Towards Practical Obfuscation of General Circuits

Known approaches for obfuscating a circuit are only feasible in theory: the complexity polynomially depends on the security parameter and circuit measures, but with too large polynomials and/or holds only with large enough security parameters, which leaves the methods not implementable for almost all applications at a required security level, say 128 bits. In this work, we initiate the task of exploiting ideas from theoretical constructions towards practical obfuscation. The starting concern is: how much do empirical methods help to improve efficiency? We followed the approach of Zimmerman and Applebaum et al.: obfuscating the randomized encodings (RE) with Graded Encoding Scheme (GES) over composites. We gave a new design of RE which is based on a new pseudorandom function and a new garbled circuit from a pseudorandom generator, whose obfuscation only needs GES of degree linear with n, the number of input variables. We also developed various techniques that further reduce the degree by a significant constant factor. These resulted a general obfuscator with code size ( (28λ|C|+ 2 c c )10nλ ) GES( 5n 2c + 6, λ), where GES(μ, λ) denotes the size of a single ring element of the Graded Encoding Scheme with multilinearity μ and security level λ. Based on our implementation of the required GES with a simplified CLT multilinear map, we may assume GES(μ, λ) ≈ μλ. When n = 128, we may get μ = 31; for example, our obfuscated AES will have code size < 10 bits, whereas no implementable solution is known prior to this work. Our construction achieves VBB security if our pseudorandom function and pseudorandom generator and application of the CLT multilinear map are all secure.