Indistinguishability Obfuscation from LPN over Fp, DLIN, and PRGs in NC0

Abstract

In this work, we study what minimal sets of assumptions suffice for constructing indistinguishability obfuscation (iO ). We prove: Theorem(Informal): Assume sub-exponential security of the following assumptions: – the Learning Parity with Noise (LPN ) assumption over general prime fields Fp with polynomially many LPN samples and error rate 1/ kδ, where k is the dimension of the LPN secret, and δ> 0 is any constant; – the existence of a Boolean Pseudo-Random Generator (PRG ) in NC0 with stretch n1+τ, where n is the length of the PRG seed, and τ> 0 is any constant; – the Decision Linear (DLIN ) assumption on symmetric bilinear groups of prime order. Then, (subexponentially secure) indistinguishability obfuscation for all polynomial-size circuits exists. Further, assuming only polynomial security of the aforementioned assumptions, there exists collusion resistant public-key functional encryption for all polynomial-size circuits. This removes the reliance on the Learning With Errors (LWE) assumption from the recent work of [Jain, Lin, Sahai STOC’21]. As a consequence, we obtain the first fully homomorphic encryption scheme that does not rely on any lattice-based hardness assumption. Our techniques feature a new notion of randomized encoding called Preprocessing Randomized Encoding (PRE), that essentially can be computed in the exponent of pairing groups. When combined with other new techniques, PRE gives a much more streamlined construction of iO while still maintaining reliance only on well-studied assumptions.