Decomposable Obfuscation: A Framework for Building Applications of Obfuscation from Polynomial Hardness

Qipeng Liu, Mark Zhandry

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


There is some evidence that indistinguishability obfuscation (iO) requires either exponentially many assumptions or (sub)exponentially hard assumptions, and indeed, all known ways of building obfuscation suffer one of these two limitations. As such, any application built from iO suffers from these limitations as well. However, for most applications, such limitations do not appear to be inherent to the application, just the approach using iO. Indeed, several recent works have shown how to base applications of iO instead on functional encryption (FE), which can in turn be based on the polynomial hardness of just a few assumptions. However, these constructions are quite complicated and recycle a lot of similar techniques. In this work, we unify the results of previous works in the form of a weakened notion of obfuscation, called decomposable obfuscation. We show (1) how to build decomposable obfuscation from functional encryption and (2) how to build a variety of applications from decomposable obfuscation, including all of the applications already known from FE. The construction in (1) hides most of the difficult techniques in the prior work, whereas the constructions in (2) are much closer to the comparatively simple constructions from iO. As such, decomposable obfuscation represents a convenient new platform for obtaining more applications from polynomial hardness.

Original languageEnglish (US)
Article number35
JournalJournal of Cryptology
Issue number3
StatePublished - Jul 2021

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications
  • Applied Mathematics


  • Functional encryption
  • Indistinguishability obfuscation
  • PPAD
  • Polynomial hardness
  • Universal sampler


Dive into the research topics of 'Decomposable Obfuscation: A Framework for Building Applications of Obfuscation from Polynomial Hardness'. Together they form a unique fingerprint.

Cite this