Cryptologic Research 2016.
PY - 2016/7/21
Y1 - 2016/7/21
N2 - Goldwasser and Rothblum (TCC’07) prove that statistical indistinguishability obfuscation (iO) cannot exist if the obfuscator must maintain perfect correctness (under a widely believed complexity theoretic assumption: NP ⊈ SZK ⊆ AM∩ coAM). However, for many applications of iO, such as constructing public-key encryption from oneway functions (one of the main open problems in theoretical cryptography), approximate correctness is sufficient. It had been unknown thus far whether statistical approximate iO (saiO) can exist. We show that saiO does not exist, even for a minimal correctness requirement, if NP ⊈ AM∩ coAM, and if one-way functions exist. A simple complementary observation shows that if one-way functions do not exist, then average-case saiO exists. Technically, previous approaches utilized the behavior of the obfuscator on evasive functions, for which saiO always exists. We overcome this barrier by using a PRF as a “baseline” for the obfuscated program. We broaden our study and consider relaxed notions of security for iO. We introduce the notion of correlation obfuscation, where the obfuscations of equivalent circuits only need to be mildly correlated (rather than statistically indistinguishable). Perhaps surprisingly, we show that correlation obfuscators exist via a trivial construction for some parameter regimes, whereas our impossibility result extends to other regimes. Interestingly, within the gap between the parameters regimes that we show possible and impossible, there is a small fraction of parameters that still allow to build public-key encryption from one-way functions and thus deserve further investigation.
AB - Goldwasser and Rothblum (TCC’07) prove that statistical indistinguishability obfuscation (iO) cannot exist if the obfuscator must maintain perfect correctness (under a widely believed complexity theoretic assumption: NP ⊈ SZK ⊆ AM∩ coAM). However, for many applications of iO, such as constructing public-key encryption from oneway functions (one of the main open problems in theoretical cryptography), approximate correctness is sufficient. It had been unknown thus far whether statistical approximate iO (saiO) can exist. We show that saiO does not exist, even for a minimal correctness requirement, if NP ⊈ AM∩ coAM, and if one-way functions exist. A simple complementary observation shows that if one-way functions do not exist, then average-case saiO exists. Technically, previous approaches utilized the behavior of the obfuscator on evasive functions, for which saiO always exists. We overcome this barrier by using a PRF as a “baseline” for the obfuscated program. We broaden our study and consider relaxed notions of security for iO. We introduce the notion of correlation obfuscation, where the obfuscations of equivalent circuits only need to be mildly correlated (rather than statistically indistinguishable). Perhaps surprisingly, we show that correlation obfuscators exist via a trivial construction for some parameter regimes, whereas our impossibility result extends to other regimes. Interestingly, within the gap between the parameters regimes that we show possible and impossible, there is a small fraction of parameters that still allow to build public-key encryption from one-way functions and thus deserve further investigation.
UR - http://www.scopus.com/inward/record.url?scp=84979582922&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-662-53008-5_19
DO - https://doi.org/10.1007/978-3-662-53008-5_19
M3 - منشور من مؤتمر
SN - 9783662530078
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 551
EP - 578
BT - Advances in Cryptology
A2 - Robshaw, Matthew
A2 - Katz, Jonathan
PB - Springer Verlag
T2 - 36th Annual International Cryptology Conference, CRYPTO 2016
Y2 - 14 August 2016 through 18 August 2016
ER -