Obfuscating Compute-and-Compare Programs under the LWE assumption: Analysis of the Wichs & Zirdelis Scheme

Abstract

In this thesis we analyze cryptanalytic attacks on the compute-and-compare program obfuscation scheme proposed by Wichs and Zirdelis [WZ17]. The work of Wichs and Zirdelis is the first to give a provable VBB obfuscation scheme for a large sub-class of evasive functions, compute-and-compare programs, under the Learning with Errors (LWE) assumption. If f : {0, 1} lin → {0, 1} lout, and y ∈ {0, 1} lout, then the compute-and-compare program CC[f, y](x) is 1 whenever f(x) = y, and 0 otherwise. The scheme starts by obfuscating a branching program P of length L that computes f, and reads the input x according to a specified input function. This is provably secure when y is computationally indistinguishable given f. In this paper, we consider the case when lout = 1, i.e. y is a single bit. We show that in this case, the scheme is not even iO-secure. Moreover, we show that we given enough examples of the form (x, f(x)) from a given distribution, with high probability we can learn f over that distribution. The key to proving these results is that the encoded version of the program allows us to evaluate the branching program P on inputs other than those specified by the input function. That is, this encoding scheme reveals too much information about the structure of the underlying program.