# Universal Constructions and Robust Combiners for Indistinguishability Obfuscation and Witness Encryption

@inproceedings{Ananth2016UniversalCA, title={Universal Constructions and Robust Combiners for Indistinguishability Obfuscation and Witness Encryption}, author={Prabhanjan Vijendra Ananth and Aayush Jain and Moni Naor and Amit Sahai and Eylon Yogev}, booktitle={CRYPTO}, year={2016} }

Over the last few years a new breed of cryptographic primitives has arisen: on one hand they have previously unimagined utility and on the other hand they are not based on simple to state and tried out assumptions. With the on-going study of these primitives, we are left with several different candidate constructions each based on a different, not easy to express, mathematical assumptions, where some even turn out to be insecure.
A combiner for a cryptographic primitive takes several…

## Figures and Topics from this paper

## 33 Citations

KEM Combiners

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

This work introduces KEM combiners as a way to garner trust from different KEM constructions, rather than relying on a single one, and presents efficient black-box constructions that, given any set of ‘ingredient’ K EMs, yield a new KEM that is (CCA) secure as long as at least one of the ingredient KEMs is.

Obfuscation Combiners

- Computer ScienceCRYPTO
- 2016

It is shown that one can build 3-out-of-4 obfuscation combiners where at least three of the four combiners are secure, whereas 2- out- of-3 structural combiners which combine the obfuscator candidates in a black-box sense with only two secure candidates, are impossible.

Secure Obfuscation in a Weak Multilinear Map Model

- Mathematics, Computer ScienceTCC
- 2016

A new iO candidate is given which can be seen as a small modification or generalization of the original candidate of Garg, Gentry, Halevi, Raykova, Sahai, and Waters FOCS'13, and its security is proved in the weak multilinear map model, thus giving the first iO candidates that is provably secure against all known polynomial-time attacks on GGH13.

Cryptanalysis of Indistinguishability Obfuscations of Circuits over GGH13

- Computer Science, MathematicsICALP
- 2017

This work provides a general efficiently-testable property for two single-input branching programs, called partial inequivalence, which it is shown is sufficient for the variant of annihilation attacks on several obfuscation constructions based on GGH13 multilinear maps.

Robust Transfroming Combiners from iO to FE Prabhanjan Ananth

- 2017

Indistinguishability Obfuscation (iO) has enabled an incredible number of new and exciting applications. However, our understanding of how to actually build secure iO remains in its infancy. While…

Multiparty Homomorphic Encryption

- 2020

The notion of threshold multi-key fully homomorphic encryption (TMK-FHE) [López-Alt, Tromer, Vaikuntanathan, STOC’12] was proposed as a generalization of fully homomorphic encryption to the…

Witness Encryption with (Weak) Unique Decryption and Message Indistinguishability: Constructions and Applications

- Computer ScienceACISP
- 2019

This paper proposes the notion of THE AUTHORS with MI and weak unique decryption, and gives a construction based on public-coin differing-inputs obfuscation, pseudorandom generator, and the Goldreich-Levin hard-core predicate, and shows that using this THEY with unique dec encryption, one can get rid of the limitation of honest-verifier zero-knowledge property, thus yielding a 4-round non-black-box zero- knowledge argument.

Combiners for Functional Encryption, Unconditionally

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2020

This work has shown that the ability to combine many candidates for a functional encryption scheme into another functional encryption candidate with the guarantee that the resulting candidate is secure as long as at least one of the original candidates is secure.

Multi-key Fully-Homomorphic Encryption in the Plain Model

- Computer ScienceTCC
- 2020

A multi-key FHE scheme with one-round decryption based on the hardness of learning with errors (LWE), ring LWE, and decisional small polynomial ratio (DSPR) problems and it is observed that MHE is already sufficient for some applications of multi- key FHE.

Constructing Witness PRF and Offline Witness Encryption Without Multilinear Maps

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

The authors' scheme is based on a public-key encryption, a witness PRF and employs a sub-exponentially secure randomized encoding scheme in CRS model instantiating obfuscation, and can be turned into an offline functional witness encryption scheme where decryption releases a function of a message and witness as output.

## References

SHOWING 1-10 OF 78 REFERENCES

Universal Obfuscation and Witness Encryption: Boosting Correctness and Combining Security

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2016

This work constructs universal schemes for IO, and for witness encryption, and also resolve the existence of combiners for these primitives along the way, and builds an explicit construction that is secure if any construction of the primitive exists.

On Robust Combiners for Oblivious Transfer and Other Primitives

- Mathematics, Computer ScienceEUROCRYPT
- 2005

It is proved that there are no transparent black-box robust combiner for OT, giving an indication to the difficulty of finding combiners for OT and in general for secure computation.

Indistinguishability Obfuscation from Functional Encryption

- Mathematics, Computer Science2015 IEEE 56th Annual Symposium on Foundations of Computer Science
- 2015

This work presents a generic construction of indistinguishability obfuscation from public-key functional encryption with succinct cipher texts and sub-exponential security, and shows the equivalence of incoherent obfuscation and public- key functional encryption.

Protecting obfuscation against arithmetic attacks

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2014

This work proposes and analyzes another variant of the Garg et al. obfuscator in a setting that imposes fewer restrictions on the adversary, which it is called the arithmetic setting, and shows that VBB security can be achieved under a complexity-theoretic assumption related to the ETH.

Fully Secure Functional Encryption without Obfuscation

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2014

The security of the scheme relies only on the polynomial hardness of simple assumptions on multilinear maps, and how to add to existing graded encoding schemes a new extension function, that can be though of as dynamically introducing new encoding levels.

Obfuscation Combiners

- Computer ScienceCRYPTO
- 2016

It is shown that one can build 3-out-of-4 obfuscation combiners where at least three of the four combiners are secure, whereas 2- out- of-3 structural combiners which combine the obfuscator candidates in a black-box sense with only two secure candidates, are impossible.

How to Avoid Obfuscation Using Witness PRFs

- Computer ScienceTCC
- 2016

A construction of witness PRFs from multilinear maps that is simpler and much more efficient than current obfuscation candidates is given, thus bringing several applications of obfuscation closer to practice.

How to use indistinguishability obfuscation: deniable encryption, and more

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

The 16-year-old open question of Deniable Encryption is resolved by giving the first construction of deniable encryption that does not require any pre-planning by the party that must later issue a denial.

Indistinguishability Obfuscation from Functional Encryption for Simple Functions Prabhanjan Ananth

- 2015

We show how to construct indistinguishability obfuscation (iO) for circuits from any non-compact functional encryption (FE) scheme with sub-exponential security against unbounded collusions. We…

One-Way Functions and (Im)Perfect Obfuscation

- Mathematics, Computer Science2014 IEEE 55th Annual Symposium on Foundations of Computer Science
- 2014

The main result is that if NP ⊈; io-BPP and there is an efficient (even imperfect) indistinguishability obfuscator, then there are one-way functions.