New Techniques for Obfuscating Conjunctions

Abstract

A conjunction is a function 𝑓(𝑥1,…,𝑥𝑛)=⋀𝑖∈𝑆𝑙𝑖 where 𝑆⊆[𝑛] and each 𝑙𝑖 is 𝑥𝑖 or ¬𝑥𝑖 . Bishop et al. (CRYPTO 2018) recently proposed obfuscating conjunctions by embedding them in the error positions of a noisy Reed-Solomon codeword and placing the codeword in a group exponent. They prove distributional virtual black box (VBB) security in the generic group model for random conjunctions where |𝑆|≥0.226𝑛 . While conjunction obfuscation is known from LWE [31, 47], these constructions rely on substantial technical machinery.

In this work, we conduct an extensive study of simple conjunction obfuscation techniques.

We abstract the Bishop et al. scheme to obtain an equivalent yet more efficient “dual” scheme that can handle conjunctions over exponential size alphabets. This scheme admits a straightforward proof of generic group security, which we combine with a novel combinatorial argument to obtain distributional VBB security for |S| of any size.

If we replace the Reed-Solomon code with a random binary linear code, we can prove security from standard LPN and avoid encoding in a group. This addresses an open problem posed by Bishop et al. to prove security of this simple approach in the standard model.

We give a new construction that achieves information theoretic distributional VBB security and weak functionality preservation for |𝑆|≥𝑛−𝑛𝛿 and 𝛿<1 . Assuming discrete log and 𝛿<1/2 , we satisfy a stronger notion of functionality preservation for computationally bounded adversaries while still achieving information theoretic security.