# Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits

## Author(s): Badrinarayanan, Saikrishna; Miles, Eric; Sahai, Amit; Zhandry, Mark

To refer to this page use: http://arks.princeton.edu/ark:/88435/pr1t534
DC FieldValueLanguage
dc.contributor.authorMiles, Eric-
dc.contributor.authorSahai, Amit-
dc.contributor.authorZhandry, Mark-
dc.date.accessioned2021-10-08T19:48:17Z-
dc.date.available2021-10-08T19:48:17Z-
dc.date.issued2016en_US
dc.identifier.citationBadrinarayanan, Saikrishna, Eric Miles, Amit Sahai, and Mark Zhandry. "Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits." In Annual International Conference on the Theory and Applications of Cryptographic Techniques (2016): pp. 764-791. doi:10.1007/978-3-662-49896-5_27en_US
dc.identifier.issn0302-9743-
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/pr1t534-
dc.description.abstractRecent devastating attacks by Cheon et al. [Eurocrypt’15] and others have highlighted significant gaps in our intuition about security in candidate multilinear map schemes, and in candidate obfuscators that use them. The new attacks, and some that were previously known, are typically called “zeroizing” attacks because they all crucially rely on the ability of the adversary to create encodings of 0. In this work, we initiate the study of post-zeroizing obfuscation, and we obtain a key new mathematical tool to analyze security in a post-zeroizing world. Our new mathematical tool allows for analyzing polynomials constructed by the adversary when given encodings of randomized matrices arising from a general matrix branching program. This technique shows that the types of encodings an adversary can create are much more restricted than was previously known, and is a crucial step toward achieving post-zeroizing security. We also believe the technique is of independent interest, as it yields efficiency improvements for existing schemes – efficiency improvements that have already found application in other settings. Finally, we show how to apply our new mathematical tool to the special case of evasive functions. We show that our obfuscator survives all known attacks on the underlying multilinear maps, by proving that no top-level encodings of 0 can be created by a generic-model adversary. Previous obfuscators (for both evasive and general functions) were either analyzed in a less-conservative “pre-zeroizing” model that does not capture recent attacks, or were proved secure relative to assumptions that no longer have any plausible instantiation due to zeroizing attacks.en_US
dc.format.extent764 - 791en_US
dc.language.isoen_USen_US
dc.relation.ispartofAnnual International Conference on the Theory and Applications of Cryptographic Techniquesen_US
dc.rightsAuthor's manuscripten_US
dc.titlePost-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuitsen_US
dc.typeConference Articleen_US
dc.identifier.doi10.1007/978-3-662-49896-5_27-
dc.identifier.eissn1611-3349-
pu.type.symplectichttp://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceedingen_US

Files in This Item:
File Description SizeFormat