On Extractability (a.k.a. Differing-Inputs) Obfuscation
نویسندگان
چکیده
We initiate the study of extractability obfuscation (a.k.a. differing-inputs obfuscation), a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator eO for a class of algorithmsM guarantees that if an efficient attacker A can distinguish between obfuscations eO(M1), eO(M2) of two algorithms M1,M2 ∈M, then A can efficiently recover (given M1 and M2) an input on which M1 and M2 provide different outputs. • We rely on the recent candidate virtual black-box obfuscation constructions to provide candidate constructions of extractability obfuscators for NC; next, following the blueprint of Garg et al. (FOCS 2013), we show how to bootstrap the obfuscator for NC to an obfuscator for all non-uniform polynomial-time Turing machines. In contrast to the construction of Garg et al., which relies on indistinguishability obfuscation for NC, our construction enables succinctly obfuscating non-uniform Turing machines (as opposed to circuits), without turning running-time into description size. • We introduce a new notion of functional witness encryption, which enables encrypting a message m with respect to an instance x, language L, and function f , such that anyone (and only those) who holds a witness w for x ∈ L can compute f(m,w) on the message and particular known witness. We show that functional witness encryption is, in fact, equivalent to extractability obfuscation. • We demonstrate other applications of extractability extraction, including the first construction of fully (adaptive-message) indistinguishability-secure functional encryption for an unbounded number of key queries and unbounded message spaces. • We finally relate indistinguishability obfuscation and extractability obfuscation and show special cases when indistinguishability obfuscation can be turned into extractability obfuscation. ∗Supported in part by AFOSR YIP Award FA9550-10-1-0093. †Pass is supported in part by a Alfred P. Sloan Fellowship, Microsoft New Faculty Fellowship, NSF Award CNS1217821, NSF CAREER Award CCF-0746990, NSF Award CCF-1214844, AFOSR YIP Award FA9550-10-1-0093, and DARPA and AFRL under contract FA8750-11-20211. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the US Government.
منابع مشابه
On Extractability Obfuscation
We initiate the study of extractability obfuscation, a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator eO for a class of algorithms M guarantees that if an efficient attacker A can distinguish between obfuscations eO(M1), eO(M2) of two algorithms M1,M2 ∈M, then A can efficiently recover (given M1 and M2) an input on which M1 and M2 provide different outputs. • W...
متن کاملA Note on the Impossibility of Obfuscation with Auxiliary Inputs
In this note we revisit the problem of obfuscation with auxiliary inputs. We show that the existence of indistinguishablity obfuscation (iO) implies that all functions with sufficient “pseudoentropy” cannot be obfuscated with respect to a virtual box definition (VBB) in the presence of (dependent) auxiliary input. Namely, we show that for any candidate obfuscation O and for any function family ...
متن کاملObfuscation-Based Non-black-box Simulation and Four Message Concurrent Zero Knowledge for NP
We show the following result: Assuming the existence of public-coin differing-input obfuscation (pc-diO) for the class of all polynomial time Turing machines, then there exists a four message, fully concurrent zero-knowledge proof system for all languages in NP with negligible soundness error. This result is constructive: given pc-diO, our reduction yields an explicit protocol along with an exp...
متن کاملPoly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation
We show how to extract an arbitrary polynomial number of simultaneously hardcore bits from any oneway function. In the case the one-way function is injective or has polynomially-bounded pre-image size, we assume the existence of indistinguishability obfuscation (iO). In the general case, we assume the existence of differing-input obfuscation (diO), but of a form weaker than full auxiliary-input...
متن کاملPublic-Coin Differing-Inputs Obfuscation and Its Applications
Differing inputs obfuscation (diO) is a strengthening of indistinguishability obfuscation (iO) that has recently found applications to improving the efficiency and generality of obfuscation, functional encryption, and related primitives. Roughly speaking, a diO scheme ensures that the obfuscations of two efficiently generated programs are indistinguishable not only if the two programs are equiv...
متن کامل