Limits on the power of indistinguishability obfuscation and functional encryption

Gilad Asharov, Gil Segev

Research output: Contribution to journalArticlepeer-review

15 Scopus citations


Recent breakthroughs in cryptography have positioned indistinguishability obfus-cation as a "central hub" for almost all known cryptographic tasks, and as an extremely powerful building block for new cryptographic tasks resolving long-standing and foundational open problems. However, constructions based on indistinguishability obfuscation almost always rely on non-black-box techniques, and thus the extent to which it can be used as a building block has been completely unexplored so far. We present a framework for proving meaningful negative results on the power of indistinguishability obfuscation. By consideringindistinguishability obfuscation for oracle-aided circuits, we capture the common techniques that have been used so far in constructions based on indistinguishability obfuscation. These include, in particular, non-black-box techniques such as the punctured programming approach of Sahai and Waters [A. Sahai and B. Waters, How to use indis-tinguishability obfuscation: Deniable encryption, and more, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing, ACM, New York, 2014, pp. 475-484] and its variants, as well as subexponential security assumptions. Within our framework we prove the first negative results on the power of indistinguishability obfuscation and of the tightly related notion of functional encryption. Our results are as follows: (1) There is no fully black-box construction of a collision-resistant function family from an indistinguishability obfuscator for oracle-aided circuits. (2) There is no fully black-box construction of a key-agreement protocol with perfect completeness from a private-key functional encryption scheme for oracle-aided circuits. Specifically, we prove that any such potential constructions must suffer from an exponential security loss, and thus our results cannot be circumvented using subexponential security assumptions. Our framework captures constructions that may rely on a wide variety of primitives in a non-black-box manner (e.g., obfuscating or generating a functional key for a function that uses the evaluation circuit of a puncturable pseudorandom function), and we only assume that the underlying indistinguishability obfuscator or functional encryption scheme itself is used in a black-box manner.

Original languageAmerican English
Pages (from-to)2117-2176
Number of pages60
JournalSIAM Journal on Computing
Issue number6
StatePublished - 2016

Bibliographical note

Publisher Copyright:
© 2016 Society for Industrial and Applied Mathematics.


  • Cryptography
  • Functional encryption
  • Indistinguishability obfuscation
  • Lower bounds


Dive into the research topics of 'Limits on the power of indistinguishability obfuscation and functional encryption'. Together they form a unique fingerprint.

Cite this