73 pointsby fbruschJun 29, 2026

2 Comments

stousetJul 1, 2026
I’m reasonably familiar with cryptography but the formalism of obfuscation given here makes no sense to me.

> The precise formalism typically used, indistinguishability obfuscation, says that if you are given obfuscations of two different programs that have the same functionality, you can't tell which is which.

This seems… not that useful? A sufficiently advanced optimizing compiler would be capable of transforming two input programs with identical functionality into one or the other, or both into some third representation. Either approach meets this criteria but doesn’t seem to me to provide any useful purpose.

And in practice, do two identically-functioning but different programs even exist in the wild? Two superficially identical programs of nontrivial complexity will almost certainly have divergent behavior somewhere (bugs, edge cases), at which point this formalism becomes moot.

some_furryJul 1, 2026
A friend once explained to me that the general goal of iO is basically DRM but with an inverted power dynamic: Imagine being able to deploy containers to cloud providers (AWS, GCP, etc.), whereby the Cloud provider cannot see what software you are running. Even if the government commanded them to do so. That's how I understand it, informally.

The formalisms of "indistinguishability" in the blog posts are indeed weird.

Some security proofs argue that an attacker cannot distinguish between some plaintext and a string of NUL bytes of the same length being encrypted just by observing ciphertexts. That seems to be what Vitalik is, vaguely, gesturing towards?

(I'm not affiliated with the author or any of their numerous projects, so take my remarks with an appropriate dose of salt.)

trollbridgeJul 1, 2026
Thanks for this explanation. Wish he’d had it at the top of his post.
Ar-CurunirJul 1, 2026
The formalisms are not an invention of the blog post, just the formal definition of iO
killerstormJul 1, 2026
It's a formalism use to analyze security properties, it's not how it is used in practice.

The practical goal is to hide a secret key inside a program, so e.g. implement an algorithm which might involve decryption and signing a message without giving external parties ability to decrypt messages.

The connection between indistinguishable obfuscation formalism and "can't extract secret key" property is not obvious. Here's a quote from a paper which Vitalik linked:

> it is not immediately clear how useful indistinguishability obfuscators would be. Perhaps the strongest philosophical justification for indistinguishability obfuscators comes from the work of Goldwasser and Rothblum, who showed that (efficiently computable) indistinguishability obfuscators achieve the notion of Best-Possible Obfuscation : Informally, a best-possible obfuscator guarantees that its output hides as much about the input circuit as any circuit of a certain size

binyuJul 1, 2026
I think that Vitalik is collapsing a lot of dense math and cryptography onto a more understable language aimed at the blockchain developers/community.

In a sense, Vitalik is "recruiting" with this post, his goal being lower the barrier of entry to this discipline.

QisionJul 1, 2026
> blockchain developers

Is there still such a thing?

vrighterJul 1, 2026
this guy seems so full of himself. Everything I read of his triggers my bullshit alarm. Stuff like claiming feasible solutions to problems that have been mathematically proven don't have any
Ar-CurunirJul 1, 2026
What? iO research is an active field in cryptography