370 likes | 568 Views
Obfuscation for Evasive Functions. Boaz Barak, Nir Bitansky , Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai. Program Obfuscation . Approved Document . Signature . Verify and sign. Obfuscation. Obfuscated Program. Virtual Black-Box (VBB).
E N D
Obfuscation for Evasive Functions Boaz Barak, NirBitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai
Program Obfuscation Approved Document Signature Verify and sign Obfuscation Obfuscated Program
Virtual Black-Box (VBB) [Barak-Goldreich-Impagliazzo-Rudich-Sahai-Vadhan-Yang 01] Algorithm is an obfuscator for a family of functions if: For every adversary there exists a simulator such that for every key and predicate :
Impossibilities for VBB [Barak-Goldreich-Impagliazzo-Rudich-Sahai-Vadhan-Yang 01] • There exist families of “unobfuscatable” functions • Can be embedded in applications (e.g. encryption, signatures) • Implemented in • Pseudo-entropic functions are unobfuscatable w.r.t auxiliary input \universal simulation • [Bitansky-Canetti-Cohn-Goldwasser-Kalai-P-Rosen 14]
Positive results • Constructions for simple functions [Can97, CMR98, LPS04, DS05,Wee05, CD08, CV09, CRV10,BR13] • General constructions in idealized models [CV13,BR13,BGKPS13]
Which functions are VBB obfuscatable? Find rich classes of functions that can be VBB obfuscated
Evasive Functions A family of boolean functions is evasiveif for or every : Alternatively: For every efficient (non-uniform) adversary : .
Applications Evasive Functions Disjunctions Hyperplanes Digital Lockers Fuzzy point functions Point functions
Example Output Good input Input Buggy software Patch Crash Bad input Bad input Error message
No impossibility for VBB obfuscation* of evasive functions *for the right notion of VBB
VBB for Evasive Functions Turing machine Circuit Worst-case Impossible Impossible No known impossibility Average-case Impossible
Contributions • New definitions for evasive function obfuscation and the relations between them. • Constructions for the zero-set of low degree polynomial based on multilinear maps • Virtual-gray box obfuscation for evasive functions • Virtual-gray box obfuscation for all functions
New definitions for evasive function obfuscation and the relations between them. • Constructions for the zero-set of low degree polynomial based on multilinear maps • Virtual-gray box obfuscation for evasive functions • Virtual-gray box obfuscation for all functions
Average-case VBB For every adversary there exists a simulator such that for every predicate and for a random key :
Input-Hiding Obfuscation For every adversary • Only achievable for evasive functions • Incomparable to average-case VBB
New definitions for evasive function obfuscation and the relations between them. • Constructions for the zero-set of low degree polynomial based on multilinear maps • Virtual-gray box obfuscation for evasive functions • Virtual-gray box obfuscation for all functions
Constructions Average-case VBB and Input-hiding obfuscation for a subclass of evasive function: Roots of low degree multivariate polynomials is defined by a multivariate polynomial over . For key and input : .
Is the Root Set Evasive? For every input .
Two Constructions Input-hiding Average-case VBB given by anarithmetic circuit of size and depth given by an arithmetic circuit of size and degree Perfectly-hiding graded encoding One-way graded encoding
Graded Encodings [Garg-Gentry-Halevi 13] • including a description of a ring • For every and every d, is an encoding • , • (candidate scheme with public encoding from [CLT13])
Input-Hiding Zero Evaluate using
Proof Idea Assume there exists such that: If then is a root of Can use to invert
New definitions for evasive function obfuscation and the relations between them. • Constructions for the zero-set of low degree polynomial based on multilinear maps • Virtual-gray box obfuscation for evasive functions • Virtual-gray box obfuscation for all functions
Virtual Grey-Box (VGB) [Bitansky-Canetti 10] For every adversary there exists an unbounded simulator making polynomial number of oracle queriessuch that for every predicate and for a random key : Polynomial # of queries Computationally unbounded
Why VGB? Virtual black-box obfuscation Virtual grey-box obfuscation Indistinguishability obfuscation
Applications of VGB [Bitansky-Canetti 10] Composable VGB obfuscation for point functionsfrom a strong variant of DDH. Digital lockers [CD08], strong KDM encryption [CKVW10], CCA encryption [MH14], computational fuzzy extractors [CFPR14].
Virtual Grey-Box Virtual grey-box is not always meaningful. Example: pseudorandom functions For what functions is virtual grey-box meaningful?
VGB for Evasive Functions For evasive functions , Average-case VBB average-case VGB Polynomial # of queries Computationally unbounded
Theorem Average-case VGB for evasive functions Average-case VGB* for all functions * 1. Simulator make (slightly) super-polynomial #queries 2. Obfuscator is inefficient + indistinguishability obfuscation for all functions
Proof Idea Any function family can be decomposed to: Can be learned by the VGB simulator Evasive
Decomposition via Learning is evasive.