Paper 2017/541

Lower Bounds on Obfuscation from All-or-Nothing Encryption Primitives

Sanjam Garg, Mohammad Mahmoody, and Ameer Mohammed


Indistinguishability obfuscation (IO) enables many heretofore out-of-reach applications in cryptography. However, currently all known constructions of IO are based on multilinear maps which are poorly understood. Hence, tremendous research effort has been put towards basing obfuscation on better-understood computational assumptions. Recently, another path to IO has emerged through functional encryption [Anath and Jain, CRYPTO 2015; Bitansky and Vaikuntanathan, FOCS 2015] but such FE schemes currently are still based on multi-linear maps. In this work, we study whether IO could be based on other powerful encryption primitives. Separations for IO: We show that (assuming that the polynomial hierarchy does not collapse and one-way functions exist) IO cannot be constructed in a black-box manner from powerful all-or-nothing encryption primitives, such as witness encryption (WE), predicate encryption, and fully homomorphic encryption. What unifies these primitives is that they are of the ``all-or-nothing'' form, meaning either someone has the ``right key'' in which case they can decrypt the message fully, or they are not supposed to learn anything. Stronger Model for Separations: One might argue that fully black-box uses of the considered encryption primitives limit their power too much because these primitives can easily lead to non-black-box constructions if the primitive is used in a self-feeding fashion --- namely, code of the subroutines of the considered primitive could easily be fed as input to the subroutines of the primitive itself. In fact, several important results (e.g., the construction of IO from functional encryption) follow this very recipe. In light of this, we prove our impossibility results with respect to a stronger model than the fully black-box framework of Impagliazzo and Rudich (STOC'89) and Reingold, Trevisan, and Vadhan (TCC'04) where the non-black-box technique of self-feeding is actually allowed.

Available format(s)
Publication info
Published by the IACR in CRYPTO 2017
ObfuscationWitness EncryptionPredicate EncryptionSeparations
Contact author(s)
sanjamg @ berkeley edu
mahmoody @ gmail com
am8zv @ virginia edu
2017-06-08: received
Short URL
Creative Commons Attribution


      author = {Sanjam Garg and Mohammad Mahmoody and Ameer Mohammed},
      title = {Lower Bounds on Obfuscation from All-or-Nothing Encryption Primitives},
      howpublished = {Cryptology ePrint Archive, Paper 2017/541},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.