1

I know Javascript Cryptography is considered harmful because:

  1. Secure delivery of Javascript to browsers is a chicken-egg problem.
  2. Browser Javascript is hostile to cryptography.
  3. The "view-source" transparency of Javascript is illusory.
  4. Until those problems are fixed, Javascript isn't a serious crypto research environment, and suffers for it.

But would Indistinguishability Obfuscation (when implemented) conceivably solve some or all of those problems (particularly number 1)? It seems like then if browsers implemented the de-obfuscation, then delivery would work fine. It might not work fo all cases, but it might work for more cases than currently viable (essentially none).

How does iO affect this use case, (the points mentioned above and any others commonly related to the topic) if at all?

  • iO is a new topic I just ran across, and was curious how much of a silver bullet it might be... – Garrett Motzner Nov 18 '20 at 23:30
  • See https://security.stackexchange.com/questions/238441/solution-to-the-browser-crypto-chicken-and-egg-problem and https://security.stackexchange.com/questions/221738/can-protonmail-access-my-passwords-and-hence-my-secrets for some interesting reading about the browser crypto 'chicken and egg' problem, and some possible solutions. – mti2935 Nov 19 '20 at 00:21

0 Answers0