Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes

We construct a general-purpose indistinguishability obfuscation (IO) scheme for all polynomialsize circuits from constant-degree graded encoding schemes in the plain model, assuming the existence of a subexponentially secure Pseudo-Random Generator (PRG) computable by constantdegree arithmetic circuits (or equivalently in NC), and the subexponential hardness of the Learning With Errors (LWE) problems. In contrast, previous general-purpose IO schemes all rely on polynomial-degree graded encodings. Our general-purpose IO scheme is built upon two key components: • a new bootstrapping theorem that subexponentially secure IO for a subclass of constantdegree arithmetic circuits implies IO for all polynomial size circuits (assuming PRG and LWE as described above), and • a new construction of IO scheme for any generic class of circuits in the ideal graded encoding model, in which the degree of the graded encodings is bounded by a variant of the degree, called type degree, of the obfuscated circuits. In comparison, previous bootstrapping theorems start with IO for NC, and previous constructions of IO schemes require the degree of graded encodings to grow polynomially in the size of the obfuscated circuits. ∗[email protected]. Huijia Lin was partially supported by NSF grants CNS-1528178 and CNS-1514526. This work was done in part while the author was visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant CNS1523467.