Paper 2018/957
Same Point Composable and Nonmalleable Obfuscated Point Functions
Peter Fenteany and Benjamin Fuller
Abstract
A point obfuscator is an obfuscated program that indicates if a user enters a previously stored password. A digital locker is stronger: outputting a key if a user enters a previously stored password. The real-or-random transform allows one to build a digital locker from a composable point obfuscator (Canetti and Dakdouk, Eurocrypt 2008). Ideally, both objects would be nonmalleable, detecting adversarial tampering. Appending a non-interactive zero knowledge proof of knowledge adds nonmalleability in the common random string (CRS) model. Komargodski and Yogev (Eurocrypt, 2018) built a nonmalleable point obfuscator without a CRS. We show a lemma in their proof is false, leaving security of their construction unclear. Bartusek, Ma, and Zhandry (Crypto, 2019) used similar techniques and introduced another nonmalleable point function; their obfuscator is not secure if the same point is obfuscated twice. Thus, there was no composable and nonmalleable point function to instantiate the real-or-random construction. Our primary contribution is a nonmalleable point obfuscator that can be composed any polynomial number of times with the same point (which must be known ahead of time). Security relies on the assumption used in Bartusek, Ma, and Zhandry. This construction enables a digital locker that is nonmalleable with respect to the input password. As a secondary contribution, we introduce a key encoding step to detect tampering on the key. This step combines nonmalleable codes and seed-dependent condensers. The seed for the condenser must be public and not tampered, so this can be achieved in the CRS model. The password distribution may depend on the condenser’s seed as long as it is efficiently sampleable. This construction is black box in the underlying point obfuscation. Nonmalleability for the password is ensured for functions that can be represented as low degree polynomials. Key nonmalleability is inherited from the class of functions prevented by the nonmalleable code.
Note: Major new ideas and proofs. Previous version of the paper contained untrue construction based on faulty lemma. Construction now based on BMZ19 instead of KY18.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Major revision. 2020 Applied Cryptography and Network Security
- Keywords
- Digital lockersPoint obfuscationVirtual black-box obfuscationNon-malleable codesSeed dependent condensersNonmalleability
- Contact author(s)
-
benjamin fuller @ uconn edu
peter fenteany @ uconn edu - History
- 2021-08-16: last of 9 revisions
- 2018-10-09: received
- See all versions
- Short URL
- https://ia.cr/2018/957
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/957, author = {Peter Fenteany and Benjamin Fuller}, title = {Same Point Composable and Nonmalleable Obfuscated Point Functions}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/957}, year = {2018}, url = {https://eprint.iacr.org/2018/957} }