Partial-indistinguishability obfuscation using braids

An obfuscator is an algorithm that translates circuits into functionally-equivalent similarly-sized circuits that are hard to understand. Efficient obfuscators would have many applications in cryptography. Until recently, theoretical progress has mainly been limited to no-go results. Recent works have proposed the first efficient obfuscation algorithms for classical logic circuits, based on a notion of indistinguishability against polynomial-time adversaries. In this work, we propose a new notion of obfuscation, which we call partial-indistinguishability. This notion is based on computationally universal groups with efficiently computable normal forms, and appears to be incomparable with existing definitions. We describe universal gate sets for both classical and quantum computation, in which our definition of obfuscation can be met by polynomial-time algorithms. We also discuss some potential applications to testing quantum computers. We stress that the cryptographic security of these obfuscators, especially when composed with translation from other gate sets, remains an open question.

💡 Research Summary

The paper introduces a novel notion of program obfuscation called partial‑indistinguishability (PI) and demonstrates how it can be achieved efficiently for both classical and quantum circuits using braid groups. Traditional theoretical work on obfuscation has largely focused on impossibility results or on the very strong notion of indistinguishability obfuscation (iO), which requires that any two functionally equivalent circuits be computationally indistinguishable to any polynomial‑time adversary. iO is notoriously hard to construct and, for most settings, believed to be infeasible.

In contrast, PI relaxes the indistinguishability requirement by restricting the adversary’s distinguishing power to a specific algebraic structure: a computationally universal group equipped with an efficiently computable normal form. The authors choose the Artin braid group (B_n) as their concrete instantiation because of its well‑studied Garside normal form, which can be computed in polynomial time. The central idea is to map a circuit to an element of the braid group, then replace the circuit by the canonical normal form of that element. Since the normal form is unique, any two circuits that map to the same braid element become indistinguishable after this transformation, while circuits that map to different elements remain distinguishable.

To make the construction practical, the authors design universal gate sets that admit a straightforward translation into braid generators. For classical computation, they encode NAND, COPY, and NOT gates as specific braid words; for quantum computation, they encode a universal set ({CNOT, H, T}) using braid operations that capture both permutation and phase information. The translation (\Phi) from a circuit to a braid word is performed in polynomial time, and the subsequent Garside reduction yields a normal form of size polynomial in the original circuit size. Finally, the normal form is converted back into a circuit using the same universal gate set, producing an obfuscated circuit (O(C)) that is functionally equivalent to the original but whose internal structure is effectively “scrambled.”

The security claim of PI is that no polynomial‑time algorithm can distinguish two obfuscated circuits unless it can solve the word problem in the underlying group more efficiently than the known normal‑form algorithm. Because the braid word problem is believed to be hard for generic instances, this provides a plausible security foundation that is distinct from the assumptions underlying iO (e.g., multilinear maps). However, the authors are careful to note that the security of their construction when composed with other gate‑set translations, or when the adversary has additional algebraic information, remains an open problem.

Beyond the theoretical contribution, the paper discusses a concrete application: testing quantum computers. By obfuscating a quantum circuit with the braid‑based PI scheme, a verifier can send the obfuscated circuit to a quantum device and check the output distribution without learning the device’s internal implementation. This could serve as a black‑box certification tool, especially in scenarios where the verifier does not trust the hardware manufacturer.

The paper concludes with several avenues for future work: extending the PI framework to other groups (e.g., Thompson’s group, other Artin groups), formalizing security reductions to well‑studied hardness assumptions, optimizing the size overhead of the obfuscated circuits, and experimentally evaluating the approach on real quantum hardware. In summary, the work opens a new research direction by marrying braid‑group algebra with program obfuscation, offering a polynomial‑time, theoretically grounded method for partial‑indistinguishability that is applicable to both classical and quantum computation, while clearly delineating the remaining cryptographic challenges.