Paper 2025/390

Lattice-Based Post-Quantum iO from Circular Security with Random Opening Assumption (Part II: zeroizing attacks against private-coin evasive LWE assumptions)

Yao-Ching Hsieh, University of Washington
Aayush Jain, Carnegie Mellon University
Huijia Lin, University of Washington
Abstract

Indistinguishability obfuscation (iO) stands out as a powerful cryptographic primitive but remains notoriously difficult to realize under simple-to-state, post-quantum assumptions. Recent works have proposed lattice-inspired iO constructions backed by new “LWE-with-hints” assumptions, which posit that certain distributions of LWE samples retain security despite auxiliary information. However, subsequent cryptanalysis has revealed structural vulnerabilities in these assumptions, leaving us without any post-quantum iO candidates supported by simple, unbroken assumptions. Motivated by these proposals, we introduce the \emph{Circular Security with Random Opening} (CRO) assumption—a new LWE-with-hint assumption that addresses structural weaknesses from prior assumptions, and based on our systematic examination, does not appear vulnerable to known cryptanalytic techniques. In CRO, the hints are random ``openings'' of zero-encryptions under the Gentry--Sahai--Waters (GSW) homomorphic encryption scheme. Crucially, these zero-encryptions are efficiently derived from the original LWE samples via a special, carefully designed procedure, ensuring that the openings are marginally random. Moreover, the openings do not induce any natural leakage on the LWE noises. These two features--- marginally random hints and the absence of (natural) noise leakage---rule out important classes of attacks that had undermined all previous LWE-with-hint assumptions for iO. Therefore, our new lattice-based assumption for iO provides a qualitatively different target for cryptanalysis compared to existing assumptions. To build iO under this less-structured CRO assumption, we develop several new technical ideas. In particular, we devise an oblivious LWE sampling procedure, which succinctly encodes random LWE secrets and smudging noises, and uses a tailored-made homomorphic evaluation procedure to generate secure LWE samples. Crucially, all non-LWE components in this sampler, including the secrets and noises of the generated samples, are independently and randomly distributed, avoiding attacks on non-LWE components. In the second part of this work, we investigate recent constructions of obfuscation for pseudorandom functionalities. We show that the same cryptanalytic techniques used to break previous LWE-with-hints assumptions for iO (Hopkins-Jain-Lin CRYPTO 21) can be adapted to construct counterexamples against the private-coin evasive LWE assumptions underlying these pseudorandom obfuscation schemes. Unlike prior counterexamples for private-coin evasive LWE assumptions, our new counterexamples take the form of zeroizing attacks, contradicting the common belief that evasive-LWE assumptions circumvent zeroizing attacks by restricting to ``evasive'' or pseudorandom functionalities.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
indistinguishability obfuscation
Contact author(s)
ychsieh @ cs washington edu
aayushja @ andrew cmu edu
rachel @ cs washington edu
History
2025-03-04: approved
2025-03-01: received
See all versions
Short URL
https://ia.cr/2025/390
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/390,
      author = {Yao-Ching Hsieh and Aayush Jain and Huijia Lin},
      title = {Lattice-Based Post-Quantum {iO} from Circular Security with Random Opening Assumption (Part {II}: zeroizing attacks against private-coin evasive {LWE} assumptions)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/390},
      year = {2025},
      url = {https://eprint.iacr.org/2025/390}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.