Patchable Obfuscation

In this work, we introduce patchable obfuscation: our notion adapts the notion of indistinguishability obfuscation (iO) to a very general setting where obfuscated software evolves over time. We model this broadly by considering software patches P as arbitrary Turing Machines that take as input the description of a Turing Machine M , and output a new Turing Machine description M ′ = P (M). Thus, a short patch P can cause changes everywhere in the description of M and can even cause the description length of the machine to increase by an arbitrary polynomial amount. We further consider the setting where a patch is applied not just to a single machine M , but to an unbounded set of machines (M1, . . . ,Mt) to yield (P (M1), . . . , P (Mt). We call this multi-program patchable obfuscation. We consider both patchable obfuscation and multi-program patchable obfuscation in a setting where there are an unbounded number of patches that can be adaptively chosen by an adversary. We show that sub-exponentially secure iO for circuits and sub-exponentially secure one-way functions imply patchable obfuscation; and we show that sub-exponentially secure iO for circuits, sub-exponentially secure one-way functions, and sub-exponentially secure DDH imply multiprogram patchable obfuscation. Finally, we exhibit some simple applications of multi-program patchable obfuscation, to demonstrate how these concepts can be applied. ∗University of California Los Angeles and Center for Encrypted Functionalities. Email: [email protected]. Work done in part while visiting the Simons Institute for Theoretical Computer Science, supported by the Simons Foundation and and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467. This work was partially supported by grant #360584 from the Simons Foundation and the grants listed under Amit Sahai. †Johns Hopkins University. Email: [email protected]. Work done in part while visiting the Simons Institute for Theoretical Computer Science, supported by the Simons Foundation and and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467.. Supported in part by a DARPA/ARL Safeware Grant W911NF-15-C-0213 and NSF CNS-1414023. ‡University of California Los Angeles and Center for Encrypted Functionalities. Email: [email protected] Work done in part while visiting the Simons Institute for Theoretical Computer Science, supported by the Simons Foundation and and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467. Research supported in part from a DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1228984, 1136174, 1118096, and 1065276, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government.