on the complexity of compressing obfuscation
play

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi - PowerPoint PPT Presentation

Feb 21, 2023 •129 likes •1.01k views

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

  1. On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018

  2. Indistinguishability Obfuscation (iO) An obfuscator is a compiler which ‣ preserves functionality ‣ obfuscated circuit is “unintelligible” i O C C

  3. Indistinguishability Obfuscation (iO) An obfuscator is a compiler which ‣ preserves functionality ‣ obfuscated circuit is “unintelligible” x x i O C C y y

  4. Indistinguishability Obfuscation (iO) An obfuscator is a compiler which ‣ preserves functionality ‣ obfuscated circuit is “unintelligible” x x i O C C y y If C 0 and C 1 compute the same function and |C 0 |=|C 1 |, then iO(C 0 ) and iO(C 1 ) are hard to distinguish

  5. Power of iO

  6. Power of iO Classical Crypto One-way functions [KMN+14] iO Trapdoor permutations + standard [BPW15] Public-key assumptions encryption [SW14] Non-interactive zero knowledge [SW14]

  7. Power of iO Modern Crypto Classical Crypto One-way functions [KMN+14] iO Trapdoor permutations + standard [BPW15] Public-key assumptions encryption [SW14] Fully homomorphic encryption Non-interactive zero [CLT+15] knowledge [SW14]

  8. Power of iO Modern Constant-round concurrent Crypto zero knowledge [CLP15] Classical Crypto Deniable One-way encryption functions [KMN+14] [SW14] iO Trapdoor permutations + standard [BPW15] Public-key assumptions encryption [SW14] Fully homomorphic Cryptographic encryption Non-interactive zero hardness of PPAD [CLT+15] knowledge [SW14] [BPR15] Multi-input functional encryption [GGG+14, BKS16] Many more!

  9. Existence of iO Reduce iO to seemingly weaker building blocks

  10. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block

  11. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block Reduce the existence of iO to new concrete assumptions

  12. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block Reduce the existence of iO to new concrete assumptions In all of these, the assumption is nonstandard and is vulnerable to attacks [ADGM17,BBKK17,BWZ14,CGH17,CHLRS15,GHMS14,LV17,MSZ16]

  13. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block Reduce the existence of iO to new concrete assumptions In all of these, the assumption is nonstandard and is vulnerable to attacks [ADGM17,BBKK17,BWZ14,CGH17,CHLRS15,GHMS14,LV17,MSZ16]

  14. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16]

  15. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF

  16. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF What is the weakest building block that implies iO?

  17. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF What is the weakest building block that implies iO? All building blocks require some form of compression

  18. Existence of iO Ciphertexts Compact public-key are “short” functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF What is the weakest building block that implies iO? All building blocks require some form of compression

  19. Existence of iO Ciphertexts Compact public-key are “short” functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] Ciphertexts don’t + OWF grow with number of functional keys What is the weakest building block that implies iO? All building blocks require some form of compression

  20. Existence of iO Ciphertexts Compact public-key are “short” functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] Ciphertexts don’t + OWF Encoding grow with number of time is “small” functional keys What is the weakest building block that implies iO? All building blocks require some form of compression

  21. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) n i O C C time t(s,n) |C| = s |iO(C)| = ℓ (s,n)

  22. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) t(s,n)= ℓ (s,n)=

  23. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) iO t(s,n)= poly ( s ) ℓ (s,n)= poly ( s )

  24. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) iO Trivial t(s,n)= poly ( s ) 2 n · s ℓ (s,n)= poly ( s ) 2 n

  25. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) time = |truth table| size = smaller than truth table XiO [LPST16] iO Trivial t(s,n)= poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  26. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) time = |truth table| size = smaller than time and size truth table smaller than truth table XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  27. Compression Hierarchy Strength of assumption XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  28. Compression Hierarchy +LWE Strength of assumption XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  29. Compression Hierarchy +LWE Strength of assumption +OWF [KNT18] XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  30. Compression Hierarchy sub- exponential +LWE security Strength of assumption +OWF [KNT18] XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  31. Compression Hierarchy sub- exponential +LWE security Strength of assumption +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  32. Compression Hierarchy sub- exponential +LWE security Strength of assumption +OWF [KNT18] [MMN+16, GMM17] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  33. Compression Hierarchy Can we use only OWF? sub- exponential +LWE security Strength of assumption +OWF [KNT18] [MMN+16, GMM17] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  34. Compression Hierarchy Assume sub-exponential OWF +LWE +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  35. Compression Hierarchy Assume sub-exponential OWF Obfustopia +LWE iO, PKE exist +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  36. Compression Hierarchy Assume sub-exponential OWF Minicrypt Obfustopia +LWE iO, PKE No PKE exist +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
Lempel- -Ziv Ziv- -Welch (LZW) Welch (LZW) Lempel Data Compressing Model Data Compressing

Lempel- -Ziv Ziv- -Welch (LZW) Welch (LZW) Lempel Data Compressing Model Data Compressing

Lempel- -Ziv Ziv- -Welch (LZW) Welch (LZW) Lempel Data Compressing Model Data Compressing Model Martin Chakravorti Information Information What is information? Any interaction What is information? Any interaction between objects, when

754 views • 15 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides
Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Revised on Feb 10, 2014

Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Revised on Feb 10, 2014

Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Revised on Feb 10, 2014 Gbor Rtvri, Jnos Tapolcai, Attila K orsi, Andrs Majdn, Zaln Heszberger Budapest Univ. of Technology and Economics Dept. of

244 views • 23 slides
Compressing Strings of the Kernel Wolfram Sang Consultant 21.8.2014, LinuxCon14 Wolfram Sang

Compressing Strings of the Kernel Wolfram Sang Consultant 21.8.2014, LinuxCon14 Wolfram Sang

. . Compressing Strings of the Kernel Wolfram Sang Consultant 21.8.2014, LinuxCon14 Wolfram Sang (wsa@the-dreams.de) Compressing Strings of the Kernel 21.8.2014, LinuxCon14 1 / 36 The origin: CEWG project 1 kernel debug messages.

909 views • 44 slides
Benchmarking HDF5 Compression Filters in R Mike L. Smith @grimbough HDF5 is a file format for

Benchmarking HDF5 Compression Filters in R Mike L. Smith @grimbough HDF5 is a file format for

Benchmarking HDF5 Compression Filters in R Mike L. Smith @grimbough HDF5 is a file format for storing large, heterogenous, data Used in a variety of software, e.g: DelayedArray Kallisto ONT sequencing mz5 mass spec

414 views • 12 slides
Models for Sentence Compression A Comparison across Domains, Training Requirements and Evaluation

Models for Sentence Compression A Comparison across Domains, Training Requirements and Evaluation

Models for Sentence Compression A Comparison across Domains, Training Requirements and Evaluation Measures James Clarke and Mirella Lapata School of Informatics University of Edinburgh July 2006 ACL 2006 James Clarke and Mirella Lapata 1

1.07k views • 62 slides
in RIOT? R I O T S U M M I T 2 0 2 0 - B A R T M O O N S MAIN GOAL Integrate libSCHC for

in RIOT? R I O T S U M M I T 2 0 2 0 - B A R T M O O N S MAIN GOAL Integrate libSCHC for

Static Context Header Compression [sjiek] Where do we want to go in RIOT? R I O T S U M M I T 2 0 2 0 - B A R T M O O N S MAIN GOAL Integrate libSCHC for standard, IPv6-based connectivity to the smallest devices reliable

471 views • 20 slides
Faster Isogeny-Based Compressed Key Agreement Gustavo H. M. Zanon, Marcos A. Simplicio Jr,

Faster Isogeny-Based Compressed Key Agreement Gustavo H. M. Zanon, Marcos A. Simplicio Jr,

Faster Isogeny-Based Compressed Key Agreement Gustavo H. M. Zanon, Marcos A. Simplicio Jr, Geovandro C. C. F. Pereira , Javad Doliskani, and Paulo S. L. M. Barreto. 1 REVI EW : SI DH AND COMPRESSED KEYS 2 Isogeny-based Crypto n SIDH:

856 views • 81 slides
Panoramic video content distribution in the xTV project Peter Quax, Panagiotis Issaris, Wouter

Panoramic video content distribution in the xTV project Peter Quax, Panagiotis Issaris, Wouter

Panoramic video content distribution in the xTV project Peter Quax, Panagiotis Issaris, Wouter Vanmontfort, Wim Lamotte Hasselt University, Belgium Panoramic/omni-directional Video Concept Comparison : Google streetview with video instead

538 views • 40 slides
Accelerating the Tucker Decomposition with Compressed Sparse Tensors Shaden Smith and George

Accelerating the Tucker Decomposition with Compressed Sparse Tensors Shaden Smith and George

Accelerating the Tucker Decomposition with Compressed Sparse Tensors Shaden Smith and George Karypis Department of Computer Science & Engineering, University of Minnesota { shaden, karypis } @cs.umn.edu Euro-Par 2017 1 / 40 Outline Tensor

921 views • 57 slides
Preview question Officially the name of the Tor network is not an acronym, but the or part

Preview question Officially the name of the Tor network is not an acronym, but the or part

Preview question Officially the name of the Tor network is not an acronym, but the or part of the name originated from this technique it uses: CSci 5271 A. onion routing Introduction to Computer Security DoS, Tor, and usability combined

392 views • 10 slides
Compressing DMA Engine: Leveraging Activation Sparsity For Training Deep Neural Networks Minsoo

Compressing DMA Engine: Leveraging Activation Sparsity For Training Deep Neural Networks Minsoo

(C) Minsoo Rhu 1 Compressing DMA Engine: Leveraging Activation Sparsity For Training Deep Neural Networks Minsoo Rhu , Mike OConnor * , Niladrish Chatterjee * , Jeff Pool * , Youngeun Kwon , and Stephen W. Keckler * POSTECH and

2.04k views • 66 slides

More recommend