Cryptology ePrint Archive: Report 2018/957

Same Point Composable and Nonmalleable Obfuscated Point Functions

Peter Fenteany and Benjamin Fuller

Abstract: A point obfuscator is an obfuscated program that indicates if a user enters a previously stored password. A digital locker is stronger: outputting a key if a user enters a previously stored password. The real-or-random transform allows one to build a digital locker from a composable point obfuscator (Canetti and Dakdouk, Eurocrypt 2008). Ideally, both objects would be nonmalleable, detecting adversarial tampering. Appending a non-interactive zero knowledge proof of knowledge adds nonmalleability in the common random string (CRS) model. Komargodski and Yogev (Eurocrypt, 2018) built a nonmalleable point obfuscator without a CRS. We show a lemma in their proof is false, leaving security of their construction unclear. Bartusek, Ma, and Zhandry (Crypto, 2019) used similar techniques and introduced another nonmalleable point function; their obfuscator is not secure if the same point is obfuscated twice. Thus, there was no composable and nonmalleable point function to instantiate the real-or-random construction. Our primary contribution is a nonmalleable point obfuscator that can be composed any polynomial number of times with the same point (which must be known ahead of time). Security relies on the assumption used in Bartusek, Ma, and Zhandry. This construction enables a digital locker that is nonmalleable with respect to the input password. As a secondary contribution, we introduce a key encoding step to detect tampering on the key. This step combines nonmalleable codes and seed-dependent condensers. The seed for the condenser must be public and not tampered, so this can be achieved in the CRS model. The password distribution may depend on the condenser’s seed as long as it is efficiently sampleable. This construction is black box in the underlying point obfuscation. Nonmalleability for the password is ensured for functions that can be represented as low degree polynomials. Key nonmalleability is inherited from the class of functions prevented by the nonmalleable code.

Category / Keywords: secret-key cryptography / Digital lockers; Point obfuscation; Virtual black-box obfuscation; Non-malleable codes; Seed dependent condensers, Nonmalleability

Original Publication (with major differences): 2020 Applied Cryptography and Network Security

Date: received 8 Oct 2018, last revised 16 Aug 2021

Contact author: benjamin fuller at uconn edu, peter fenteany at uconn edu

Available format(s): PDF | BibTeX Citation

Note: Major new ideas and proofs. Previous version of the paper contained untrue construction based on faulty lemma. Construction now based on BMZ19 instead of KY18.

Version: 20210816:151442 (All versions of this report)

Short URL: ia.cr/2018/957


[ Cryptology ePrint archive ]