How to Avoid Obfuscation Using Witness PRFs
نویسنده
چکیده
We propose a new cryptographic primitive called witness pseudorandom functions (witness PRFs). Witness PRFs are related to witness encryption, but appear strictly stronger: we show that witness PRFs can be used for applications such as multi-party key exchange without trsuted setup, polynomially-many hardcore bits for any one-way function, and several others that were previously only possible using obfuscation. Current candidate obfuscators are far from practical and typically rely on unnatural hardness assumptions about multilinear maps. We give a construction of witness PRFs from multilinear maps that is simpler and much more efficient than current obfuscation candidates, thus bringing several applications of obfuscation closer to practice. Our construction relies on new but very natural hardness assumptions about the underlying maps that appear to be resistant to a recent line of attacks.
منابع مشابه
Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model
We study the adaptive security of constrained PRFs in the standard model. We initiate our exploration with puncturable PRFs. A puncturable PRF family is a special class of constrained PRFs, where the constrained key is associated with an element x′ in the input domain. The key allows evaluation at all points x 6= x′. We show how to build puncturable PRFs with adaptive security proofs in the sta...
متن کاملDistributed Pseudorandom Functions for General Access Structures in NP
Distributed pseudorandom functions (DPRFs) originally introduced by Naor, Pinkas and Reingold (EUROCRYPT ’99) are pseudorandom functions (PRFs), whose computation is distributed to multiple servers. Although by distributing the function computation, we avoid single points of failures, this distribution usually implies the need for multiple interactions with the parties (servers) involved in the...
متن کاملWatermarking Cryptographic Functionalities from Standard Lattice Assumptions
A software watermarking scheme allows one to embed a “mark” into a program without significantly altering the behavior of the program. Moreover, it should be difficult to remove the watermark without destroying the functionality of the program. Recently, Cohen et al. (STOC 2016) and Boneh et al. (PKC 2017) showed how to watermark cryptographic functions such as PRFs using indistinguishability o...
متن کاملOn Extractability (a.k.a. Differing-Inputs) Obfuscation
We initiate the study of extractability obfuscation (a.k.a. differing-inputs obfuscation), a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator eO for a class of algorithmsM guarantees that if an efficient attacker A can distinguish between obfuscations eO(M1), eO(M2) of two algorithms M1,M2 ∈M, then A can efficiently recover (given M1 and M2) an input on which M1 ...
متن کاملOn Extractability Obfuscation
We initiate the study of extractability obfuscation, a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator eO for a class of algorithms M guarantees that if an efficient attacker A can distinguish between obfuscations eO(M1), eO(M2) of two algorithms M1,M2 ∈M, then A can efficiently recover (given M1 and M2) an input on which M1 and M2 provide different outputs. • W...
متن کامل