A Note on the Impossibility of Obfuscation with Auxiliary Inputs

In this note we revisit the problem of obfuscation with auxiliary inputs. We show that the existence of indistinguishablity obfuscation (iO) implies that all functions with sufficient “pseudoentropy” cannot be obfuscated with respect to a virtual box definition (VBB) in the presence of (dependent) auxiliary input. Namely, we show that for any candidate obfuscation O and for any function family F = {fs} with sufficient pseudo-entropy, there exists an (efficiently computable) auxiliary input aux, that demonstrates the insecurity of O. This is true in a strong sense: given O(fs) and aux one can efficiently recover the seed s, whereas given aux and oracle access to fs it is computationally hard to recover s. A similar observation was pointed out in a recent work of Goldwasser et. al. (Crypto 2013), assuming extractable witness encryption. In this note we show that the extractability property of the witness encryption is not needed to get our negative result, and all that is needed is the existence of witness encryption, which in turn can be constructed from iO obfuscation. ∗MIT and the Weizmann Institute. †Microsoft Research.