differing inputs obfuscation
play

Differing-Inputs Obfuscation May 12, 2016 EUROCRYPT 2016 Mihir - PowerPoint PPT Presentation

Jan 27, 2023 •33 likes •403 views

New Negative Results on Differing-Inputs Obfuscation May 12, 2016 EUROCRYPT 2016 Mihir Bellare Igors Stepanovs Brent Waters 1 Our Main Result at a Glance Bellare, Stepanovs, Waters - EUROCRYPT 2016 Differing-inputs obfuscation (Barak et

  1. New Negative Results on Differing-Inputs Obfuscation May 12, 2016 EUROCRYPT 2016 Mihir Bellare Igors Stepanovs Brent Waters 1

  2. Our Main Result at a Glance Bellare, Stepanovs, Waters - EUROCRYPT 2016 Differing-inputs obfuscation (Barak et al., 2001) Differing-inputs obfuscation is implausible [GGHW14]: … because it cannot coexist with another form of obfuscation that seems to be weaker. This work: Differing-inputs obfuscation is impossible … assuming sub-exponentially secure one-way functions. 2

  3. Our Main Result at a Glance Bellare, Stepanovs, Waters - EUROCRYPT 2016 Differing-inputs obfuscation (Barak et al., 2001) for circuits Differing-inputs obfuscation is implausible [GGHW14]: … because it cannot coexist with another form of obfuscation that seems to be weaker. sub-exp secure for TMs This work: Differing-inputs obfuscation is impossible … assuming sub-exponentially secure one-way functions. 3

  4. Obfuscation Bellare, Stepanovs, Waters - EUROCRYPT 2016 Program P * Program P Obfuscator Circuits or Turing Machines 1. Correctness: 2. Security: functionally equivalent, no more useful and i.e. P (x) = P * (x) for all x. than an oracle for 4

  5. Obfuscation Bellare, Stepanovs, Waters - EUROCRYPT 2016 Program P * Program P Obfuscator Circuits or Turing Machines 1. Correctness: 2. Security: functionally equivalent, no more useful and i.e. P (x) = P * (x) for all x. than an oracle for [BGIRSVY01]: Virtual Black Box Obfuscation is impossible! 5

  6. Obfuscation Bellare, Stepanovs, Waters - EUROCRYPT 2016 Program P * Program P Obfuscator Circuits or Turing Machines 1. Correctness: 2. Security: functionally equivalent, no more useful and i.e. P (x) = P * (x) for all x. than an oracle for [BGIRSVY01]: Virtual Black Box Obfuscation is impossible! Are there weaker forms of obfuscation that are achievable and useful ? – point-function obfuscation [ C97, CMR98, LPS04, ... ] PO – virtual grey box obfuscation [ BC10, ... ] VGBO – indistinguishability obfuscation [ BGIRSVY01, GGHRSW13, SW13, ... ] iO – differing-inputs obfuscation [ BGIRSVY01, BCP13, ABGSZ13, ... ] diO 6

  7. Indistinguishability and Differing-Inputs Obfuscation [BGIRSVY01] Bellare, Stepanovs, Waters - EUROCRYPT 2016 b ∈ {left, right} Left world: $ Security of indistinguishability obfuscation (iO): P̃ Obf (P 0 ) P̃ Obf is iO-secure if: (P 0 , P 1 ) G D For all PT adversaries G that output Right world: (P 0 , P 1 ) such that P 0 ≡ P 1 $ P̃ P̃ Obf (P 1 ) no PT adversary D can distinguish left from right. aux computationally hard PT adversaries: G – Generator; D – Distinguisher; 7

  8. Indistinguishability and Differing-Inputs Obfuscation [BGIRSVY01] Bellare, Stepanovs, Waters - EUROCRYPT 2016 b ∈ {left, right} Left world: $ Security of indistinguishability obfuscation (iO): P̃ Obf (P 0 ) P̃ Obf is iO-secure if: (P 0 , P 1 ) G D For all PT adversaries G that output Right world: (P 0 , P 1 ) such that P 0 ≡ P 1 $ P̃ P̃ Obf (P 1 ) no PT adversary D can distinguish left from right. aux Security of differing-inputs obfuscation (diO): Obf is diO-secure if: PT adversaries: For all PT adversaries G that output G – Generator; (P 0 , P 1 ) such that it is computationally hard D – Distinguisher; to find x satisfying P 0 (x) ≠ P 1 (x) no PT adversary D can distinguish left from right. 8

  9. Indistinguishability and Differing-Inputs Obfuscation [BGIRSVY01] Bellare, Stepanovs, Waters - EUROCRYPT 2016 b ∈ {left, right} Left world: $ Security of indistinguishability obfuscation (iO): P̃ Obf (P 0 ) P̃ Obf is iO-secure if: (P 0 , P 1 ) G D For all PT adversaries G that output Right world: (P 0 , P 1 ) such that P 0 ≡ P 1 $ P̃ P̃ Obf (P 1 ) no PT adversary D can distinguish left from right. aux Security of differing-inputs obfuscation (diO): Obf is diO-secure if: PT adversaries: (P 0 , P 1 ) G I x For all PT adversaries G that output G – Generator; (P 0 , P 1 ) such that it is computationally hard D – Distinguisher; aux to find x satisfying P 0 (x) ≠ P 1 (x) I – Inverter. no PT adversary D can distinguish left from right. 9

  10. Indistinguishability and Differing-Inputs Obfuscation [BGIRSVY01] Bellare, Stepanovs, Waters - EUROCRYPT 2016 b ∈ {left, right} Left world: $ Security of indistinguishability obfuscation (iO): P̃ Obf (P 0 ) P̃ Obf is iO-secure if: (P 0 , P 1 ) G D For all PT adversaries G that output Right world: (P 0 , P 1 ) such that P 0 ≡ P 1 $ P̃ P̃ Obf (P 1 ) no PT adversary D can distinguish left from right. aux Security of differing-inputs obfuscation (diO): Obf is diO-secure if: PT adversaries: (P 0 , P 1 ) G I x For all PT adversaries G that output G – Generator; (P 0 , P 1 ) such that it is computationally hard D – Distinguisher; aux to find x satisfying P 0 (x) ≠ P 1 (x) I – Inverter. no PT adversary D can distinguish left from right. polynomially hard (1) Polynomially diO-secure We consider two security levels: (2) Sub-exponentially diO-secure sub-exponentially hard 10

  11. Indistinguishability Obfuscation (iO) Bellare, Stepanovs, Waters - EUROCRYPT 2016 Is iO achievable? Why should I care?! [SW13, ...] [GGHRSW13, …] We can build many crypto Here is a candidate primitives from iO! construction! “iO as a central hub of cryptography” 11

  12. Indistinguishability Obfuscation (iO) Bellare, Stepanovs, Waters - EUROCRYPT 2016 Is iO achievable? Why should I care?! [SW13, ...] [GGHRSW13, …] We can build many crypto Here is a candidate primitives from iO! construction! “iO as a central hub of cryptography” Heavy, ad-hoc assumptions. Constructions are getting broken. proposed Does iO exist? broken 12

  13. Indistinguishability Obfuscation (iO) Bellare, Stepanovs, Waters - EUROCRYPT 2016 Is iO achievable? Why should I care?! [SW13, ...] [GGHRSW13, …] We can build many crypto Here is a candidate primitives from iO! construction! “iO as a central hub of cryptography” Heavy, ad-hoc assumptions. Candidate iO constructions conjectured to meet diO. (Proven in idealized models by BR13, BGKPS13). Constructions are getting broken. proposed We make progress towards Does iO exist? settling the existence of iO by providing negative results for diO. broken 13

  14. Implausibility of Differing-Inputs Obfuscation Bellare, Stepanovs, Waters - EUROCRYPT 2016 [GGHW14] Theorem ([GGHW14]): Polynomially secure diO for circuits does not exist if: there exists an existentially unforgeable digital signature scheme DS, and there exists a collision-resistant hash function H, and there exists a special-purpose obfuscator for H and DS. A novel, ad-hoc assumption introduced by [GGHW14]. Is it more plausible than diO? Differing-inputs obfuscation is implausible! [GGHW14] 14

  15. Our Results Bellare, Stepanovs, Waters - EUROCRYPT 2016 Theorem A. Sub-exponentially secure diO for TMs does not exist if: The proof uses iO! sub-exponentially secure one-way functions exist. Theorem B. Polynomially secure diO for TMs does not exist if: sub-exponentially secure one-way functions exist, and sub-exponentially secure indistinguishability obfuscation for circuits exists. 15

  16. Our Results Bellare, Stepanovs, Waters - EUROCRYPT 2016 Theorem A. Sub-exponentially secure diO for TMs does not exist if: The proof uses iO! sub-exponentially secure one-way functions exist. Theorem B. Polynomially secure diO for TMs does not exist if: sub-exponentially secure one-way functions exist, and sub-exponentially secure indistinguishability obfuscation for circuits exists. Type of programs Assumptions [GGHW14] theorem Circuits Special- purpose obfuscation, … Theorem A Turing Machines Sub-exponentially secure OWFs [and sub-exponentially secure iO] 16

  17. Our Results Bellare, Stepanovs, Waters - EUROCRYPT 2016 Theorem A. Sub-exponentially secure diO for TMs does not exist if: The proof uses iO! sub-exponentially secure one-way functions exist. Theorem B. Polynomially secure diO for TMs does not exist if: sub-exponentially secure one-way functions exist, and sub-exponentially secure indistinguishability obfuscation for circuits exists. Type of programs Assumptions [GGHW14] theorem Circuits Special- purpose obfuscation, … Theorem A Turing Machines Sub-exponentially secure OWFs [and sub-exponentially secure iO] Obtain a corollary for circuits from: FHE + diO for circuits + SNARKs diO for TMs. [ABGSZ13, BCP14] 17

  18. Our Results Bellare, Stepanovs, Waters - EUROCRYPT 2016 Theorem A. Sub-exponentially secure diO for TMs does not exist if: The proof uses iO! sub-exponentially secure one-way functions exist. Theorem B. Polynomially secure diO for TMs does not exist if: sub-exponentially secure one-way functions exist, and sub-exponentially secure indistinguishability obfuscation for circuits exists. Type of programs Assumptions [GGHW14] theorem Circuits Special- purpose obfuscation, … Theorem A Turing Machines Sub-exponentially secure OWFs [and sub-exponentially secure iO] Obtain a corollary for circuits from: FHE + diO for circuits + SNARKs diO for TMs. [ABGSZ13, BCP14] When natural problems are hard, Sub-exponential (Factoring, DLOG, LWE, SVP, ...). assumptions?! they appear to be sub-exponentially hard. 18

  19. [GGHW14] Attack Bellare, Stepanovs, Waters - EUROCRYPT 2016 Construct generator G using: digital signature scheme DS, “special-purpose obfuscator” spO, hash function H. (C 0 , C 1 ) G aux Let Obf be any obfuscator. It is not diO-secure if: (1) It is easy to distinguish Obf(C 0 ) from Obf(C 1 ). (2) It is hard to find x such that C 0 (x) ≠ C 1 (x). 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Urinary qualitative organic acid analysis: Differing analytical approaches and performance Dr

Urinary qualitative organic acid analysis: Differing analytical approaches and performance Dr

Urinary qualitative organic acid analysis: Differing analytical approaches and performance Dr Jim Bonham & Dr Verena Peters Scheme design Nine heat treated urine samples per year from real patients with differing metabolic disorders

290 views • 16 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs

Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs

1 2 3 4 5 6 A Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs Other Symbols B B digital.sch other.sch Objects with Mixed Inputs C C mixed.sch Snaiks Kicad Library Presentation

234 views • 6 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker Pawel

616 views • 40 slides
CSE140L: Components and Design Techniques for Digital Systems Lab Power Consumption in Digital

CSE140L: Components and Design Techniques for Digital Systems Lab Power Consumption in Digital

CSE140L: Components and Design Techniques for Digital Systems Lab Power Consumption in Digital Circuits Pietro Mercati 1 About the final Friday 09/02 at 11.30am in WLH2204 ~2hrs exam including (but not limited to): - True/False questions

497 views • 16 slides
osmocom.org - FOSS for mobile networks community based Free / Open Source Software for

osmocom.org - FOSS for mobile networks community based Free / Open Source Software for

Researching communications systems Bootstrapping Osmocom The Osmocom project osmocom.org - FOSS for mobile networks community based Free / Open Source Software for communications Harald Welte <hwelte@sysmocom.de> gnumonks.org

782 views • 36 slides
A 100 A/Ch Fully-Integrable Lock-in Multi-Channel Frontend for Infrared Spectroscopic Gas

A 100 A/Ch Fully-Integrable Lock-in Multi-Channel Frontend for Infrared Spectroscopic Gas

IEEE ISCAS 2010 Intro Channel Preamp Blind-Lock ADC Results Conclusions 1/23 A 100 A/Ch Fully-Integrable Lock-in Multi-Channel Frontend for Infrared Spectroscopic Gas Recognition S. Sutula, C. Ferrer and F. Serra-Graells

614 views • 23 slides
Digita Digital l Signa Signatu tures es Instructor: Ahmad Boorghany Most of the slides are

Digita Digital l Signa Signatu tures es Instructor: Ahmad Boorghany Most of the slides are

Data and Network Security Lab Sharif University of Technology Department of Computer Engineering Digita Digital l Signa Signatu tures es Instructor: Ahmad Boorghany Most of the slides are obtained from Bellare and Rogaways

631 views • 59 slides
Static characteristics - 4 VTC I Dn in = 2.5 in = 0 V V PMOS V NMOS DD - V GSp 2 0.5 -

Static characteristics - 4 VTC I Dn in = 2.5 in = 0 V V PMOS V NMOS DD - V GSp 2 0.5 -

Static characteristics - 4 VTC I Dn in = 2.5 in = 0 V V PMOS V NMOS DD - V GSp 2 0.5 - + V DSp 1.5 1 + V in V out I Dp in = 1.5 V in = 1 V 1.5 1 I Dn in = 2 V V in = 0.5 in = 2.5 V in = 0 V V out V out NMOS off PMOS res

632 views • 27 slides
Digital Modulation Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Digital Modulation Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Digital Modulation Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 8, 2012 1 / 45 Digital Modulation Definition The process of mapping a bit sequence to signals

813 views • 45 slides
DAQ Workshop Summary, Version 2 Kurt Biery CPAD TDAQ Session (with formatting fixes and summary

DAQ Workshop Summary, Version 2 Kurt Biery CPAD TDAQ Session (with formatting fixes and summary

DAQ Workshop Summary, Version 2 Kurt Biery CPAD TDAQ Session (with formatting fixes and summary slides) 23 October 2017 One-Day Workshop on Future DAQ and Trigger Held on Wednesday of this week ~35 people, representing 6 national labs & 7

572 views • 35 slides

More recommend