Indistinguishability obfuscation

In cryptography, indistinguishability obfuscation (abbreviated IO or iO) is a type of software obfuscation with the defining property that obfuscating any two programs that compute the same mathematical function results in programs that cannot be distinguished from each other. Informally, such obfuscation hides the implementation of a program while still allowing users to run it.^[1] Formally, iO satisfies the property that obfuscations of two circuits of the same size which implement the same function are computationally indistinguishable.^[2]

Indistinguishability obfuscation has several interesting theoretical properties. Firstly, iO is the "best-possible" obfuscation (in the sense that any secret about a program that can be hidden by any obfuscator at all can also be hidden by iO). Secondly, iO can be used to construct nearly the entire gamut of cryptographic primitives, including both mundane ones such as public-key cryptography and more exotic ones such as deniable encryption and functional encryption (which are types of cryptography that no-one previously knew how to construct^[3]), but with the notable exception of collision-resistant hash function families. For this reason, it has been referred to as "crypto-complete". Lastly, unlike many other kinds of cryptography, indistinguishability obfuscation continues to exist even if P=NP (though it would have to be constructed differently in this case), though this does not necessarily imply that iO exists unconditionally.

Though the idea of cryptographic software obfuscation has been around since 1996, indistinguishability obfuscation was first proposed by Barak et al. (2001), who proved that iO exists if P=NP is the case. For the P≠NP case (which is harder, but also more plausible^[2]), progress was slower: Garg et al. (2013)^[4] proposed a construction of iO based on a computational hardness assumption relating to multilinear maps, but this assumption was later disproven. A construction based on "well-founded assumptions" (hardness assumptions that have been well-studied by cryptographers, and thus widely assumed secure) had to wait until Jain, Lin, and Sahai (2020). (Even so, one of these assumptions used in the 2020 proposal is not secure against quantum computers.)

Currently known indistinguishability obfuscation candidates are very far from being practical. As measured by a 2017 paper,^{[needs update]} even obfuscating the toy function which outputs the logical conjunction of its thirty-two Boolean data type inputs produces a program nearly a dozen gigabytes large.

^ Klarreich, Erica (2014-02-03). "Cryptography Breakthrough Could Make Software Unhackable". Quanta Magazine. Archived from the original on 2022-04-14. Retrieved 2019-02-15.
^ ^a ^b Cite error: The named reference :4 was invoked but never defined (see the help page).
^ Cite error: The named reference Klareich2020 was invoked but never defined (see the help page).
^ Cite error: The named reference :6 was invoked but never defined (see the help page).

[Klarreich2014-1] Klarreich, Erica (2014-02-03). "Cryptography Breakthrough Could Make Software Unhackable". Quanta Magazine. Archived from the original on 2022-04-14. Retrieved 2019-02-15.

[:4-2] Cite error: The named reference :4 was invoked but never defined (see the help page).

[Klareich2020-3] Cite error: The named reference Klareich2020 was invoked but never defined (see the help page).

[:6-4] Cite error: The named reference :6 was invoked but never defined (see the help page).

[1]

[2]

[3]

[4]