Obfuscation of Hyperplane Membership Ran Canetti 1,⋆ , Guy N. Rothblum 2 ,⋆⋆ , and Mayank Varia 3,⋆⋆⋆ 1 School of Computer Science, Tel Aviv University canetti@cs.tau.ac.il 2 Princeton University rothblum@princeton.edu 3 Massachusetts Institute of Technology varia@csail.mit.edu Abstract. Previous work on program obfuscation gives strong negative results for general-purpose obfuscators, and positive results for obfuscat- ing simple functions such as equality testing (point functions). In this work, we construct an obfuscator for a more complex algebraic function- ality: testing for membership in a hyperplane (of constant dimension). We prove the security of the obfuscator under a new strong variant of the Decisional Diffie-Hellman assumption. Finally, we show a cryptographic application of the new obfuscator to digital signatures. 1 Introduction The problem of program obfuscation has been of long-standing interest to prac- titioners, and has recently been an active topic of research in theoretical cryp- tography. The high-level goal of program obfuscation is to compile a computer program in such a way that an adversary cannot learn anything from seeing the program beyond could be learned by running the program and observing its input-output behavior. Barak et al. [1] formalized the notion of obfuscation using simulation-based definitions. Over the past decade, the theory community has found a few positive obfuscation results for specific families of programs. In this paper, we provide an obfuscator for a new family of programs. Virtual black-box obfuscation. The procedure of “obfuscating” a computer program should garble the program’s code and make it unintelligible. The extent of the garbling is limited by the fact that the program’s functionality should be preserved. As a result, both honest and adversarial users of the obfuscated program can learn some information by observing the program’s input-output functionality, and we do not wish to prevent users from learning information this ⋆ Supported by the Check Point Institute for Information Security, an ISF grant, an EU Marie Curie grant, and an Israel-US BSF grant. ⋆⋆ Supported by NSF Grants CCF-0635297, CCF-0832797 and by a Computing In- novation Fellowship. ⋆⋆⋆ Supported by the Department of Defense through the NDSEG Program. D. Micciancio (Ed.): TCC 2010, LNCS 5978, pp. 72–89, 2010. c  International Association for Cryptologic Research 2010