Obfuscating Conjunctions Under Entropic Ring Lwe

We show how to securely obfuscate conjunctions, which are functions f(x(1), . . . , x(n)) = boolean AND(i is an element of I) y(i) where I subset of [n] and each literal y(i) is either just x(i) or (sic)x(i) e.g., f(x(1), . . . , x(n)) = x(1) boolean AND (sic)x(3) boolean AND (sic)x(7) . . . boolean AND x(n-1). Whereas prior work of Brakerski and Rothblum (CRYPTO 2013) showed how to achieve this using a non-standard object called cryptographic multilinear maps, our scheme is based on an "entropic" variant of the Ring Learning with Errors (Ring LWE) assumption. As our core tool, we prove that hardness assumptions on the recent multilinear map construction of Gentry, Gorbunov and Halevi (TCC 2015) can be established based on entropic Ring LWE. We view this as a first step towards proving the security of additional multilinear map based constructions, and in particular program obfuscators, under standard assumptions. Our scheme satisfies virtual black box (VBB) security, meaning that the obfuscated program reveals nothing more than black-box access to f as an oracle, at least as long as (essentially) the conjunction is chosen from a distribution having sufficient entropy.