I want to design a scheme, where there is a circuit C0 which is obscured by an indistinguishability obfuscation (IO). In C0, a master key of a functional encryption (FE) is hardwired. Given an input z to C0, it outputs a secret key using the key generation algorithm of FE. C0 is as follows:
C0(z)
{ hardwired: msk
output sk = FE.KeyGen(msk, z)
}
Then, C' = IO(C0) is given to the user. With C', the user can generate the secret key by himself.
However, I do not know how to prove the security. By the simulation-based secuirty, FE.KeyGen is replaced with the corresponding algorithm S.KeyGen of simulator to obtain a new circuit C1:
C1(z)
{ hardwired: st
output sk = S.KeyGen(st, z)
}
where C' = IO(C1).
However, since FE.KeyGen and S.KeyGen are both probabilistic, it seems hard to ensure C0(z) = C1(z) for all z.
How to prove the security? or probabilistic indistinguishability obfuscation (pIO) should be used?
