Obfuscation for Cryptographic Purposes

Dennis Hofheinz, John Malone-Lee, Martijn Stam

Research output: Contribution to journalArticle (Academic Journal)peer-review

26 Citations (Scopus)


Loosely speaking, an obfuscation O of a function f should satisfy two requirements: firstly, using O, it should be possible to evaluate f; secondly, O should not reveal anything about f that cannot be learnt from oracle access to f alone. Several definitions for obfuscation exist. However, most of them are very hard to satisfy, even when focusing on specific applications such as obfuscating a point function (e.g., for authentication purposes). In this work, we propose and investigate two new variants of obfuscation definitions. Our definitions are simulation-based (i.e., require the existence of a simulator that can efficiently generate fake obfuscations) and demand only security on average (over the choice of the obfuscated function). We stress that our notions are not free from generic impossibilities: there exist natural classes of function families that cannot be securely obfuscated. Hence we cannot hope for a general-purpose obfuscator with respect to our definition. However, we prove that there also exist several natural classes of functions for which our definitions yield interesting results. Specifically, we show that our definitions have the following properties: Usefulness: Securely obfuscating (the encryption function of) a secure private-key encryption scheme yields a secure public-key encryption scheme. Achievability: There exist obfuscatable private-key encryption schemes. Also, a point function chosen uniformly at random can easily be obfuscated with respect to the weaker one (but not the stronger one) of our definitions. (Previous work focused on obfuscating point functions from arbitrary distributions.) Generic impossibilities: There exist unobfuscatable private-key encryption schemes. Furthermore, pseudorandom functions cannot be obfuscated with respect to our definitions. Our results show that, while it is hard to avoid generic impossibilities, useful and reasonable obfuscation definitions are possible when considering specific tasks (i.e., function families).
Translated title of the contributionObfuscation for Cryptographic Purposes
Original languageEnglish
Pages (from-to)121-168
JournalJournal of Cryptology
Publication statusPublished - 2010

Bibliographical note

Other identifier: 2001128


Dive into the research topics of 'Obfuscation for Cryptographic Purposes'. Together they form a unique fingerprint.

Cite this