Recent breakthroughs in cryptography have positioned indistinguishability obfus-cation as a "central hub" for almost all known cryptographic tasks, and as an extremely powerful building block for new cryptographic tasks resolving long-standing and foundational open problems. However, constructions based on indistinguishability obfuscation almost always rely on non-black-box techniques, and thus the extent to which it can be used as a building block has been completely unexplored so far. We present a framework for proving meaningful negative results on the power of indistinguishability obfuscation. By consideringindistinguishability obfuscation for oracle-aided circuits, we capture the common techniques that have been used so far in constructions based on indistinguishability obfuscation. These include, in particular, non-black-box techniques such as the punctured programming approach of Sahai and Waters [A. Sahai and B. Waters, How to use indis-tinguishability obfuscation: Deniable encryption, and more, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing, ACM, New York, 2014, pp. 475-484] and its variants, as well as subexponential security assumptions. Within our framework we prove the first negative results on the power of indistinguishability obfuscation and of the tightly related notion of functional encryption. Our results are as follows: (1) There is no fully black-box construction of a collision-resistant function family from an indistinguishability obfuscator for oracle-aided circuits. (2) There is no fully black-box construction of a key-agreement protocol with perfect completeness from a private-key functional encryption scheme for oracle-aided circuits. Specifically, we prove that any such potential constructions must suffer from an exponential security loss, and thus our results cannot be circumvented using subexponential security assumptions. Our framework captures constructions that may rely on a wide variety of primitives in a non-black-box manner (e.g., obfuscating or generating a functional key for a function that uses the evaluation circuit of a puncturable pseudorandom function), and we only assume that the underlying indistinguishability obfuscator or functional encryption scheme itself is used in a black-box manner.
|Number of pages||60|
|Journal||SIAM Journal on Computing|
|State||Published - 2016|
Bibliographical noteFunding Information:
A preliminary version of this work appeared in Proceedings of the 56th Annual IEEE Symposium on Foundations of Computer Science (FOCS), 2015, pp. 191-209. The work of the first author was supported by the Simons Foundation via a Junior Fellow Award. The work was done while the author was a postdoctoral researcher at the Hebrew University's School of Computer Science and Engineering. The work of the second author was supported by the European Union's 7th Framework Program (FP7) via a Marie Curie Career Integration Grant, by the Israel Science Foundation (grant 483/13), by the Israeli Centers of Research Excellence (I-CORE) Program (Center 4/11), by the US-Israel Binational Science Foundation (grant 2014632), and by a Google Faculty Research Award.
© 2016 Society for Industrial and Applied Mathematics.
- Functional encryption
- Indistinguishability obfuscation
- Lower bounds