Lower bounds on assumptions behind indistinguishability obfuscation

Mohammad Mahmoody*, Ameer Mohammed, Soheil Nematihaji, Rafael Pass, Abhi Shelat

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Since the seminal work of Garg et al. (FOCS’13) in which they proposed the first candidate construction for indistinguishability obfuscation (iO for short), iO has become a central cryptographic primitive with numerous applications. The security of the proposed construction of Garg et al. and its variants are proved based on multi-linear maps (Garg et al. Eurocrypt’13) and their idealized model called the graded encoding model (Brakerski and Rothblum TCC’14 and Barak et al. Eurocrypt’14). Whether or not iO could be based on standard and well-studied hardness assumptions has remain an elusive open question. In this work we prove lower bounds on the assumptions that imply iO in a black-box way, based on computational assumptions. Note that any lower bound for iO needs to somehow rely on computational assumptions, because if P = NP then statistically secure iO does exist. Our results are twofold:1. There is no fully black-box construction of iO from (exponentially secure) collision-resistant hash functions unless the polynomial hierarchy collapses. Our lower bound extends to (separate iO from) any primitive implied by a random oracle in a black-box way.2. Let P be any primitive that exists relative to random trapdoor permutations, the generic group model for any finite abelian group, or degree-O(1) graded encoding model for any finite ring. We show that achieving a black-box construction of iO from P is as hard as basing public-key cryptography on one-way functions. In particular, for any such primitive P we present a constructive procedure that takes any black-box construction of iO from P and turns it into a construction of semantically secure public-key encryption form any one-way functions. Our separations hold even if the construction of iO from P is semi-black-box (Reingold, Trevisan, and Vadhan, TCC’04) and the security reduction could access the adversary in a non-black-box way.

Original languageEnglish
Title of host publicationTheory of Cryptography - 13th International Conference, TCC 2016-A, Proceedings
EditorsEyal Kushilevitz, Tal Malkin
PublisherSpringer Verlag
Number of pages18
ISBN (Print)9783662490952
StatePublished - 2016
Externally publishedYes
Event13th International Conference on Theory of Cryptography, TCC 2016 - Tel Aviv, Israel
Duration: 10 Jan 201613 Jan 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference13th International Conference on Theory of Cryptography, TCC 2016
CityTel Aviv


  • Black-box separations
  • Indistinguishability obfuscation


Dive into the research topics of 'Lower bounds on assumptions behind indistinguishability obfuscation'. Together they form a unique fingerprint.

Cite this