A New Design for Cryptography’s Black Box

We&#x27;ve come a long way since the first IO result came out. Since then, we&#x27;ve gotten a couple more multilinear map candidates (though most are now broken), and some simpler constructions, but we&#x27;re still really far from IO with a proof. This is primarily because of the underlying multilinear map that&#x27;s being used. The Gentry et al result that proves IO secure in the generic multilinear model isn&#x27;t that useful yet simply because there have been so many nongeneric attacks against mmap candidates, especially when they&#x27;re used in IO. That is, at the moment there&#x27;s no reason to believe that the generic multilinear model is even a good way to think about IO security.<p>What would be a really big result is finding IO that doesn&#x27;t rely on multilinear maps.

Is this about data encryption, or is it about hiding the inner workings of an executable binary (malware packing&#x2F;copy protection)?

I remember pretty clearly reading a comment by the author of the paper about the &#x27;unbreakable obfuscation&#x27; in which he said that the paper was greatly misrepresented in that it had made a proof in a specific problem domain that wasn&#x27;t so applicable to real software.<p>I&#x27;m pretty sure it was posted on HN at some point. I don&#x27;t remember the term IO being used, so it may have been a different kind of obfuscation. There were some allusions made to an unsolvable jigsaw puzzle.

I&#x27;d like to note that IO does not give a guarantee of impossibility of extracting keys.<p>AFAIK, the definition of IO is: we have two programs that perform the same computation. After we apply IO to both programs, we cannot figure out which obfuscated program corresponds to a particular original program.<p>However, there is a flaw: programs encrypting data with different keys are performing <i>different</i> computations.<p>So IO definition does <i>not claim</i> that IO is able to hide the key.