**The Magic of ELFs**

*Mark Zhandry*

**Abstract: **We introduce the notion of an \emph{Extremely Lossy Function} (ELF). An ELF is a family of functions with an image size that is tunable anywhere from injective to having a polynomial-sized image. Moreover, for any efficient adversary, for a sufficiently large polynomial $r$ (necessarily chosen to be larger than the running time of the adversary), the adversary cannot distinguish the injective case from the case of image size $r$.

We develop a handful of techniques for using ELFs, and show that such extreme lossiness is useful for instantiating random oracles in several settings. In particular, we show how to use ELFs to build secure point function obfuscation with auxiliary input, as well as polynomially-many hardcore bits for any one-way function. Such applications were previously known from strong knowledge assumptions --- for example polynomially-many hardcore bits were only know from differing inputs obfuscation, a notion whose plausibility has been seriously challenged. We also use ELFs to build a simple hash function with \emph{output intractability}, a new notion we define that may be useful for generating common reference strings.

Next, we give a construction of ELFs relying on the \emph{exponential} hardness of the decisional Diffie-Hellman problem, which is plausible in pairing-based groups. Combining with the applications above, our work gives several practical constructions relying on qualitatively different --- and arguably better --- assumptions than prior works.

**Category / Keywords: **hash functions, point obfuscation, hardcore functions, random oracle instantiation

**Original Publication**** (with major differences): **IACR-CRYPTO-2016

**Date: **received 10 Feb 2016, last revised 13 Jun 2016

**Contact author: **mzhandry at princeton edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20160614:050425 (All versions of this report)

**Short URL: **ia.cr/2016/114

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]