I’m reasonably familiar with cryptography but the formalism of obfuscation given here makes no sense to me.
> The precise formalism typically used, indistinguishability obfuscation, says that if you are given obfuscations of two different programs that have the same functionality, you can't tell which is which.
This seems… not that useful? A sufficiently advanced optimizing compiler would be capable of transforming two input programs with identical functionality into one or the other, or both into some third representation. Either approach meets this criteria but doesn’t seem to me to provide any useful purpose.
And in practice, do two identically-functioning but different programs even exist in the wild? Two superficially identical programs of nontrivial complexity will almost certainly have divergent behavior somewhere (bugs, edge cases), at which point this formalism becomes moot.
The tl;dr on why IO is important is you can just use (effectively) one program, but stuff different secrets inside them with a guarantee that no one can pull those secrets back out.
Cryptographers have proven that it's possible to use this as a primitive from which you can rebuild the rest of common cryptographic primitives (public encryption, symmetric encryption, etc). So--if it's possible to put this together it'll be a novel construction for every cryptographic primitive that also dodges some of the problems with key distribution and negotiation.
Nor does the claim "The most powerful primitive that has been conceived in cryptography is obfuscation". A good test for how useful a cryptographic primitive is is "if you magically removed this from existence, would any attackers notice?". For this one the answer would be "no".
I'd say the actual most powerful primitive in crypto is KDFs/MACs (there's some overlap, e.g. HKDF). Remove that and pretty much everything that requires security would collapse overnight. Not just the obvious TLS and SSH but the global payments infrastructure and a lot of other less-visible things.
this guy seems so full of himself. Everything I read of his triggers my bullshit alarm. Stuff like claiming feasible solutions to problems that have been mathematically proven don't have any
4 comments
[ 0.74 ms ] story [ 19.4 ms ] thread> The precise formalism typically used, indistinguishability obfuscation, says that if you are given obfuscations of two different programs that have the same functionality, you can't tell which is which.
This seems… not that useful? A sufficiently advanced optimizing compiler would be capable of transforming two input programs with identical functionality into one or the other, or both into some third representation. Either approach meets this criteria but doesn’t seem to me to provide any useful purpose.
And in practice, do two identically-functioning but different programs even exist in the wild? Two superficially identical programs of nontrivial complexity will almost certainly have divergent behavior somewhere (bugs, edge cases), at which point this formalism becomes moot.
Cryptographers have proven that it's possible to use this as a primitive from which you can rebuild the rest of common cryptographic primitives (public encryption, symmetric encryption, etc). So--if it's possible to put this together it'll be a novel construction for every cryptographic primitive that also dodges some of the problems with key distribution and negotiation.
I'd say the actual most powerful primitive in crypto is KDFs/MACs (there's some overlap, e.g. HKDF). Remove that and pretty much everything that requires security would collapse overnight. Not just the obvious TLS and SSH but the global payments infrastructure and a lot of other less-visible things.