This paper studies the question of how to define, construct, and use obfuscators for
. Such obfuscators compile a possibly randomized program into a
one, which achieves computationally indistinguishable behavior from the original program as long as it is run on each input at most once. For obfuscation, we propose a notion that extends
to probabilistic circuits: It should be hard to distinguish between the obfuscations of any two circuits whose output distributions at each input are computationally indistinguishable, possibly in presence of some auxiliary input. We call the resulting notion
probabilistic indistinguishability obfuscation (
We define several variants of
, and study relations among them. Moreover, we give a construction of one of our variants, called
, from sub-exponentially hard indistinguishability obfuscation (for deterministic circuits) and one-way functions.
We then move on to show a number of applications of
. In particular, we first give a general and natural methodology to achieve fully homomorphic encryption (FHE) from variants of
and of semantically secure encryption schemes. In particular, one instantiation leads to FHE from any
obfuscator and any re-randomizable encryption scheme that’s slightly super-polynomially secure.
We note that this constitutes the first construction of full-fledged FHE that does not rely on encryption with circular security.
Moreover, assuming sub-exponentially secure puncturable PRFs computable in
, sub-exponentially-secure indistinguishability obfuscation for (deterministic)
circuits can be bootstrapped to obtain indistinguishability obfuscation for arbitrary (deterministic) poly-size circuits (previously such bootstrapping was known only assuming FHE with