Cryptology ePrint Archive: Report 2017/826

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits

Brent Carmer and Alex J. Malozemoff and Mariana Raykova

Abstract: Program obfuscation is a powerful security primitive with many applications. White-box cryptography studies a particular subset of program obfuscation targeting keyed pseudorandom functions (PRFs), a core component of systems such as mobile payment and digital rights management. Although the white-box obfuscators currently used in practice do not come with security proofs and are thus routinely broken, recent years have seen an explosion of \emph{cryptographic} techniques for obfuscation, with the goal of avoiding this build-and-break cycle.

In this work, we explore in detail cryptographic program obfuscation and the related primitive of multi-input functional encryption (MIFE). In particular, we extend the 5Gen framework (CCS 2016) to support circuit-based MIFE and program obfuscation, implementing both existing and new constructions. We then evaluate and compare the efficiency of these constructions in the context of PRF obfuscation.

As part of this work we (1) introduce a novel instantiation of MIFE that works directly on functions represented as arithmetic circuits, (2) use a known transformation from MIFE to obfuscation to give us an obfuscator that performs better than all prior constructions, and (3) develop a compiler for generating circuits optimized for our schemes. Finally, we provide detailed experiments, demonstrating, among other things, the ability to obfuscate a PRF with a 64-bit key and 12 bits of input (containing 62k gates) in under 4 hours, with evaluation taking around 1 hour. This is by far the most complex function obfuscated to date.

Category / Keywords: obfuscation; multi-input functional encryption

Original Publication (in the same form): ACM CCS 2017

Date: received 29 Aug 2017

Contact author: amaloz at galois com

Available format(s): PDF | BibTeX Citation

Version: 20170831:184010 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]