On the Implausibility of Differing-Inputs Obfuscation (and Extractable Witness Encryption) with Auxiliary Input Daniel Wichs (Northeastern U) with: Sanjam.

Slides:

Advertisements

Similar presentations

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.

Advertisements

Security Seminar, Fall 2003 On the (Im)possibility of Obfuscating Programs Boaz Barak, Oded Goldreich, Russel Impagliazzo, Steven Rudich, Amit Sahai, Salil.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

OPENING THE BLACK BOX Boaz Barak Institute for Advanced Study Princeton, NJ New Techniques in Cryptography.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.

1 Identity-Based Zero-Knowledge Jonathan Katz Rafail Ostrovsky Michael Rabin U. Maryland U.C.L.A. Harvard U.

REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland.

Garbled RAM, Revisited Daniel Wichs (Northeastern University) Joint work with: Craig Gentry, Shai Halevi, Seteve Lu, Rafail Ostrovsky, Mariana Raykova.

1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.

Outsourcing Private RAM Computation Daniel Wichs Northeastern University with: Craig Gentry, Shai Halevi, Mariana Raykova.

Nir Bitansky and Omer Paneth. Interactive Proofs.

On Virtual Grey-Box Obfuscation for General Circuits Nir Bitansky Ran Canetti Yael Tauman-Kalai Omer Paneth.

Private Programs: Obfuscation, a survey Guy Rothblum Barak, Goldreich, Impagliazzo, Rudich, Sahai, Vadhan and Yang Lynn, Prabhakaran and Sahai Goldwasser.

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Co-Training and Expansion: Towards Bridging Theory and Practice Maria-Florina Balcan, Avrim Blum, Ke Yang Carnegie Mellon University, Computer Science.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

1 Theory and Application of Extractable Functions Ramzi Ronny Dakdouk.

ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.

Nir Bitansky Ran Canetti Henry Cohn Shafi Goldwasser Yael Tauman-Kalai

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.

Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

Shai Halevi – IBM Research PKC 2014 Multilinear Maps and Obfuscation A Survey of Recent Results.

Cryptography Lecture 9 Stefan Dziembowski

Key Derivation from Noisy Sources with More Errors Than Entropy Benjamin Fuller Joint work with Ran Canetti, Omer Paneth, and Leonid Reyzin May 5, 2014.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.

Client-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity Ran Canetti, Abhishek Jain and Omer Paneth 1.

Nir Bitansky and Omer Paneth. Program Obfuscation.

Copyright (c) 2012 NTT Secure Platform Labs. Group to Group Commitments Do Not Shrink Masayuki ABE Kristiyan Haralambiev Miyako Ohkubo 1.

Witness Encryption and Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry IBM Allison Lewko Columbia Amit.

Obfuscation of Probabilistic Circuits Ran Canetti, Huijia Lin Stefano Tessaro, Vinod Vaikuntanathan.

NTRU Key Exchange based on a posting of Lars Luthman on the Cryptography mailinglist on 05/17/2014 The search for a Post-Quantum Diffie-Hellman replacement.

13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Security-Preserving Operations on Big Data Algorithms for Big Data, Frankfurt, September, 2014.

Lower Bounds on Assumptions behind Indistinguishability Obfuscation

Introduction to Obfuscation Mohammad Mahmoody University of Virginia *some slides borrowed from abhi shelat.

NIR BITANSKY, OMER PANETH, ALON ROSEN ON THE CRYPTOGRAPHIC HARDNESS OF FINDING A NASH EQUILIBRIUM.

A New Paradigm of Hybrid Encryption Scheme Kaoru Kurosawa, Ibaraki Univ. Yvo Desmedt, UCL and FSU.

Weaknesses in the Generic Group Model

Boaz Barak, Nir Bitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai.

1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.

Pseudo-random generators Talk for Amnon ’ s seminar.

Does Privacy Require True Randomness? Yevgeniy Dodis New York University Joint work with Carl Bosley.

Impossibility proofs for RSA signatures in the standard model Pascal Paillier Topics in Cryptology – CT-RSA 2007.

Complexity Theory and Explicit Constructions of Ramsey Graphs Rahul Santhanam University of Edinburgh.

Lower Bounds on Assumptions behind Indistinguishability Obfuscation

iO with Exponential Efficiency

Our Current Knowledge of Knowledge Assumptions

Sum of Squares, Planted Clique, and Pseudo-Calibration

Risky Traitor Tracing and New Differential Privacy Negative Results

Yael Tauman Kalai Area: Cryptography PhD: MIT, with Shafi Goldwasser

Applications of Blockchains - III

Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces

Soundness of Formal Encryption in the Presence of Key Cycles

Cryptography for Quantum Computers

Rishab Goyal Venkata Koppula Brent Waters

Investigating Provably Secure and Practical Software Protection

Impossibility of SNARGs

Lecture 2-6 Complexity for Computing Influence Spread

Presentation transcript:

On the Implausibility of Differing-Inputs Obfuscation (and Extractable Witness Encryption) with Auxiliary Input Daniel Wichs (Northeastern U) with: Sanjam Garg, Craig Gentry, Shai Halevi

Overview of Result Differing-inputs obfuscation cannot exist assuming another form of obfuscation does exist. + science Theorems, Proofs philosophy / hand-waving What does it all mean?

Ancient History of Obfuscation ‘00-’13 First formally studied by [Hada 00] and [Barak et al. 01]. Defined strong notion of “virtual black-box obfuscation” (VBB). – Obfuscated code only as good as black-box access to program. Negative Result: VBB obfuscation is impossible for many “pathological functions” (contrived). – Cannot have general VBB obfuscation. – Don’t have a general class that excludes all “pathological functions”. Positive Results: Can obfuscate some very simple functions like “point functions” [Canetti ‘97, Wee ‘05,…].

Our Knowledge of VBB Obfuscation unobfusctable obfusctable unknown

Interpretation of VBB before ‘13 unobfusctable obfusctable

Candidate Obfuscator The first general candidate obfuscator [Garg-Gentry-Halevi-Raykova-Sahai-Waters 13] – Can be applied to any poly-time program. – Fails to be VBB for some “pathological functions”, but does not seem to have any other weakness.

Interpretation of VBB after ‘13 unobfusctable obfusctable Green or red?

General Obfuscation Assumption Can we have a general, simple-to-state, useful assumption about an obfuscator? Two such candidates proposed by [Barak et al. 01]: – Indistinguishability Obfuscation (iO) – Differing-Inputs Obfuscation (diO)

Indistinguishability Obfuscation

Differing-Inputs Obfuscation

Recently explored by Ananth et al. [ABG+13] and Boyle et al. [BCP14] who showed many applications: – obfuscation for TMs – adaptively secure functional encryption for TMs. – extractable witness encryption Many results using iO can be simplified if we use diO.

Our Results General differing-inputs obfuscation cannot exist assuming that a “special-purpose obfuscation assumption” holds (a specific function can be obfuscated to hide specific info) (extractable witness encryption)

Counter-Example

At most one can survive! General differing-inputs obfuscation for all “differing-inputs distributions” [indistinguishability property] holds vs. Special-purpose obfuscation assumption given obfuscation of specific C* hard to recover a valid signature Not “falsifiable” [Naor 03 ] falsifiable implies existence of efficient algorithm without having a candidate

What to think of diO? General diO for all “differing-inputs families” is implausible. But diO and even VBB obfuscation can plausibly hold for most natural candidates that we’d like to obfuscate. – Better to rely on diO vs. VBB. Clarifies which property you really need. The search continues for a useful, plausible, general obfuscation assumption. Obfuscation is the new random oracle model ?

Thank you!