|
|
|
|
|
|
by sterlind
1434 days ago
|
|
|
as a full example of how to do this, consider the following proof of concept setup: - FHE-based implementation of whatever function you want to hide, say, a DRM circuit that sends your TV the symmetric key to a movie if you give it the TV's chained certificate along with a token proving you rented it. - shortened zk-SNARK proof that you evaluated the FHE circuit correctly. - simple (iO) obfuscated gadget that decrypts and returns the output of the FHE circuit only if 1) the FHE message says evaluation completed and 2) the zk-SNARK proof checks out; otherwise, return random garbage. in order for this to work, the gadget must have enough entropy in its class of alternative obfuscations, that you can't distinguish it. but what I'm not sure about is, you still can distinguish the gadget from one that simply always outputs garbage. I don't know how you can prove that reverse-engineering a given iO circuit is infeasible. I just don't have the first clue. Help? |
|
|