Implementing BP-Obfuscation Using graph-induced encoding

Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We implemented (a simplified version of) the branching-program obfuscator due to Gentry et al. (GGH15), which is itself a variation of the first obfuscation candidate by Garg et al. (GGHRSW13). To keep within the realm of feasibility, we had to give up on some aspects of the construction, specifically the "multiplicative bundling" factors that protect against mixed-input attacks. Hence our implementation can only support read-once branching programs. To be able to handle anything more than just toy problems, we developed a host of algorithmic and code-level optimizations. These include new variants of discrete Gaussian sampler and lattice trapdoor sampler, efficient matrix-manipulation routines, and many tradeoffs. We expect that these optimizations will find other uses in lattice-based cryptography beyond just obfuscation. Our implementation is the first obfuscation attempt using the GGH15 graded encoding scheme, offering performance advantages over other graded encoding methods when obfuscating finite-state machines with many states. In out most demanding setting, we were able to obfuscate programs with input length of 20 nibbles (80 bits) and over 100 states, which seems out of reach for prior implementations. Although further optimizations are surely possible, we do not expect any implementation of current schemes to be able to handle much larger parameters.

Original languageEnglish (US)
Title of host publicationCCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages783-798
Number of pages16
VolumePart F131467
ISBN (Electronic)9781450349468
DOIs
StatePublished - Oct 30 2017
Event24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States
Duration: Oct 30 2017Nov 3 2017

Other

Other24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
CountryUnited States
CityDallas
Period10/30/1711/3/17

Fingerprint

Finite automata
Cryptography

Keywords

  • Implementation
  • Multilinear Maps
  • Obfuscation
  • Trapdoor Lattice Sampling

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Halevi, S., Halevi, T., Shoup, V., & Stephens-Davidowitz, N. (2017). Implementing BP-Obfuscation Using graph-induced encoding. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Vol. Part F131467, pp. 783-798). Association for Computing Machinery. https://doi.org/10.1145/3133956.3133976

Implementing BP-Obfuscation Using graph-induced encoding. / Halevi, Shai; Halevi, Tzipora; Shoup, Victor; Stephens-Davidowitz, Noah.

CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Vol. Part F131467 Association for Computing Machinery, 2017. p. 783-798.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Halevi, S, Halevi, T, Shoup, V & Stephens-Davidowitz, N 2017, Implementing BP-Obfuscation Using graph-induced encoding. in CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. vol. Part F131467, Association for Computing Machinery, pp. 783-798, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 10/30/17. https://doi.org/10.1145/3133956.3133976
Halevi S, Halevi T, Shoup V, Stephens-Davidowitz N. Implementing BP-Obfuscation Using graph-induced encoding. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Vol. Part F131467. Association for Computing Machinery. 2017. p. 783-798 https://doi.org/10.1145/3133956.3133976
Halevi, Shai ; Halevi, Tzipora ; Shoup, Victor ; Stephens-Davidowitz, Noah. / Implementing BP-Obfuscation Using graph-induced encoding. CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Vol. Part F131467 Association for Computing Machinery, 2017. pp. 783-798
@inproceedings{77ec2c3439ce441cb40f2501a5637e2d,
title = "Implementing BP-Obfuscation Using graph-induced encoding",
abstract = "We implemented (a simplified version of) the branching-program obfuscator due to Gentry et al. (GGH15), which is itself a variation of the first obfuscation candidate by Garg et al. (GGHRSW13). To keep within the realm of feasibility, we had to give up on some aspects of the construction, specifically the {"}multiplicative bundling{"} factors that protect against mixed-input attacks. Hence our implementation can only support read-once branching programs. To be able to handle anything more than just toy problems, we developed a host of algorithmic and code-level optimizations. These include new variants of discrete Gaussian sampler and lattice trapdoor sampler, efficient matrix-manipulation routines, and many tradeoffs. We expect that these optimizations will find other uses in lattice-based cryptography beyond just obfuscation. Our implementation is the first obfuscation attempt using the GGH15 graded encoding scheme, offering performance advantages over other graded encoding methods when obfuscating finite-state machines with many states. In out most demanding setting, we were able to obfuscate programs with input length of 20 nibbles (80 bits) and over 100 states, which seems out of reach for prior implementations. Although further optimizations are surely possible, we do not expect any implementation of current schemes to be able to handle much larger parameters.",
keywords = "Implementation, Multilinear Maps, Obfuscation, Trapdoor Lattice Sampling",
author = "Shai Halevi and Tzipora Halevi and Victor Shoup and Noah Stephens-Davidowitz",
year = "2017",
month = "10",
day = "30",
doi = "10.1145/3133956.3133976",
language = "English (US)",
volume = "Part F131467",
pages = "783--798",
booktitle = "CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Implementing BP-Obfuscation Using graph-induced encoding

AU - Halevi, Shai

AU - Halevi, Tzipora

AU - Shoup, Victor

AU - Stephens-Davidowitz, Noah

PY - 2017/10/30

Y1 - 2017/10/30

N2 - We implemented (a simplified version of) the branching-program obfuscator due to Gentry et al. (GGH15), which is itself a variation of the first obfuscation candidate by Garg et al. (GGHRSW13). To keep within the realm of feasibility, we had to give up on some aspects of the construction, specifically the "multiplicative bundling" factors that protect against mixed-input attacks. Hence our implementation can only support read-once branching programs. To be able to handle anything more than just toy problems, we developed a host of algorithmic and code-level optimizations. These include new variants of discrete Gaussian sampler and lattice trapdoor sampler, efficient matrix-manipulation routines, and many tradeoffs. We expect that these optimizations will find other uses in lattice-based cryptography beyond just obfuscation. Our implementation is the first obfuscation attempt using the GGH15 graded encoding scheme, offering performance advantages over other graded encoding methods when obfuscating finite-state machines with many states. In out most demanding setting, we were able to obfuscate programs with input length of 20 nibbles (80 bits) and over 100 states, which seems out of reach for prior implementations. Although further optimizations are surely possible, we do not expect any implementation of current schemes to be able to handle much larger parameters.

AB - We implemented (a simplified version of) the branching-program obfuscator due to Gentry et al. (GGH15), which is itself a variation of the first obfuscation candidate by Garg et al. (GGHRSW13). To keep within the realm of feasibility, we had to give up on some aspects of the construction, specifically the "multiplicative bundling" factors that protect against mixed-input attacks. Hence our implementation can only support read-once branching programs. To be able to handle anything more than just toy problems, we developed a host of algorithmic and code-level optimizations. These include new variants of discrete Gaussian sampler and lattice trapdoor sampler, efficient matrix-manipulation routines, and many tradeoffs. We expect that these optimizations will find other uses in lattice-based cryptography beyond just obfuscation. Our implementation is the first obfuscation attempt using the GGH15 graded encoding scheme, offering performance advantages over other graded encoding methods when obfuscating finite-state machines with many states. In out most demanding setting, we were able to obfuscate programs with input length of 20 nibbles (80 bits) and over 100 states, which seems out of reach for prior implementations. Although further optimizations are surely possible, we do not expect any implementation of current schemes to be able to handle much larger parameters.

KW - Implementation

KW - Multilinear Maps

KW - Obfuscation

KW - Trapdoor Lattice Sampling

UR - http://www.scopus.com/inward/record.url?scp=85041435116&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041435116&partnerID=8YFLogxK

U2 - 10.1145/3133956.3133976

DO - 10.1145/3133956.3133976

M3 - Conference contribution

VL - Part F131467

SP - 783

EP - 798

BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

ER -