Indistinguishability Obfuscation of Iterated Circuits and RAM Programs

A key source of inefficiency in existing obfuscation schemes is that they operate on programs represented as Boolean circuits or Turing machines. We bring the complexity of obfuscation down to the level of RAM programs. We do this in two steps: First, assuming injective one way functions and indistinguishability obfuscators for all circuits, we construst a one time garbled RAM scheme with the following parameters, up to polylogarithmic factors and a multiplicative factor in the security parameter: (a) The space used by the garbled program, as well as the initial size of the program itself, are proportional to the space s used by the plaintext program. (b) The runtime of the obfuscated program is proportional to the runtime of the plaintext program. Next, we transform this scheme into a full-fledged obfuscation scheme for RAM programs with comparable efficiency: The runtime remains the same, and the size is proportional to the maximum space needed by the underlying program on any input of the given size. The security loss is poportional to the number of potential inputs for the RAM program. Our construction can be plugged into practically any existing use of indistinguishability obfuscation or garbled programs, such as delegation of computation, reusable garbled RAMs, functional encryption, non-interactive zero-knowledge, and multi-party computation protocols, resulting in significant efficiency gains. At the heart of our construction is a mechanism for succinctly obfuscating “iterated circuits”, namely circuits that run in iterations, and where the output of an iteration is used as input to the next. As contributions of independent interest, we also introduce a new cryptographic tool called Asymmetrically Constrained Encapsulation (ACE), that allows us to enforce correctness and secrecy properties of intermediate results of obfuscated iterated circuits. ∗Tel Aviv University and Boston University. Email: [email protected]. Supported by the Check Point Institute for Information Security, ISF grant 1523/14, NSF MACS project, and an NSF Algorithmic foundations grant 1218461. †MIT. Email: [email protected]. Supported by NSF Grant Award number CNS-1347364, DARPA Grant number FA8750-11-2-0225, and the Simons Foundation ‡Johns Hopkins University. Email: [email protected]. Supported in part by NSF Grant number CNS-1414023. §MIT. Email: [email protected]. Research supported in part by DARPA Grant number FA875011-2-0225, an Alfred P. Sloan Research Fellowship, the Northrop Grumman Cybersecurity Research Consortium (CRC), Microsoft Faculty Fellowship, the Qatar Computing Research Institute, and a Steven and Renee Finn Career Development Chair from MIT.