Final Report Summary - CRYPTO OBFUSCATION (New Directions in Cryptographic Program Obfuscation)
Project context and objectives
This project had several objectives. On the scientific level, the objectives have been to enhance our understanding of program obfuscation. Program obfuscation is a concept that comes out of the practical security community, and means writing a program in a way that is hard to understand or modify (while still maintaining functionality). The cryptography community has embraced this concept and has tried to make the security requirements rigorously stated, and furthermore to develop techniques for realising these requirements. This has proven to be a challenging goal. Specifically, the goals of the project have been to:
- find new notions of program obfuscation that will enhance the usefulness of obfuscation to real life scenarios;
- find new obfuscation algorithms that allow obfuscating more classes of programs;
- find new settings and computational environments that will enable and facilitate obfuscation;
- implement obfuscation algorithms and embed them in real-life systems.
At an organisational level, the main objective has been to help the PI to set up a research group at the new institution (Tel Aviv University) that will enable the scientific objectives to be carried out.
Main results
The project has been successful. On the organisational level, the PI has set up a research group that includes the following people:
- Rachel Lin (since 2011, post-doc, joint supervision with Shafi Goldwasser at Massachusetts Institute of Technology - MIT)
- Abhishek Jain (since 2012, post-doc, joint supervision with Shafi Goldwasser at MIT)
- Adam Oneil (since 2011, post-doc, joint supervision with Leo Reyzin at BU)
- Noam Livne (2010-2011, post-doc, joint with Alon Rosen at IDC)
- Sebastian Gajek (2009-2011, post-doc)
- Ben Riva (Since 2009, PhD student)
- Nir Bitsnsky (MSc 2008-2010, PhD student since 2010)
- Margarita Vald (MSc 2009-2012, PhD student since 2012)
- Omer Paneth (MSc 2009-2011, PhD student since 2011)
- Itay Itzhaky (MSc 2010-2011)
- Daniel Shahaf (MSc student, since 2009)
From a scientific point of view, the project resulted in a number of results that improved our understanding of the concept of program obfuscation and our ability to construct obfuscated programs for a number of tasks. The project also demonstrated how techniques from program obfuscation can be used to obtain a number of other interesting results in cryptography. A related concept that was developed during the work on program obfuscation is that of extractable functions. This concept is proving to be more and more central in cryptography. Here are some more specific highlights of the results obtained:
- We developed a new notion of obfuscation - 'grey box security' - that is both composable and achievable for point functions;
- We developed new obfuscation algorithms for the task of recognising hyperplanes;
- We studied connections between multi-bit point obfuscation and strong forms of encryption, which are secure against leakage of information on the secret key. We showed that the two are essentially equivalent;
- We studied the relationships between obfuscation and extractable functions;
- We introduced the strong notion of non-malleable obfuscation, and developed new obfuscation algorithms that withstand these strong requirements;
- We developed a new notion of obfuscation using secure hardware, while making only minimal security requirements from the underlying hardware. We also demonstrated a construction that satisfies the new notion for obfuscating *any* function. This stands in contrast to the case of software-only obfuscation, where such a general construction cannot exist;
- We deepened our understanding of extractable functions and showed how to construct a secure and succinct delegation of computation protocols from such functions;
- We developed a very expressive and general notion of security for leakage-resilient protocols. This notion builds on the universally composable security framework and inherits its strong security-preserving composability properties. We also showed how to realise this notion with respect to several prominent cryptographic primitives. In particular, the tools developed in this work have been essential in obtaining the first result mentioned above;
- We showed how obfuscation (and in particular, obfuscation of point functions) can be used to obtain radically new Zero Knowledge and Witness Hiding protocols that take only three rounds of communication. Such protocols have been investigated heavily in the past and were shown to exist only under extractability assumptions;
- We showed how the impossibility of point obfuscation for general functions can be used to come up with a new simulation technique for Zero Knowledge protocols. (Until now, only a single technique was used in many guises. That technique has some inherent limitations that avoided by the new one.) In particular, we showed a new protocol for resettably-sound Zero Knowledge that is based only on the existence of Oblivious Transfer protocols;
- We developed a new notion of security for cryptographic protocols. The new notion allows capturing new security requirements that were not expressible and analysable in previous analytical frameworks for cryptographic protocols. In particular, we believe the new framework will be instrumental in capturing new strong properties of obfuscation algorithms and protocols that use them.
This project had several objectives. On the scientific level, the objectives have been to enhance our understanding of program obfuscation. Program obfuscation is a concept that comes out of the practical security community, and means writing a program in a way that is hard to understand or modify (while still maintaining functionality). The cryptography community has embraced this concept and has tried to make the security requirements rigorously stated, and furthermore to develop techniques for realising these requirements. This has proven to be a challenging goal. Specifically, the goals of the project have been to:
- find new notions of program obfuscation that will enhance the usefulness of obfuscation to real life scenarios;
- find new obfuscation algorithms that allow obfuscating more classes of programs;
- find new settings and computational environments that will enable and facilitate obfuscation;
- implement obfuscation algorithms and embed them in real-life systems.
At an organisational level, the main objective has been to help the PI to set up a research group at the new institution (Tel Aviv University) that will enable the scientific objectives to be carried out.
Main results
The project has been successful. On the organisational level, the PI has set up a research group that includes the following people:
- Rachel Lin (since 2011, post-doc, joint supervision with Shafi Goldwasser at Massachusetts Institute of Technology - MIT)
- Abhishek Jain (since 2012, post-doc, joint supervision with Shafi Goldwasser at MIT)
- Adam Oneil (since 2011, post-doc, joint supervision with Leo Reyzin at BU)
- Noam Livne (2010-2011, post-doc, joint with Alon Rosen at IDC)
- Sebastian Gajek (2009-2011, post-doc)
- Ben Riva (Since 2009, PhD student)
- Nir Bitsnsky (MSc 2008-2010, PhD student since 2010)
- Margarita Vald (MSc 2009-2012, PhD student since 2012)
- Omer Paneth (MSc 2009-2011, PhD student since 2011)
- Itay Itzhaky (MSc 2010-2011)
- Daniel Shahaf (MSc student, since 2009)
From a scientific point of view, the project resulted in a number of results that improved our understanding of the concept of program obfuscation and our ability to construct obfuscated programs for a number of tasks. The project also demonstrated how techniques from program obfuscation can be used to obtain a number of other interesting results in cryptography. A related concept that was developed during the work on program obfuscation is that of extractable functions. This concept is proving to be more and more central in cryptography. Here are some more specific highlights of the results obtained:
- We developed a new notion of obfuscation - 'grey box security' - that is both composable and achievable for point functions;
- We developed new obfuscation algorithms for the task of recognising hyperplanes;
- We studied connections between multi-bit point obfuscation and strong forms of encryption, which are secure against leakage of information on the secret key. We showed that the two are essentially equivalent;
- We studied the relationships between obfuscation and extractable functions;
- We introduced the strong notion of non-malleable obfuscation, and developed new obfuscation algorithms that withstand these strong requirements;
- We developed a new notion of obfuscation using secure hardware, while making only minimal security requirements from the underlying hardware. We also demonstrated a construction that satisfies the new notion for obfuscating *any* function. This stands in contrast to the case of software-only obfuscation, where such a general construction cannot exist;
- We deepened our understanding of extractable functions and showed how to construct a secure and succinct delegation of computation protocols from such functions;
- We developed a very expressive and general notion of security for leakage-resilient protocols. This notion builds on the universally composable security framework and inherits its strong security-preserving composability properties. We also showed how to realise this notion with respect to several prominent cryptographic primitives. In particular, the tools developed in this work have been essential in obtaining the first result mentioned above;
- We showed how obfuscation (and in particular, obfuscation of point functions) can be used to obtain radically new Zero Knowledge and Witness Hiding protocols that take only three rounds of communication. Such protocols have been investigated heavily in the past and were shown to exist only under extractability assumptions;
- We showed how the impossibility of point obfuscation for general functions can be used to come up with a new simulation technique for Zero Knowledge protocols. (Until now, only a single technique was used in many guises. That technique has some inherent limitations that avoided by the new one.) In particular, we showed a new protocol for resettably-sound Zero Knowledge that is based only on the existence of Oblivious Transfer protocols;
- We developed a new notion of security for cryptographic protocols. The new notion allows capturing new security requirements that were not expressible and analysable in previous analytical frameworks for cryptographic protocols. In particular, we believe the new framework will be instrumental in capturing new strong properties of obfuscation algorithms and protocols that use them.