Talk about Diamond iO at the Obfuscation workshop (2025) held by the Simons Institute

Diamond iO: Lattice-Based Obfuscation without Bootstrapping from Functional Encryption, toward
Practical iO  4PSB4VFHBNJ &OSJDP#PUUB[[J 1JB1BSL .BDIJOBJ0 &UIFSFVN'PVOEBUJPO

Building iO iO Standard assumptions New lattice assumptions Functional Encryption
(FE) iO [JLS21, JLS22, RVV25] [AJ15, BV15] [BDGM20, GP21,JLLW23, HJL25, AMY+25]…

Building iO iO Standard assumptions Functional Encryption (FE) iO [JLS21,
JLS22, RVV25] [BDGM20, GP21,JLLW23, HJL25, AMY+25]… '&%FD< > C C( ⋅ ) DU(x) x C(x) *OGVODUJPOBMFODSZQUJPO '& BTFDSFULFZ JTBTTPDJBUFEXJUIBDJSDVJU BOEUIF EFDSZQUJPOQSPDFTTXJUIUIJTLFZBOEB DJQIFSUFYU PVUQVUT CVUOPUIJOH FMTF C DU(x) C(x) New lattice assumptions [AJ15, BV15]

Building iO iO Standard assumptions iO [JLS21, JLS22, RVV25] [AJ15,
BV15] #PPUTUSBQQJOHGSPN'&UPJ0SFRVJSFT DPTUMZSFDVSTJWF'&FODSZQUJPOGPS FBDIJOQVUCJUSVOOJOHUIF'& FODSZQUJPOBMHPSJUINBTUIFGVODUJPO FWBMVBUFEEVSJOHEFDSZQUJPO '&%FD< > xi+1 '&&OD DU(xi ) xi DU(xi+1 ) Functional Encryption (FE) [BDGM20, GP21,JLLW23, HJL25, AMY+25]… New lattice assumptions

Our Contributions iO Standard assumptions iO [JLS21, JLS22, RVV25] Diam
ond iO [SBP25] %JBNPOEJ0SFQMBDFTUIFSFDVSTJWF '&FODSZQUJPOXJUITJNQMFNBUSJY PQFSBUJPOT Functional Encryption (FE) [BDGM20, GP21,JLLW23, HJL25, AMY+25]… New lattice assumptions [AJ15, BV15]

iO Standard assumptions iO [JLS21, JLS22, RVV25] Diam ond iO
[SBP25] w "EPQUUIFJEFBPGUIF'&TDIFNF JOUSPEVDFEJO<",:>JOBOPOCMBDL CPYNBOOFS w 1SPWFUIFTFDVSJUZVOEFS TVCFYQ -8& FWBTJWF-8& PVSOFXMBUUJDF BTTVNQUJPO BMMQSPEVDU-8& JOUIF QTFVEPSBOEPNPSBDMFNPEFM w *NQMFNFOUFEBQBSUPGUIF DPOTUSVDUJPO JODMVEJOHPVSOPWFM UFDIOJRVF Our Contributions Functional Encryption (FE) [BDGM20, GP21,JLLW23, HJL25, AMY+25]… New lattice assumptions [AJ15, BV15]

Outline 1. Core idea behind Diamond iO: a combination of
GGH15 and BGG+ encodings allows a straightforward construction of iO under some non- standard lattice assumptions. 2. Security analysis of non-standard assumptions 3. Benchmark results and roadmap to practical iO

GGH15 and BGG+ encodings allows a straightforward construction of iO under some non- standard lattice assumptions 2. Security analysis of non-standard assumptions 3. Benchmark results and roadmap to practical iO

Evaluation 1SPDFTTTJNJMBSUP'& EFDSZQUJPOJO<",:> Encode(FHE.Enc(C), ⃗ 0L ) *OTFSUFWBMVBUPSCJUT UPUIFFODPEJOH
xT L First Attempt inspired from [AKY24] FE Encode(FHE.Enc(C), ⃗ xL ) C( ⃗ xL )

1TFVEPSBOEPNPCGVTDBUJPO<#%+ ",:#> Informal definition: pseudorandom obfuscations of two circuits
are indistinguishable from each other if they are pseudorandom functions [AKY24B]: C0 , C1 In the pseudorandom oracle model [JLL+23], ({C0 ( ⃗ x)} ⃗ x∈{0,1}L , aux) ≈ ({$ ⃗ x ← {0,1}ℓ} ⃗ x∈{0,1}L , aux) ≈ ({C1 ( ⃗ x)} ⃗ x∈{0,1}L , aux), iO.Obf(C( ⋅ )) := PRO.Obf(C( ⋅ ) ⊕ Hash( ⋅ )) where pseudorandom oracle is instantiated by hash function [BDJ+24].

/PUBUJPOPG#(( &ODPEJOHT<#(( > sT((A1 , …, AL ) − (x1
, …, xL ) ⊗ G) + e Input encoding Output encoding Apply Circuit [BTVW17] C : {0,1}L → ℤ(n+1)×ℓ q sT(AC − C( ⃗ x)) + e′

/PUBUJPOPG#(( &ODPEJOHT<#(( > sT((A1 , …, AL ) − (x1
, …, xL ) ⊗ G) + e Input encoding Output encoding Apply Circuit [BTVW17] C : {0,1}L → ℤ(n+1)×ℓ q sT(AC − C( ⃗ x)) + e′ JTEFUFSNJOJTUJDBMMZEFSJWFEGSPN BOE JOEFQFOEFOUPG BOE AC A = (A1 , …, AL ) C ⃗ x C( ⃗ x)

A Problem: BGG+ encoding cannot natively handle private data Solution:
Encode the FHE encryption of private data and the FHE secret key ( is same as in [AKY24]), and then evaluate the FHE evaluation and decryption processes on BGG+ encodings [GVW15, BTV+17, HLL23, AKY24]. ct := FHE.Enc( ⃗ x) t t s sT(A − (1,CJUT(DU), t) ⊗ G) + e Eval F[f](ct, t) := FHE.Dec(t, FHE.Eval(ct, f)) sTAF + f( ⃗ x) + e′ )BOEMFQSJWBUFEBUBPO#(( FODPEJOH f( ⃗ x) + e′ Remove the mask sTAF

A Problem: BGG+ encoding cannot natively handle private data Solution:
Encode the FHE encryption of private data and the FHE secret key ( is same as in [AKY24]), and then evaluate the FHE evaluation and decryption processes on BGG+ encodings [GVW15, BTV+17, HLL23, AKY24]. ct := FHE.Enc( ⃗ x) t t s sT(A − (1,CJUT(DU), t) ⊗ G) + e Eval F[f](ct, t) := FHE.Dec(t, FHE.Eval(ct, f)) sTAF + f( ⃗ x) + e′ )BOEMFQSJWBUFEBUBPO#(( FODPEJOH f( ⃗ x) + e′ Remove the mask sTAF *OUIF<",:>'&TDIFNF XIFSFUIFPVUQVUPG13'JTBQQSPYJNBUFMZCPVOEFECZ NBTLJOHUIF-8&FSSPS f[r]( ⃗ x, K) := ⌈q/2⌉C(x) + 13'(K, r) [−q/4,q/4] e′

First Attempt inspired from [AKY24] FE Obfuscation Evaluation The obfuscator
with the circuit provides (1) , where , is a key of PRF whose output is bounded, is pseudorandom function. C cT ϵ := sT(A − (1,ξT, 0L , tT) ⊗ G)) ξT := bits(FHE.Enc(C, K)) K C : {0,1}L → {0,1}ℓ cxL := sT(A − (1,ξT, ⃗ xT L , tT) ⊗ G)) cϵ := sT(A − (1,ξT, 0L , tT) ⊗ G)) *OTFSUFWBMVBUPSCJUT UPUIFFODPEJOH xT L * The underlined term contains LWE errors.

First Attempt inspired from [AKY24] FE Obfuscation Evaluation The obfuscator
with the circuit provides (1) , where , is a key of PRF whose output is bounded, is pseudorandom function. C cT ϵ := sT(A − (1,ξT, 0L , tT) ⊗ G)) ξT := bits(FHE.Enc(C, K)) K C : {0,1}L → {0,1}ℓ cxL := sT(A − (1,ξT, ⃗ xT L , tT) ⊗ G)) ⌈q/2⌉C( ⃗ xL ) + 13'(K, ⃗ x) + eT F, ⃗ xL * The underlined term contains LWE errors. cϵ := sT(A − (1,ξT, 0L , tT) ⊗ G)) *OTFSUFWBMVBUPSCJUT UPUIFFODPEJOH xT L 1SPDFTTTJNJMBSUP'& EFDSZQUJPOJO<",:> (2) Data to produce , where and vT := sTAF F(ξ, ⃗ xL , t) := FHE.Dec(t, FHE.Eval(ξT, f( ⋅ , ⋅ , ⃗ xL ))), f(C, K, ⃗ xL ) := ⌈q/2⌉C( ⃗ xL ) + PRF(K, ⃗ xL )

Insert input bits to BGG+ encoding sT(A00 − (1,ξT,0,0,tT) ⊗
G)) sT(A01 − (1,ξT,0,1,tT) ⊗ G)) sT(A10 − (1,ξT,1,0,tT) ⊗ G)) sT(A11 − (1,ξT,1,1,tT) ⊗ G)) Case 1: A00 ≠ A01 ≠ A10 ≠ A11 The obfuscated circuit grows exponentially with respect to the input size because depends on . AF Ax1 x2 Case 2: A00 = A01 = A10 = A11 The scheme becomes insecure because the evaluator can obtain (and thus ) by canceling out [Wee22]. sTG + e s sT A Naive ideas:

Insert input bits to BGG+ encoding sT(A00 − (1,ξT,0,0,tT) ⊗
G)) sT(A01 − (1,ξT,0,1,tT) ⊗ G)) sT(A10 − (1,ξT,1,0,tT) ⊗ G)) sT(A11 − (1,ξT,1,1,tT) ⊗ G)) Case 1: A00 ≠ A01 ≠ A10 ≠ A11 The obfuscated circuit grows exponentially with respect to the input size because depends on . AF Ax1 x2 Case 2: A00 = A01 = A10 = A11 The scheme becomes insecure because the evaluator can obtain (and thus ) by canceling out [Wee22]. sTG + e s sT A Naive ideas: &YBNQMF sT(A − (1,ξT,0,1,tT) ⊗ G)) − sT(A − (1,ξT,0,0,tT) ⊗ G)) → sTG

sT 00 (A − (1,ξT,0,0,tT) ⊗ G)) sT 01 (A
− (1,ξT,0,1,tT) ⊗ G)) sT 10 (A − (1,ξT,1,0,tT) ⊗ G)) sT 11 (A − (1,ξT,1,1,tT) ⊗ G)) Our idea: embed the input-dependency into the secret keys sT 00 := sT ϵ S1,0 S2,0 s ⃗ xi := sϵ ∏ j∈{1,…,i} Sj,xj Insert input bits to BGG+ encoding sT 10 := sT ϵ S1,1 S2,0 sT 01 := sT ϵ S1,0 S2,1 sT 11 := sT ϵ S1,1 S2,1 where sT ϵ := (¯ sT ϵ ← {0,1}1×n, − 1), Sj,b := ( ¯ Sj,b ← {0,1}n×n 0 0 1)

Public matrix is independent of the input A The obfuscated
circuit grows polynomially because the output public matrix is independent of the input . AF (x1 , …, xL ) Secret key depends on all input bits s ⃗ xL The scheme can prevent the trivial attack because the evaluator cannot cancel out between two different encodings. s ⃗ xL A Insert input bits to BGG+ encoding Our idea: embed the input-dependency into the secret keys sT 00 (A − (1,ξT,0,0,tT) ⊗ G)) sT 01 (A − (1,ξT,0,1,tT) ⊗ G)) sT 10 (A − (1,ξT,1,0,tT) ⊗ G)) sT 11 (A − (1,ξT,1,1,tT) ⊗ G))

Obfuscation Evaluation • -sized size poly(L) ˜ C On input
and obtain ⃗ xL := (x1 , …, xL ) ˜ C cT ⃗ xL := sT ⃗ xL (A − (1,ξT, ⃗ xT L , tT) ⊗ G)) potential patterns of BGG+ encodings! 🤯 2L Insert input bits to BGG+ encoding Our idea: embed the input-dependency into the secret keys

GGH15 encoding allows generating patterns of LWE instances from preimages
[GGH+15]. 2L 2L sT ϵ B0 K1,0 ← B−1 0 (S1,0 B1 ) for all patterns! sT ⃗ xL BL ⃗ xL ∈ {0,1}L Generate instances through a chain of preimages 2L K1,1 ← B−1 0 (S1,1 B1 ) K2,0 ← B−1 1 (S2,0 B2 ) K2,1 ← B−1 1 (S2,1 B2 ) ⋯ ⋯ KL,0 ← B−1 L−1 (SL,0 BL ) KL,1 ← B−1 L−1 (SL,1 BL )

GGH15 encoding allows generating patterns of LWE instances from preimages
[GGH+15]. 2L 2L sT ϵ B0 K1,0 ← B−1 0 (S1,0 B1 ) for all patterns! sT ⃗ xL BL ⃗ xL ∈ {0,1}L Generate instances through a chain of preimages 2L K1,1 ← B−1 0 (S1,1 B1 ) K2,0 ← B−1 1 (S2,0 B2 ) K2,1 ← B−1 1 (S2,1 B2 ) ⋯ ⋯ KL,0 ← B−1 L−1 (SL,0 BL ) KL,1 ← B−1 L−1 (SL,1 BL ) JTBMBUUJDFQSFJNBHF TBUJTGZJOH GPSBOZ 5IJTTBNQMJOH SFRVJSFBUSBQEPPSGPS K ← B−1(A) BK = A A B

The obfuscator provides an initial GGH15 encoding and preimages. 2L
K1,0 ← B−1 0 ((U1,0 ⊗ S1,0 )B1 ) Input Insertion through a chain of preimages ⋯ ⋯ K1,0 ← B−1 0 ((U1,1 ⊗ S1,1 )B1 ) K2,0 ← B−1 1 ((U2,0 ⊗ S2,0 )B2 ) K2,1 ← B−1 1 ((U2,1 ⊗ S2,1 )B2 ) KL,0 ← B−1 L−1 ((UL,0 ⊗ SL,0 )BL ) KL,1 ← B−1 L−1 ((UL,1 ⊗ SL,1 )BL ) is a matrix such that holds. Ui,b (1,ξT, ⃗ xT i−1 , ⃗ 0T L−i+1 , tT)Ui,b = (1,ξT, ⃗ xT i , ⃗ 0T L−i , tT) pT ϵ := ((1,ξT, ⃗ 0T L , tT) ⊗ sT ϵ )B0

The evaluator just multiplies them according to their input bits
! ⃗ xL ∈ {0,1}L pT ϵ := ((1,ξT, ⃗ 0T L , tT) ⊗ sT ϵ )B0 K1,0 ← B−1 0 ((U1,0 ⊗ S1,0 )B1 ) Input Insertion through a chain of preimages ⋯ ⋯ K1,0 ← B−1 0 ((U1,1 ⊗ S1,1 )B1 ) K2,0 ← B−1 1 ((U2,0 ⊗ S2,0 )B2 ) K2,1 ← B−1 1 ((U2,1 ⊗ S2,1 )B2 ) KL,0 ← B−1 L−1 ((UL,0 ⊗ SL,0 )BL ) KL,1 ← B−1 L−1 ((UL,1 ⊗ SL,1 )BL ) is a matrix such that holds. Ui,b (1,ξT, ⃗ xT i−1 , ⃗ 0T L−i+1 , tT)Ui,b = (1,ξT, ⃗ xT i , ⃗ 0T L−i , tT) x1 = 0

! ⃗ xL ∈ {0,1}L pT ⃗ x1 := ((1,ξT, ⃗ xT 1 , ⃗ 0T L−1 , tT) ⊗ sT ⃗ x1 )B1 Input Insertion through a chain of preimages ⋯ ⋯ K2,0 ← B−1 1 ((U2,0 ⊗ S2,0 )B2 ) K2,1 ← B−1 1 ((U2,1 ⊗ S2,1 )B2 ) KL,0 ← B−1 L−1 ((UL,0 ⊗ SL,0 )BL ) KL,1 ← B−1 L−1 ((UL,1 ⊗ SL,1 )BL ) is a matrix such that holds. Ui,b (1,ξT, ⃗ xT i−1 , ⃗ 0T L−i+1 , tT)Ui,b = (1,ξT, ⃗ xT i , ⃗ 0T L−i , tT) x2 = 1

! ⃗ xL ∈ {0,1}L pT ⃗ x1 := ((1,ξT, ⃗ xT 2 , ⃗ 0T L−2 , tT) ⊗ sT ⃗ x2 )B2 Input Insertion through a chain of preimages ⋯ ⋯ KL,0 ← B−1 L−1 ((UL,0 ⊗ SL,0 )BL ) KL,1 ← B−1 L−1 ((UL,1 ⊗ SL,1 )BL ) is a matrix such that holds. Ui,b (1,ξT, ⃗ xT i−1 , ⃗ 0T L−i+1 , tT)Ui,b = (1,ξT, ⃗ xT i , ⃗ 0T L−i , tT)

! ⃗ xL ∈ {0,1}L Input Insertion through a chain of preimages KL,0 ← B−1 L−1 ((UL,0 ⊗ SL,0 )BL ) KL,1 ← B−1 L−1 ((UL,1 ⊗ SL,1 )BL ) is a matrix such that holds. Ui,b (1,ξT, ⃗ xT i−1 , ⃗ 0T L−i+1 , tT)Ui,b = (1,ξT, ⃗ xT i , ⃗ 0T L−i , tT) pT ⃗ xL−1 := ((1,ξT, ⃗ xT L−1 , ⃗ 0T 1 , tT) ⊗ sT ⃗ xL−1 )BL−1 xL = 0

! ⃗ xL ∈ {0,1}L Input Insertion through a chain of preimages is a matrix such that holds. Ui,b (1,ξT, ⃗ xT i−1 , ⃗ 0T L−i+1 , tT)Ui,b = (1,ξT, ⃗ xT i , ⃗ 0T L−i , tT) pT ⃗ xL := ((1,ξT, ⃗ xT L , tT) ⊗ sT ⃗ xL )BL

The obfuscator additionally provides a preimage to construct the input
BGG+ encoding. Input Insertion through a chain of preimages pT ⃗ xL := ((1,ξT, ⃗ xT L , tT) ⊗ sT ⃗ xL )BL Katt ← B−1 L (u1 ⊗ A − I ⊗ G) × cT ⃗ xL := sT ⃗ xL (A − (1,ξT, ⃗ xT L , tT) ⊗ G) KF ← B−1 L (u1 ⊗ AF) × vT ⃗ xL := sT ⃗ xL AF

Summary of our pseudorandom obfuscation Obfuscation Evaluation ˜ C =
pϵ , {Ki,b }i∈{1,…,L},b∈{0,1} , A, K 𝖺 𝗍 𝗍 , 𝗉 𝗄 , 𝖼 𝗍 , KF c ⃗ xL := sT ⃗ xL (A − (1,ξT, ⃗ xT L , tT) ⊗ G)) ⌈q/2⌉C( ⃗ xL ) + 13'(K, ⃗ x) + eT F, ⃗ xL 1SPDFTTTJNJMBSUP'&EFDSZQUJPOJO <",:> XIJDIQSPEVDFTp ⃗ xL KF = sT ⃗ xL AF pϵ := ((1,ξT, ⃗ 0T L , tT) ⊗ sT ϵ )B0 *OTFSUFWBMVBUPSCJUT UPUIFFODPEJOHCZ QSFJNBHFNVMUJQMJDBUJPOT xT L p ⃗ xL := ((1,ξT, ⃗ xT L , tT) ⊗ sT ⃗ xL )BL

(Private-coin Binding) Evasive LWE [Wee22, BUW24] (B, P, SB, SP,
aux) ≈ (B, P, $, $, aux), If the following precondition holds, then the following postcondition holds, (B, P, SB, KP ← B−1(P), aux) ≈ (B, P, $, KP ← B−1(P), aux), where are sampled by a private-coin sampler. (S, P, aux) *Our security proof also relies on private-coin hiding evasive LWE, where remain hidden and should be pseudorandom with [BUW24]. B, P P aux

A blueprint of security proof Our security proof consists of
two steps: 1. Prove the pseudorandomness in the precondition based on the LWE + our new lattice assumption (all-product LWE). 2. Prove the pseudorandomness of the obfuscated circuit (postcondition) by applying evasive LWE step-by-step. Recent attacks against evasive LWE with the [AKY24] sampler [HJL25, AMY+25] can be prevented 1) by involving rounding as introduced in the updated construction of [AKY24] or 2) by fixing the homomorphic PRF construction to honestly designed one.

New Lattice Assumption: All-Product LWE A, {Bi }i∈{0,…,L} , {cT
A, ⃗ xL := sT ⃗ xL (A − ⃗ xL ⊗ G) + eT A, ⃗ xL } ⃗ xL ∈{0,1}L {cT B, ⃗ xi := sT ⃗ xi Bi + eT B, ⃗ xi }i∈{0,…,L}, ⃗ xi ∈{0,1}i ≈ A, {Bi }i∈{0,…,L} , $ $ BGG+ encodings and LWE instances • input-dependent secret key • independently sampled Gaussian error 𝒪 (2L) cA, ⃗ xL cB, ⃗ xi s ⃗ xL e ⃗ xi s ⃗ xi := sϵ ∏ j∈{1,…,i} Sj,xj

Attempt to reduce to LWE ✅ A, {Bi }i∈{0,…,L} ,
{cT A, ⃗ xL := sT ⃗ xL (A − ⃗ xL ⊗ G) + eT A, ⃗ xL } ⃗ xL ∈{0,1}L {cT B, ⃗ xi := sT ⃗ xi Bi + eT B, ⃗ xi }i∈{0,…,L}, ⃗ xi ∈{0,1}i by noise flooding (and is low-norm) by LWE sT ⃗ xi Bi + eT B, ⃗ xi ≈s sT ⃗ xi−1 (Si,xi Bi + Ei,xi ) + eT B, ⃗ xi s ⃗ xi−1 ≈c sT ⃗ xi−1 Ci,xi + eT B, ⃗ xi s ⃗ xi := sϵ ∏ j∈{1,…,i} Sj,xj

Attempt to reduce to LWE ❌ A, {Bi }i∈{0,…,L} ,
{cT A, ⃗ xL := sT ⃗ xL (A − ⃗ xL ⊗ G) + eT A, ⃗ xL } ⃗ xL ∈{0,1}L {cT B, ⃗ xi := sT ⃗ xi Bi + eT B, ⃗ xi }i∈{0,…,L}, ⃗ xi ∈{0,1}i , where is a uniformly random matrix provided by the LWE challenger. A = ¯ A ⃗ xL + ⃗ xL G ¯ A ⃗ xL ← ℤ(n+1)×mA q s ⃗ xi := sϵ ∏ j∈{1,…,i} Sj,xj

Opening questions: • Can we replace evasive LWE in its
applications with another LWE-with- hints assumption—such as circular security with random opening (CRO) assumption [HJL25]—while preserving their simplicity? • Can all-product LWE reduce to other lattice assumptions that could be stronger than (sub-exp) LWE but still falsifiable? e.g., tensor LWE [Wee22], succinct LWE [Wee24]

Implementation! https://github.com/ MachinaIO/diamond-io

Status and limitation of the current implementation • FHE evaluation
over BGG+ encodings supports only linear operations. • We found the initial PRF construction designed for the implementation cannot be proven secure. • The obfuscation encrypts a hardcoded key, rather than the entire circuit. • The hash computation to transform pseudorandom obfuscation to iO has not been implemented. • The parameter chooses might be too optimistic in terms of security. However, the input insertion technique we proposed has been implemented exactly as the theoretical construction.

Benchmark results

Benchmark results Main Bottleneck: the modulus increases exponentially with respect
to the input size. q

Roadmap to practical iO 1. Public lookup evaluation and arithmetic
operations over BGG+ encodings 2. Secure and concretely efficient homomorphic evaluation of PRF over BGG+ encodings 3. Private lookup evaluation 4. Noise refreshing during input insertion 5. FHE decryption and SNARG verification within an obfuscated circuit [GGH+13]

Acknowledgement We would like to sincerely thank the developers of
OpenFHE and openfhe-rs, open-source lattice and FHE libraries. We are also grateful to Prof. Yuriy Polyakov for his valuable advice on preimage sampling and his insightful feedback on optimizing our implementation. Any remaining errors are entirely our own responsibility.

3FGFSFODFT • [AJ15] Ananth, P., & Jain, A. (2015, August).
Indistinguishability obfuscation from compact functional encryption. In Annual Cryptology Conference (pp. 308-326). Berlin, Heidelberg: Springer Berlin Heidelberg. • [BV15] Bitansky, N., & Vaikuntanathan, V. (2015, October). Indistinguishability Obfuscation from Functional Encryption. In 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (pp. 171-190). IEEE. [JLS21] Jain, A., Lin, H., & Sahai, A. (2021, June). Indistinguishability obfuscation from well-founded assumptions. In Proceedings of the 53rd annual ACM SIGACT symposium on theory of computing (pp. 60-73). • [JLS22] Jain, A., Lin, H., & Sahai, A. (2022, May). Indistinguishability obfuscation from LPN over F p, DLIN, and PRGs in NC 0. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 670-699). Cham: Springer International Publishing. • [BDGM20] Brakerski, Z., Döttling, N., Garg, S., & Malavolta, G. (2020). Candidate iO from Homomorphic Encryption Schemes. In Advances in Cryptology–EUROCRYPT 2020: 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part I 39 (pp. 79-109). Springer International Publishing.ISO 690 • [GP21] Gay, R., & Pass, R. (2021, June). Indistinguishability obfuscation from circular security. In Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing (pp. 736-749).ISO 690 • [RVV25] Ragavan, S., Vafa, N., & Vaikuntanathan, V. (2025). Indistinguishability obfuscation from bilinear maps and LPN variants. In Theory of Cryptography Conference (pp. 3-36). Springer, Cham. • [HJL25] Hsieh, Y. C., Jain, A., & Lin, H. (2025). Lattice-based post-quantum iO from circular security with random opening assumption (part II: zeroizing attacks against private-coin evasive LWE assumptions). Cryptology ePrint Archive. • [AMY+25] Agrawal, S., Modi, A., Yadav, A., & Yamada, S. (2025). Evasive LWE: attacks, variants & obfustopia. Cryptology ePrint Archive. • [AKY24] Agrawal, S., Kumari, S., & Yamada, S. (2024). Compact Pseudorandom Functional Encryption from Evasive LWE. Cryptology ePrint Archive. • [BGG+14] Boneh, D., Gentry, C., Gorbunov, S., Halevi, S., Nikolaenko, V., Segev, G., ... & Vinayagamurthy, D. (2014). Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In Advances in Cryptology–EUROCRYPT 2014: 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings 33 (pp. 533-556). Springer Berlin Heidelberg. • [JLL+23] Jain, A., Lin, H., Luo, J., & Wichs, D. (2023, August). The pseudorandom oracle model and ideal obfuscation. In Annual International Cryptology Conference (pp. 233-262). Cham: Springer Nature Switzerland. • [BDJ+24] Branco, P., Döttling, N., Jain, A., Malavolta, G., Mathialagan, S., Peters, S., & Vaikuntanathan, V. (2024). Pseudorandom Obfuscation and Applications. Cryptology ePrint Archive. • [AKY24B] Agrawal, S., Kumari, S., & Yamada, S. (2024). Pseudorandom Multi-Input Functional Encryption and Applications. Cryptology ePrint Archive. • [GVW15] Gorbunov, S., Vaikuntanathan, V., & Wee, H. (2015, August). Predicate encryption for circuits from LWE. In Annual Cryptology Conference (pp. 503-523). Berlin, Heidelberg: Springer Berlin Heidelberg. • [BTV+17] Brakerski, Z., Tsabary, R., Vaikuntanathan, V., & Wee, H. (2017, November). Private constrained PRFs (and more) from LWE. In Theory of Cryptography Conference (pp. 264-302). Cham: Springer International Publishing. • [HLL23] Hsieh, Y. C., Lin, H., & Luo, J. (2023, November). Attribute-based encryption for circuits of unbounded depth from lattices. In 2023 IEEE 64th Annual Symposium on Foundations of Computer Science (FOCS) (pp. 415-434). IEEE. • [Wee22] Wee, H. (2022, May). Optimal broadcast encryption and CP-ABE from evasive lattice assumptions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 217-241). Cham: Springer International Publishing. • [GGH+15] Gentry, C., Gorbunov, S., & Halevi, S. (2015). Graph-induced multilinear maps from lattices. In Theory of Cryptography: 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23-25, 2015, Proceedings, Part II 12 (pp. 498-527). Springer Berlin Heidelberg. • [BUW24] Brzuska, C., Ünal, A., & Woo, I. K. (2024, December). Evasive LWE assumptions: Definitions, classes, and counterexamples. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 418-449). Singapore: Springer Nature Singapore. • [Wee24] Wee, H. (2024, August). Circuit ABE with poly (depth, λ)-sized ciphertexts and keys from lattices. In Annual International Cryptology Conference (pp. 178-209). Cham: Springer Nature Switzerland. • [GGH+13] Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., & Waters, B. (2013, October). Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits. In Proceedings of the 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (pp. 40-49).

Talk about Diamond iO at the Obfuscation worksh...

Talk about Diamond iO at the Obfuscation workshop (2025) held by the Simons Institute

More Decks by SoraSuegami

Other Decks in Technology

Featured

Transcript