TY - GEN
T1 - Implementing Conjunction Obfuscation under Entropic Ring LWE
AU - Cousins, David Bruce
AU - Di Crescenzo, Giovanni
AU - Gur, Kamil Doruk
AU - King, Kevin
AU - Polyakov, Yuriy
AU - Rohloff, Kurt
AU - Ryan, Gerard W.
AU - Savas, Erkay
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/23
Y1 - 2018/7/23
N2 - We address the practicality challenges of secure program obfuscation by implementing, optimizing, and experimentally assessing an approach to securely obfuscate conjunction programs proposed in [1]. Conjunction programs evaluate functions f (x1,⋯,xL) = λi∈Iyiwhere yi is either xi or -xi and I subseteq [L], and can be used as classifiers. Our obfuscation approach satisfies distributional Virtual Black Box (VBB) security based on reasonable hardness assumptions, namely an entropic variant of the Ring Learning with Errors (Ring-LWE) assumption. Prior implementations of secure program obfuscation techniques support either trivial programs like point functions, or support the obfuscation of more general but less efficient branching programs to satisfy Indistinguishability Obfuscation (IO), a weaker security model. Further, the more general implemented techniques, rather than relying on standard assumptions, base their security on conjectures that have been shown to be theoretically vulnerable. Our work is the first implementation of non-trivial program obfuscation based on polynomial rings. Our contributions include multiple design and implementation advances resulting in reduced program size, obfuscation runtime, and evaluation runtime by many orders of magnitude. We implement our design in software and experimentally assess performance in a commercially available multi-core computing environment. Our implementation achieves runtimes of 6.7 hours to securely obfuscate a 64-bit conjunction program and 2.5 seconds to evaluate this program over an arbitrary input. We are also able to obfuscate a 32-bit conjunction program with 53 bits of security in 7 minutes and evaluate the obfuscated program in 43 milliseconds on a commodity desktop computer, which implies that 32-bit conjunction obfuscation is already practical. Our graph-induced (directed) encoding implementation runs up to 25 levels, which is higher than previously reported in the literature for this encoding. Our design and implementation advances are applicable to obfuscating more general compute-and-compare programs and can also be used for many cryptographic schemes based on lattice trapdoors.
AB - We address the practicality challenges of secure program obfuscation by implementing, optimizing, and experimentally assessing an approach to securely obfuscate conjunction programs proposed in [1]. Conjunction programs evaluate functions f (x1,⋯,xL) = λi∈Iyiwhere yi is either xi or -xi and I subseteq [L], and can be used as classifiers. Our obfuscation approach satisfies distributional Virtual Black Box (VBB) security based on reasonable hardness assumptions, namely an entropic variant of the Ring Learning with Errors (Ring-LWE) assumption. Prior implementations of secure program obfuscation techniques support either trivial programs like point functions, or support the obfuscation of more general but less efficient branching programs to satisfy Indistinguishability Obfuscation (IO), a weaker security model. Further, the more general implemented techniques, rather than relying on standard assumptions, base their security on conjectures that have been shown to be theoretically vulnerable. Our work is the first implementation of non-trivial program obfuscation based on polynomial rings. Our contributions include multiple design and implementation advances resulting in reduced program size, obfuscation runtime, and evaluation runtime by many orders of magnitude. We implement our design in software and experimentally assess performance in a commercially available multi-core computing environment. Our implementation achieves runtimes of 6.7 hours to securely obfuscate a 64-bit conjunction program and 2.5 seconds to evaluate this program over an arbitrary input. We are also able to obfuscate a 32-bit conjunction program with 53 bits of security in 7 minutes and evaluate the obfuscated program in 43 milliseconds on a commodity desktop computer, which implies that 32-bit conjunction obfuscation is already practical. Our graph-induced (directed) encoding implementation runs up to 25 levels, which is higher than previously reported in the literature for this encoding. Our design and implementation advances are applicable to obfuscating more general compute-and-compare programs and can also be used for many cryptographic schemes based on lattice trapdoors.
KW - Conjunction
KW - Directed encoding
KW - Implementation
KW - Lattice trapdoor
KW - Lattices
KW - Multilinear map
KW - Program obfuscation
KW - Ring LWE
UR - http://www.scopus.com/inward/record.url?scp=85051044796&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85051044796&partnerID=8YFLogxK
U2 - 10.1109/SP.2018.00007
DO - 10.1109/SP.2018.00007
M3 - Conference contribution
AN - SCOPUS:85051044796
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 354
EP - 371
BT - Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 39th IEEE Symposium on Security and Privacy, SP 2018
Y2 - 21 May 2018 through 23 May 2018
ER -