on the complexity of compressing obfuscation
play

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi - PowerPoint PPT Presentation

Feb 21, 2023 •129 likes •1.01k views

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

  1. On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018

  2. Indistinguishability Obfuscation (iO) An obfuscator is a compiler which ‣ preserves functionality ‣ obfuscated circuit is “unintelligible” i O C C

  3. Indistinguishability Obfuscation (iO) An obfuscator is a compiler which ‣ preserves functionality ‣ obfuscated circuit is “unintelligible” x x i O C C y y

  4. Indistinguishability Obfuscation (iO) An obfuscator is a compiler which ‣ preserves functionality ‣ obfuscated circuit is “unintelligible” x x i O C C y y If C 0 and C 1 compute the same function and |C 0 |=|C 1 |, then iO(C 0 ) and iO(C 1 ) are hard to distinguish

  5. Power of iO

  6. Power of iO Classical Crypto One-way functions [KMN+14] iO Trapdoor permutations + standard [BPW15] Public-key assumptions encryption [SW14] Non-interactive zero knowledge [SW14]

  7. Power of iO Modern Crypto Classical Crypto One-way functions [KMN+14] iO Trapdoor permutations + standard [BPW15] Public-key assumptions encryption [SW14] Fully homomorphic encryption Non-interactive zero [CLT+15] knowledge [SW14]

  8. Power of iO Modern Constant-round concurrent Crypto zero knowledge [CLP15] Classical Crypto Deniable One-way encryption functions [KMN+14] [SW14] iO Trapdoor permutations + standard [BPW15] Public-key assumptions encryption [SW14] Fully homomorphic Cryptographic encryption Non-interactive zero hardness of PPAD [CLT+15] knowledge [SW14] [BPR15] Multi-input functional encryption [GGG+14, BKS16] Many more!

  9. Existence of iO Reduce iO to seemingly weaker building blocks

  10. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block

  11. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block Reduce the existence of iO to new concrete assumptions

  12. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block Reduce the existence of iO to new concrete assumptions In all of these, the assumption is nonstandard and is vulnerable to attacks [ADGM17,BBKK17,BWZ14,CGH17,CHLRS15,GHMS14,LV17,MSZ16]

  13. Existence of iO Reduce iO to seemingly weaker building blocks iO cryptographic building block Reduce the existence of iO to new concrete assumptions In all of these, the assumption is nonstandard and is vulnerable to attacks [ADGM17,BBKK17,BWZ14,CGH17,CHLRS15,GHMS14,LV17,MSZ16]

  14. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16]

  15. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF

  16. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF What is the weakest building block that implies iO?

  17. Existence of iO Compact public-key functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF What is the weakest building block that implies iO? All building blocks require some form of compression

  18. Existence of iO Ciphertexts Compact public-key are “short” functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] + OWF What is the weakest building block that implies iO? All building blocks require some form of compression

  19. Existence of iO Ciphertexts Compact public-key are “short” functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] Ciphertexts don’t + OWF grow with number of functional keys What is the weakest building block that implies iO? All building blocks require some form of compression

  20. Existence of iO Ciphertexts Compact public-key are “short” functional encryption (FE) [AJ15,BV15] iO Collusion- Resistant Secret- Compact Key FE [FKT18] Randomized Encodings [LPST16] Ciphertexts don’t + OWF Encoding grow with number of time is “small” functional keys What is the weakest building block that implies iO? All building blocks require some form of compression

  21. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) n i O C C time t(s,n) |C| = s |iO(C)| = ℓ (s,n)

  22. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) t(s,n)= ℓ (s,n)=

  23. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) iO t(s,n)= poly ( s ) ℓ (s,n)= poly ( s )

  24. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) iO Trivial t(s,n)= poly ( s ) 2 n · s ℓ (s,n)= poly ( s ) 2 n

  25. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) time = |truth table| size = smaller than truth table XiO [LPST16] iO Trivial t(s,n)= poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  26. Compressing Obfuscation A (t, ℓ )-compressing obfuscator has: This talk: circuits C Time to obfuscate is t(s,n) - Size s - input length n Size of the obfuscation is ℓ (s,n) time = |truth table| size = smaller than time and size truth table smaller than truth table XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  27. Compression Hierarchy Strength of assumption XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  28. Compression Hierarchy +LWE Strength of assumption XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  29. Compression Hierarchy +LWE Strength of assumption +OWF [KNT18] XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  30. Compression Hierarchy sub- exponential +LWE security Strength of assumption +OWF [KNT18] XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  31. Compression Hierarchy sub- exponential +LWE security Strength of assumption +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  32. Compression Hierarchy sub- exponential +LWE security Strength of assumption +OWF [KNT18] [MMN+16, GMM17] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  33. Compression Hierarchy Can we use only OWF? sub- exponential +LWE security Strength of assumption +OWF [KNT18] [MMN+16, GMM17] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  34. Compression Hierarchy Assume sub-exponential OWF +LWE +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  35. Compression Hierarchy Assume sub-exponential OWF Obfustopia +LWE iO, PKE exist +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

  36. Compression Hierarchy Assume sub-exponential OWF Minicrypt Obfustopia +LWE iO, PKE No PKE exist +OWF [KNT18] + OWF = “holy grail” XiO [LPST16] SXiO [BNPW16] iO Trivial t(s,n)= 2 n (1 − ✏ ) · poly ( s ) poly (2 n , s ) poly ( s ) 2 n · s ℓ (s,n)= 2 n (1 − ✏ ) · poly ( s ) 2 n (1 − ✏ ) · poly ( s ) poly ( s ) 2 n

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
Lempel- -Ziv Ziv- -Welch (LZW) Welch (LZW) Lempel Data Compressing Model Data Compressing

Lempel- -Ziv Ziv- -Welch (LZW) Welch (LZW) Lempel Data Compressing Model Data Compressing

Lempel- -Ziv Ziv- -Welch (LZW) Welch (LZW) Lempel Data Compressing Model Data Compressing Model Martin Chakravorti Information Information What is information? Any interaction What is information? Any interaction between objects, when

754 views • 15 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides
Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Revised on Feb 10, 2014

Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Revised on Feb 10, 2014

Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Revised on Feb 10, 2014 Gbor Rtvri, Jnos Tapolcai, Attila K orsi, Andrs Majdn, Zaln Heszberger Budapest Univ. of Technology and Economics Dept. of

244 views • 23 slides
Compressing Strings of the Kernel Wolfram Sang Consultant 21.8.2014, LinuxCon14 Wolfram Sang

Compressing Strings of the Kernel Wolfram Sang Consultant 21.8.2014, LinuxCon14 Wolfram Sang

. . Compressing Strings of the Kernel Wolfram Sang Consultant 21.8.2014, LinuxCon14 Wolfram Sang (wsa@the-dreams.de) Compressing Strings of the Kernel 21.8.2014, LinuxCon14 1 / 36 The origin: CEWG project 1 kernel debug messages.

909 views • 44 slides
Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of Concept Consistency P (co-)NP PSpace ExpTime NExpTime ALC reg ALUN (NP) ALCN add regular roles without , (wrt acyc. TBoxes) ALC u only A ALN

745 views • 16 slides
Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Gbor Rtvri, Jnos

Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Gbor Rtvri, Jnos

Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond Gbor Rtvri, Jnos Tapolcai, Attila K orsi, Andrs Majdn, Zaln Heszberger Budapest Univ. of Technology and Economics Dept. of Telecomm. and Media Informatics

418 views • 24 slides
Mixing Between Two Compressing Cylinders Steven H. Batha Los Alamos National Laboratory K. W.

Mixing Between Two Compressing Cylinders Steven H. Batha Los Alamos National Laboratory K. W.

LA-UR-01-6658 Mixing Between Two Compressing Cylinders Steven H. Batha Los Alamos National Laboratory K. W. Parker, # C. W. Barnes,* A. M. Dunne, # N. E. Lanier,* G. R. Magelssen,* T. J. Murphy,* S. D. Rothman, # J. M. Scott,* and D. L. Youngs #

619 views • 16 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon

DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon

DRM obfuscation vs auxiliary attacks Show me your trace and Ill tell you who you are REcon 2014 Introduction First layer: Code flattening pTra Algorithm reconstruction : RSA-OAEP Rebuilding a cipher function whiteboxed : AES-CBC

1.43k views • 103 slides
Obfuscation: Positive Results and Techniques Benjamin Lynn Manoj Prabhakaran Amit Sahai

Obfuscation: Positive Results and Techniques Benjamin Lynn Manoj Prabhakaran Amit Sahai

Obfuscation: Positive Results and Techniques Benjamin Lynn Manoj Prabhakaran Amit Sahai Stanford University Princeton University Princeton University EUROCRYPT '04 Obfuscation Hide the internals of

721 views • 28 slides
Compressing IP Forwarding Tables for Fun and Profit Gbor Rtvri, Zoltn Cserntony, Attila

Compressing IP Forwarding Tables for Fun and Profit Gbor Rtvri, Zoltn Cserntony, Attila

Compressing IP Forwarding Tables for Fun and Profit Gbor Rtvri, Zoltn Cserntony, Attila Krsi, Jnos Tapolcai Andrs Csszr, Gbor Enyedi, Gergely Pongrcz Budapest Univ. of Technology and Economics Dept. of Telecomm. and

521 views • 23 slides
A Compressing Method for Genome Sequence Cluster using Sequence Alignment Kwang Su Jung 1 , Nam

A Compressing Method for Genome Sequence Cluster using Sequence Alignment Kwang Su Jung 1 , Nam

A Compressing Method for Genome Sequence Cluster using Sequence Alignment Kwang Su Jung 1 , Nam Hee Yu 1 , Seung Jung Shin 2 , Keun Ho Ryu 1 1 Database/Bioinformatics Laboratory, Chungbuk National University, Korea 2 Divison of IT, Hansei

318 views • 6 slides

More recommend