On Necessary Padding with IO

We show that the common proof technique of padding a circuit before IO obfuscation is sometimes necessary. That is, assuming indistinguishability obfuscation (IO) and one-way functions exist, we define samplers Sam0, which outputs (aux0, C0), and Sam1, which outputs (aux1, C1) such that: • The distributions (aux0, iO(C0)) and (aux1, iO(C1)) are perfectly distinguishable. • For padding s = poly(λ), the distributions (aux0, iO(C0‖0)) and (aux1, iO(C1‖0)) are computationally indistinguishable. We note this refutes the recent “Superfluous Padding Assumption” of Brzuska and Mittelbach[BM15]. ∗Email: [email protected]. This work was done while the author was visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467. This research was also supported by NSF Eager CNS1347364, NSF Frontier CNS1413920, the Simons Foundation (agreement dated June 5, 2012), Air Force Laboratory FA875011-20225, and Lincoln Lab PO7000261954.