## AI helps you reading Science

## AI Insight

AI extracts a summary of this paper

Weibo:

# Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits

Foundations of Computer Science, no. 3 (2016): 40-49

EI WOS

Keywords

Abstract

In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the obfuscations of C0 and C1 should be computationally indistinguishable. In functional encryption, cipher texts encrypt inputs...More

Code:

Data:

Introduction

- In this work the authors study two long-standing open feasibility questions in cryptography: secure program obfuscation, and functional encryption.

Obfuscation. - The authors show how to use indistinguishability obfuscation for circuits, public-key encryption, and noninteractive zero knowledge to achieve functional encryption for all circuits.
- The main contributions of this work are to (1) construct indistinguishability obfuscators for all circuits, and (2) show how to use indistinguishability obfuscators to solve the central open problem in the area of Functional Encryption.

Highlights

- In this work we study two long-standing open feasibility questions in cryptography: secure program obfuscation, and functional encryption.

Obfuscation - We show how to use indistinguishability obfuscation for NC1 together with Fully Homomorphic Encryption to achieve indistinguishability obfuscation for all circuits
- We show how to use indistinguishability obfuscation for circuits, public-key encryption, and noninteractive zero knowledge to achieve functional encryption for all circuits
- They showed that the most natural simulation-based formulation of program obfuscation (a.k.a. “black-box obfuscation”) is impossible to achieve for general programs, in a very strong sense: They showed that there exist unobfuscatable functions – a family of functions {fs} such that given any circuit that implements fs, an efficient procedure can extract the secret s; any efficient adversary given only black-box access to fs cannot guess even a single bit of s with non-negligible advantage
- The Power of Indistinguishability Obfuscation: While a black box obfuscator immediately results in several turnkey applications, our work shows that indistinguishability obfuscation combined with adroit use of other cryptographic primitives can give rise to powerful functionalities

Results

- After constructing indistinguishability obfuscators for NC1 from Multilinear Jigsaw Puzzles, the authors use these indistinguishability obfuscators in a black-box manner to obtain the following results:
- Using indistinguishability obfuscator for polynomialsize circuits, together with injective one-way functions, public-key encryption, and a novel variant of Sahai’s simulation-sound non-interactive zero knowledge [28] proofs, the authors show how to obtain functional encryption schemes supporting all polynomial-size circuits.
- The authors will use indistinguishability obfuscation by constructing circuits that inherently have multiple equivalent forms.
- The authors show how to use indistinguishability obfuscation for NC1 and fully homomorphic encryption (FHE) with decryption in NC1 to obtain indistinguishability obfuscation for all polynomial-size circuits.
- The secret key skC corresponding to a circuit C be an obfuscation of a program that uses SK to decrypt x, computes and output C(x).
- Recall that the indistinguishability security definition for functional encryption requires the adversary to declare two inputs x0 and x1, with the promise that all secret keys SKC that she will ask for will satisfy C(x0) = C(x1).
- In this case, unlike above, the receiver cannot generate a proof on his own that both ciphertexts encrypt the same message to provide to the obfuscated decryption circuit.
- The authors note that the construction enjoys the property that ciphertexts are succinct; their size depends only on the public-key encryption scheme and NIZK being used, and does not depend on the underlying details of the obfuscation mechanism in any way.

Conclusion

- Prior solutions for primitives of ABE for circuits [16], [17] and single use functional encryption [33] achieved ciphertexts sizes and encryption times that were proportional to the maximum depth of the function to be evaluated.
- Some recent work has focused on a collusion-bounded form of functional encryption [37], [38], [33], where security is only ensured so long as an attacker does not acquire more than some predetermined number of keys.
- Certain collusion-bounded functional encryption schemes with special properties suffice for several interesting applications such as delegated computation and most notably reusable garbled circuits [33].

Related work

- Some recent work has focused on a collusion-bounded form of functional encryption [37], [38], [33], where security is only ensured so long as an attacker does not acquire more than some predetermined number of keys. This concept is very similar to the manner in which onetime signatures relax the general notion of signatures. In these settings, collusion-bounded FE has been achieved for general circuits [37], [38], and in the case of single-key FE this has been done with quite succinct ciphertexts [33]. Certain collusion-bounded functional encryption schemes with special properties suffice for several interesting applications such as delegated computation and most notably reusable garbled circuits [33]. However, in the general use scenario envisioned for FE [9], unbounded collusion resistance is essential, as a single user or a collection of users would be holding multiple secret keys. This is the focus of our work.

Funding

- The first and fifth authors were supported in part from NSF grants 1228984, 1136174, 1118096, 1065276, 0916574 and 0830803, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant
- The second and third authors were supported by the Intelligence Advanced Research Projects Activity (IARPA) via Department of Interior National Business Center (DoI/NBC) contract number D11PC20202
- The fourth author is supported by NSF Grant No.1017660
- The sixth author is supported by NSF CNS-0915361 and CNS-0952692, CNS-1228599, DARPA N11AP20006, Google Faculty Research award, the

Reference

- B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang, “On the (im)possibility of obfuscating programs,” in CRYPTO, 2001, pp. 1–18.
- ——, “On the (im)possibility of obfuscating programs,” J. ACM, vol. 59, no. 2, p. 6, 2012.
- S. Goldwasser and G. N. Rothblum, “On best-possible obfuscation,” in TCC, 2007, pp. 194–213.
- A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in EUROCRYPT, 2005, pp. 457–473.
- V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attributebased encryption for fine-grained access control of encrypted data,” in CCS, 2006.
- D. Boneh and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” in TCC, 2007, pp. 535–554.
- J. Katz, A. Sahai, and B. Waters, “Predicate encryption supporting disjunctions, polynomial equations, and inner products,” in EUROCRYPT, 2008.
- A. Sahai and B. Waters, “Slides on functional encryption,” PowerPoint presentation, 2008, http://www.cs.utexas.edu/
- D. Boneh, A. Sahai, and B. Waters, “Functional encryption: definitions and challenges,” in TCC, 2011, pp. 253–273.
- A. O’Neill, “Definitional issues in functional encryption,” Cryptology ePrint Archive, Report 2010/556, 2010.
- A. Shamir, “Identity-based cryptosystems and signature schemes,” in CRYPTO, 1984, pp. 47–53.
- D. Boneh and M. K. Franklin, “Identity-based encryption from the weil pairing,” in CRYPTO, 2001.
- C. Cocks, “An identity based encryption scheme based on quadratic residues.” in IMA Int. Conf., 2001, pp. 360–363.
- D. X. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Security and Privacy, 2000, pp. 44–55.
- D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in EUROCRYPT, 2004, pp. 506–522.
- S. Gorbunov, V. Vaikuntanathan, and H. Wee, “Attributebased encryption for circuits,” in STOC, 2013.
- S. Garg, C. Gentry, S. Halevi, A. Sahai, and B. Waters, “Attribute-based encryption for circuits from multilinear maps,” in CRYPTO, 2013.
- S. Garg, C. Gentry, A. Sahai, and B. Waters, “Witness encryption and its applications,” in STOC, 2013.
- S. Agrawal, D. M. Freeman, and V. Vaikuntanathan, “Functional encryption for inner product predicates from learning with errors,” in ASIACRYPT, 2011.
- S. Garg, C. Gentry, and S. Halevi, “Candidate multilinear maps from ideal lattices,” in EUROCRYPT, 2013.
- J.-S. Coron, T. Lepoint, and M. Tibouchi, “Practical multilinear maps over the integers,” in CRYPTO, 2013.
- C. Gentry, “Fully homomorphic encryption using ideal lattices,” in STOC, 2009, pp. 169–178.
- Z. Brakerski and V. Vaikuntanathan, “Fully homomorphic encryption from ring-lwe and security for key dependent messages,” in CRYPTO, 2011.
- Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully homomorphic encryption without bootstrapping,” in ITCS, 2012.
- Z. Brakerski, “Fully homomorphic encryption without modulus switching from classical gapsvp,” in CRYPTO, 2012, pp. 868–886.
- C. Gentry, A. Sahai, and B. Waters, “Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based,” in CRYPTO, 2013.
- M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks,” in STOC, 1990, pp. 427–437.
- A. Sahai, “Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security,” in FOCS, 1999, pp. 543– 553.
- A. D. Caro, V. Iovino, A. Jain, A. O’Neill, O. Paneth, and G. Persiano, “On the achievability of simulation-based security for functional encryption,” in CRYPTO, 2013.
- S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters, “Definitional issues in functional encryption,” Cryptology ePrint Archive, Report 2013, 2013.
- U. Feige and A. Shamir, “Witness indistinguishable and witness hiding protocols,” in STOC, 1990, pp. 416–426.
- S. Goldwasser and Y. T. Kalai, “On the impossibility of obfuscation with auxiliary input,” in FOCS, 2005, pp. 553– 562.
- S. Goldwasser, Y. Kalai, R. A. Popa, V. Vaikuntanathan, and N. Zeldovich, “Succinct functional encryption and applications: Reusable garbled circuits and beyond,” in STOC, 2013.
- B. Parno, M. Raykova, and V. Vaikuntanathan, “How to delegate and verify in public: Verifiable computation from attribute-based encryption,” in TCC, 2012, pp. 422–439.
- D. Boneh, A. Sahai, and B. Waters, “Fully collusion resistant traitor tracing with short ciphertexts and private keys,” in EUROCRYPT, 2006, pp. 573–592.
- B. Chor, A. Fiat, and M. Naor, “Tracing traitors,” in CRYPTO, 1994, pp. 257–270.
- A. Sahai and H. Seyalioglu, “Worry-free encryption: functional encryption with public keys,” in CCS, 2010, pp. 463– 472.
- S. Gorbunov, V. Vaikuntanathan, and H. Wee, “Functional encryption with bounded collusions via multi-party computation,” in CRYPTO, 2012.
- S. Agrawal, S. Gorbunov, V. Vaikuntanathan, and H. Wee, “Functional encryption: New perspectives and lower bounds,” in CRYPTO, 2013.
- D. A. Barrington, “Bounded-width polynomial-size branching programs recognize exactly those languages in nc1,” in STOC, 1986.
- O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game or a completeness theorem for protocols with honest majority,” in STOC, 1987, pp. 218–229.
- J. Kilian, “Founding cryptography on oblivious transfer,” in STOC, J. Simon, Ed. ACM, 1988, pp. 20–31.
- M. Ben-Or, O. Goldreich, S. Goldwasser, J. Hastad, J. Kilian, S. Micali, and P. Rogaway, “Everything provable is provable in zero-knowledge,” in CRYPTO, 1988, pp. 37–56.
- Y. Ishai, “Personal communication,” 2013.

Tags

Comments

数据免责声明

页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果，我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问，可以通过电子邮件方式联系我们：report@aminer.cn