Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Paper 2013/860

On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input

Sanjam Garg, Craig Gentry, Shai Halevi, and Daniel Wichs

Abstract

The notion of differing-inputs obfuscation (diO) was introduced by Barak et al. (CRYPTO 2001). It guarantees that, for any two circuits $C_0, C_1$, if it is difficult to come up with an input $x$ on which $C_0(x) \neq C_1(x)$, then it should also be difficult to distinguish the obfuscation of $C_0$ from that of $C_1$. This is a strengthening of indistinguishability obfuscation, where the above is only guaranteed for circuits that agree on all inputs: $C_0(x) = C_1(x)$ for all $x$. Two recent works of Ananth et al. (ePrint 2013) and Boyle et al. (TCC 2014) study the notion of diO in the setting where the attacker is also given some auxiliary information related to the circuits, showing that this notion leads to many interesting applications. In this work, we show that the existence of general-purpose diO with general auxiliary input has a surprising consequence: it implies that a specific circuit $C^*$ with specific auxiliary input $\aux^*$ cannot be obfuscated in a way that hides some specific information. In other words, under the conjecture that such special-purpose obfuscation exists, we show that general-purpose diO cannot exist. We do not know if this special-purpose obfuscation assumption is implied by diO itself, and hence we do not get an unconditional impossibility result. However, the special-purpose obfuscation assumption is a falsifiable assumption which we do not know how to break for candidate obfuscation schemes. Showing the existence of general-purpose diO with general auxiliary input would necessitate showing how to break this assumption. We also show that the special-purpose obfuscation assumption implies the impossibility of extractable witness encryption with auxiliary input, a notion proposed by Goldwasser et al. (CRYPTO 2013). A variant of this assumption also implies the impossibility of ``output-only dependent'' hardcore bits for general one-way functions, as recently constructed by Bellare and Tessaro (ePrint 2013) using diO.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in CRYPTO 2014
Contact author(s)
wichs @ ccs neu edu
History
2014-06-13: last of 2 revisions
2013-12-29: received
See all versions
Short URL
https://ia.cr/2013/860
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/860,
      author = {Sanjam Garg and Craig Gentry and Shai Halevi and Daniel Wichs},
      title = {On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/860},
      year = {2013},
      url = {https://eprint.iacr.org/2013/860}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.