TCC 2020

Title

Indistinguishability Obfuscation from Well-Founded Assumptions

Abstract

We present a construction of an indistinguishability obfuscation scheme, whose security rests on the subexponential hardness of four well-founded assumptions. We show the existence of an indistinguishability obfuscation scheme for all circuits assuming sub-exponential security of the following assumptions:

• The Learning with Errors (LWE) assumption with arbitrarily small subexponential modulus-to-noise ratio,
• The SXDH assumption with respect to bilinear groups of prime order p,
• Existence of a Boolean Pseudorandom Generator (PRG) in $\mathsf{NC}^0$ with arbitrary polynomial stretch, that is, mapping n bits to $n^{1+\tau}$ bits, for any constant $\tau>0$.
• The Learning Parity with Noise (LPN) assumption over $\mathbb{Z}_p$ with error-rate $\ell^{-\delta}$, where $\ell$ is the dimension of the secret and $\delta>0$ is an arbitrarily small constant.

Further, assuming only polynomial security of these assumptions, there exists a compact public-key functional encryption scheme for all circuits.

The main technical novelty is the introduction and construction of a cryptographic pseudorandom generator that we call a Structured-Seed PRG (sPRG), assuming LPN over $\mathbb{Z}_p$ and PRGs in $\mathsf{NC}^0$.

During the talk, I will discuss how structured seed PRGs have evolved from different notions of novel pseudorandom generators proposed in the past few years, and how an interplay between different areas of theoretical computer science played a major role in providing valuable insights leading to this work. Time permitting, I will go into the details of how to construct sPRGs.

Joint work with Huijia (Rachel) Lin and Amit Sahai.

Title

Obfuscation from Homomorphic Encryption Schemes

Abstract

We discuss a new approach to construct general-purpose indistinguishability obfuscation (iO). We construct iO from an interplay of homomorphic encryption schemes that satisfy a series of structural properties: Crucially, one should be able to produce a short decryption hint that allows anyone to recover the entire plaintext of a given ciphertext, without affecting the semantic security of the scheme.

We show a generic candidate construction of iO based on three building blocks: (i) A standard FHE scheme with linear decrypt-and-multiply, (ii) a linearly homomorphic encryption scheme with short decryption hints, and (iii) a cryptographic hash function. We show evidence that this construction is secure by providing an argument in an appropriately defined oracle model.

We view our construction as a big departure from the state-of-the-art constructions, and it is in fact quite simple.

Title

Candidate Obfuscation via Oblivious LWE Sampling

Abstract

We present a new, simple candidate construction of indistinguishability obfuscation (iO). Our scheme is inspired by lattices and learning-with-errors (LWE) techniques, but we are unable to prove security under a standard assumption. Instead, we formulate a new falsifiable assumption under which the scheme is secure. Furthermore, the scheme plausibly achieves post-quantum security.

Our construction is based on the recent "split FHE" framework of Brakerski, Döttling, Garg, and Malavolta (EUROCRYPT '20), and we provide a new instantiation of this framework. As a first step, we construct an iO scheme that is provably secure assuming that LWE holds and that it is possible to obliviously generate LWE samples without knowing the corresponding secrets. We define a precise notion of oblivious LWE sampling that suffices for the construction. It is known how to obliviously sample from any distribution (in a very strong sense) using iO, and our result provides a converse, showing that the ability to obliviously sample from the specific LWE distribution (in a much weaker sense) already also implies iO. As a second step, we give a heuristic contraction of oblivious LWE sampling. On a very high level, we do this by homomorphically generating pseudorandom LWE samples using an encrypted pseudorandom function.

Joint work with Hoeteck Wee.

Romain Gay

Title

Indistinguishability Obfuscation from Circular Security

Abstract

We show the existence of indistinguishability obfuscators (iO) for general circuits assuming subexponential security of:

1. the Learning with Error (LWE) assumption (with subexponential modulus-to-noise ratio);
2. a circular security conjecture regarding the Gentry-Sahai-Water’s (GSW) encryption scheme.

The circular security conjecture states that a notion of leakage-resilient security (that we prove is satisfied by GSW assuming LWE) is retained in the presence of an encryption of the secret key. Our work thus places iO on qualitatively similar assumptions as unlevelled FHE, for which known constructions also rely on a circular security conjecture.