Skip to main content
Springer Nature Link
Log in

On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input

  • Published:
Algorithmica Aims and scope Submit manuscript

Abstract

The notion of differing-inputs obfuscation (diO) was introduced by Barak et al. (CRYPTO, pp 1–18, 2001). It guarantees that, for any two circuits \(C_0, C_1\) for which it is difficult to come up with an input x on which \(C_0(x) \ne C_1(x)\), it should also be difficult to distinguish the obfuscation of \(C_0\) from that of \(C_1\). This is a strengthening of indistinguishability obfuscation, where the above is only guaranteed for circuits that agree on all inputs. Two recent works of Ananth et al. (Differing-inputs obfuscation and applications, http://eprint.iacr.org/, 2013) and Boyle et al. (Lindell, pp 52–73, 2014) study the notion of diO in the setting where the attacker is also given some auxiliary information related to the circuits, showing that this notion leads to many interesting applications. In this work, we show that the existence of general-purpose diO with general auxiliary input has a surprising consequence: it implies that a specific circuit \(C^*\) with specific auxiliary input \({\mathsf {aux}}^*\) cannot be obfuscated in a way that hides some specific information. In other words, under the conjecture that such special-purpose obfuscation exists, we show that general-purpose diO cannot exist. This conjecture is a falsifiable assumption which we do not know how to break for candidate obfuscation schemes. We also show similar implausibility results for extractable witness encryption with auxiliary input and for “output-only dependent” hardcore bits for general one-way functions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. The notable exceptions are “extractable/functional witness encryption” [4] and “output-only dependent hardcore bits for any one-way function” [11] where the auxiliary input is external and is not fixed by the construction. Our counterexamples show that these notions are “implausible” in their general form.

  2. Any signature scheme can be converted into one with a deterministic signing algorithm by replacing the random coins with a PRF of the message.

  3. Indeed, we suspect that one should be able to come up with some “unnatural” signature and hash function for which it does not hold (following similar counter-examples from [5, 7, 14]).

  4. The result of Bellare, Stepanovs and Tessaro [11] does not consider auxiliary input.

References

  1. Ananth, P., Boneh, D., Garg, S., Sahai, A., Zhandry, M.: Differing-inputs obfuscation and applications. Cryptology ePrint Archive. Report 2013/689 (2013) http://eprint.iacr.org/

  2. Applebaum, B.: Bootstrapping obfuscators via fast pseudorandom functions. In: Sarkar and Iwata [21], pp. 162–172

  3. Bitansky, N., Canetti, R., Cohn, H., Goldwasser, S., Kalai, Y.T., Paneth, O., Rosen, A.: The impossibility of obfuscation with auxiliary input or a universal simulator. In: Advances in Cryptology—CRYPTO 2014—34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2014, Proceedings, Part II, pp. 71–89 (2014)

  4. Boyle, E., Chung, K.-M., Pass, R.: On extractability obfuscation. In: Lindell [10], pp. 52–73

  5. Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. In: Shmoys [20], pp. 505–514

  6. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: CRYPTO, pp. 1–18 (2001)

  7. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  8. Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: Phong, Q. Nguyen, Elisabeth O., (eds.) Advances in Cryptology—EUROCRYPT 2014—33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11–15, 2014. Proceedings, volume 8441 of Lecture Notes in Computer Science, pp. 221–238. Springer (2014)

  9. Boyle, E., Pass, R.: Limits of extractability assumptions with distributional auxiliary input. In: Tetsu I., Jung H.C. (eds.) Advances in cryptology—ASIACRYPT 2015—21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29—December 3, 2015, Proceedings, Part II, volume 9453 of Lecture Notes in Computer Science, pp. 236–261. Springer, (2015)

  10. Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: Lindell [18], pp. 1–25

  11. Bellare, M., Stepanovs, I., Tessaro, S.: Poly-many hardcore bits for any one-way function and a framework for differing-inputs obfuscation. In: Sarkar, Iwata [2,21], pp. 102–121

  12. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2013, 26–29 October, 2013, Berkeley, CA, USA, pp. 40–49. IEEE Computer Society (2013)

  13. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Dan, B., Tim, R., Joan, F., (eds), Symposium on Theory of Computing Conference, STOC’13, Palo Alto, CA, USA, June 1–4, 2013, pp. 467–476. ACM (2013)

  14. Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: FOCS, pp. 553–562 (2005)

  15. Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: How to run turing machines on encrypted data. In: Ran C., Juan A.G. (eds), CRYPTO (2), volume 8043 of Lecture Notes in Computer Science, pp. 536–553. Springer (2013)

  16. Hada, S.: Zero-knowledge and code obfuscation. In: Tatsuaki O., (ed), ASIACRYPT, volume 1976 of Lecture Notes in Computer Science, pp. 443–457. Springer (2000)

  17. Ishai, Y., Pandey, O., Sahai, A.: Public-coin differing-inputs obfuscation and its applications. In: Yevgeniy D., Jesper Buus N., (eds), Theory of Cryptography—12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23–25, 2015, Proceedings, Part II, volume 9015 of Lecture Notes in Computer Science, pp. 668–697. Springer (2015)

  18. Lindell, Y. (ed): Theory of cryptography—11th Theory of cryptography conference, TCC 2014, San Diego, CA, USA, February 24–26, 2014. Proceedings, volume 8349 of Lecture Notes in Computer Science. Springer (2014)

  19. Naor, M.: On cryptographic assumptions and challenges. In: Dan B., (ed), CRYPTO, volume 2729 of Lecture Notes in Computer Science, pp. 96–109. Springer (2003)

  20. Shmoys, D.B. (ed): Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31—June 03, 2014. ACM (2014)

  21. Sarkar, P., Iwata, T. (eds): Advances in cryptology—ASIACRYPT 2014—20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014, Proceedings, Part II, volume 8874 of Lecture Notes in Computer Science. Springer (2014)

  22. Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys [20], pp. 475–484

Download references

Acknowledgements

We thank Mariana Raykvoa and Amit Sahai for initial discussions relating to this work, Nir Bitansky for suggesting we look at extractable witness encryption, and Mihir Bellare for pointing us to his paper on poly-many hardcore bits and for suggesting we consider diO with bounded-length auxiliary input.

Author information

Authors and Affiliations

  1. UC Berkeley, Berkeley, CA, USA

    Sanjam Garg

  2. IBM Research, T.J. Watson, Yorktown Heights, NY, USA

    Craig Gentry & Shai Halevi

  3. Department of Computer Science, Northeastern University, Boston, MA, USA

    Daniel Wichs

Authors
  1. Sanjam Garg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Craig Gentry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shai Halevi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Wichs
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Wichs.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Garg, S., Gentry, C., Halevi, S. et al. On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input. Algorithmica 79, 1353–1373 (2017). https://doi.org/10.1007/s00453-017-0276-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00453-017-0276-6

Keywords