Paper 2018/936

New Techniques for Obfuscating Conjunctions

James Bartusek, Tancrède Lepoint, Fermi Ma, and Mark Zhandry

Abstract

A conjunction is a function $f(x_1,\dots,x_n) = \bigwedge_{i \in S} l_i$ where $S \subseteq [n]$ and each $l_i$ is $x_i$ or $\neg x_i$. Bishop et al. (CRYPTO 2018) recently proposed obfuscating conjunctions by embedding them in the error positions of a noisy Reed-Solomon codeword and encoding the codeword in a group exponent. They prove distributional virtual black box (VBB) security in the generic group model for random conjunctions where $|S| \geq 0.226n$. While conjunction obfuscation was known from LWE due to Wichs and Zirdelis (FOCS 2017) and Goyal et al. (FOCS 2017), these constructions rely on substantial technical machinery. In this work, we conduct an extensive study of simple conjunction obfuscation techniques. - We abstract the Bishop et al. scheme to obtain an equivalent yet more efficient "dual'' scheme that can handle conjunctions over exponential size alphabets. This scheme admits a straightforward proof of generic group security, which we combine with a novel combinatorial argument to obtain distributional VBB security for $|S|$ of any size. - If we replace the Reed-Solomon code with a random binary linear code, we can prove security from standard LPN and avoid encoding in a group. This addresses an open problem posed by Bishop et al. to prove security of this simple approach in the standard model. - We give a new construction that achieves information theoretic distributional VBB security and weak functionality preservation for $|S| \geq n - n^\delta$ and $\delta < 1$. Assuming discrete log and $\delta < 1/2$, we satisfy a stronger notion of functionality preservation for computationally bounded adversaries while still achieving information theoretic security.

Note: Revised introduction to clarify results, fixed typos.