We've come a long way since the first IO result came out. Since then, we've gotten a couple more multilinear map candidates (though most are now broken), and some simpler constructions, but we're still really far from IO with a proof. This is primarily because of the underlying multilinear map that's being used. The Gentry et al result that proves IO secure in the generic multilinear model isn't that useful yet simply because there have been so many nongeneric attacks against mmap candidates, especially when they're used in IO. That is, at the moment there's no reason to believe that the generic multilinear model is even a good way to think about IO security.<p>What would be a really big result is finding IO that doesn't rely on multilinear maps.
I remember pretty clearly reading a comment by the author of the paper about the 'unbreakable obfuscation' in which he said that the paper was greatly misrepresented in that it had made a proof in a specific problem domain that wasn't so applicable to real software.<p>I'm pretty sure it was posted on HN at some point. I don't remember the term IO being used, so it may have been a different kind of obfuscation. There were some allusions made to an unsolvable jigsaw puzzle.
I'd like to note that IO does not give a guarantee of impossibility of extracting keys.<p>AFAIK, the definition of IO is: we have two programs that perform the same computation.
After we apply IO to both programs, we cannot figure out which obfuscated program corresponds to a particular original program.<p>However, there is a flaw: programs encrypting data with different keys are performing <i>different</i> computations.<p>So IO definition does <i>not claim</i> that IO is able to hide the key.