In a lockable obfuscation scheme, a party called the obfuscator takes as input a circuit $\Circ$, a lock value $y$, and a message $m$, and outputs an obfuscated circuit. Given the obfuscated circuit, an evaluator can run it on an input $x$ and learn the message if $\Circ(x) = y$. For security, we require that the obfuscation reveals no information on the circuit as long as the lock $y$ has high entropy even given the circuit $\Circ$. The only known constructions of lockable obfuscation schemes require indistinguishability obfuscation ($\iO$) or the learning with errors (LWE) assumption. Furthermore, in terms of technique, all known constructions, excluding $\iO$-based, are build from provably secure variations of graph-induced multilinear maps. We show a generic construction of a lockable obfuscation scheme built from a (leveled) fully homomorphic encryption scheme that is circularly insecure. Specifically, we need a fully homomorphic encryption scheme that is secure under chosen-plaintext attack (IND-CPA) but for which there is an efficient cycle tester that can detect encrypted key cycles. Our finding sheds new light on how to construct lockable obfuscation schemes and shows why cycle tester constructions were helpful in the design of lockable obfuscation schemes. One of the many use cases for lockable obfuscation schemes are constructions for IND-CPA secure but circularly insecure encryption schemes. Our work shows that there is a connection in both ways between circular insecure encryption and lockable obfuscation.
PKC 2022: Public-Key Cryptography
2022-02-27
2022-10-13 10:20:04