We show that the common proof technique of padding a circuit before IO obfuscation is sometimes necessary. That is, assuming indistinguishability obfuscation (IO) and one-way functions exist, we define samplers Sam_0, which outputs (aux_0, C_0), and Sam_1, which outputs (aux_1, C_1) such that:
- The distributions (aux_0, iO(C_0)) and (aux_1, iO(C_1)) are perfectly distinguishable.
- For padding s = poly(lambda)$, the distributions (aux_0, iO(C_0||0^s)) and (aux_1, iO(C_1||0^s)) are computationally indistinguishable.
We note this refutes the recent "Superfluous Padding Assumption" of Brzuska and Mittelbach.
↧