**On Necessary Padding with IO**

*Justin Holmgren*

**Abstract: **We show that the common proof technique of padding a circuit before IO obfuscation is sometimes necessary. That is, assuming indistinguishability obfuscation (IO) and one-way functions exist, we define samplers Sam_0, which outputs (aux_0, C_0), and Sam_1, which outputs (aux_1, C_1) such that:

- The distributions (aux_0, iO(C_0)) and (aux_1, iO(C_1)) are perfectly distinguishable.

- For padding s = poly(lambda)$, the distributions (aux_0, iO(C_0||0^s)) and (aux_1, iO(C_1||0^s)) are computationally indistinguishable.

We note this refutes the recent "Superfluous Padding Assumption" of Brzuska and Mittelbach.

**Category / Keywords: **indistinguishability obfuscation, padding

**Date: **received 23 Jun 2015, last revised 14 Aug 2015

**Contact author: **holmgren at csail mit edu

**Available format(s): **PDF | BibTeX Citation

**Note: **updated related work

**Version: **20150814:103102 (All versions of this report)

**Short URL: **ia.cr/2015/627

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]