# Self-Bilinear Map on Unknown Order Groups from Indistinguishability Obfuscation and Its Applications

- 460 Downloads
- 1 Citations

## Abstract

A self-bilinear map is a bilinear map where the domain and target groups are identical. In this paper, we introduce a *self-bilinear map with auxiliary information* which is a weaker variant of a self-bilinear map, construct it based on indistinguishability obfuscation and prove that a useful hardness assumption holds with respect to our construction under the factoring assumption. From our construction, we obtain a multilinear map with interesting properties: the level of multilinearity is not bounded in the setup phase, and representations of group elements are compact, i.e., their size is independent of the level of multilinearity. This is the first construction of a multilinear map with these properties. Note, however, that to evaluate the multilinear map, auxiliary information is required. As applications of our multilinear map, we construct multiparty non-interactive key-exchange and distributed broadcast encryption schemes where the maximum number of users is not fixed in the setup phase. Besides direct applications of our self-bilinear map, we show that our technique can also be used for constructing somewhat homomorphic encryption based on indistinguishability obfuscation and the \(\varPhi \)-hiding assumption.

## Keywords

Self-bilinear map Indistinguishability obfuscation Multilinear map Factoring assumption## Notes

### Acknowledgements

We would like to thank the anonymous reviewers of CRYPTO 2014 and Algorithmica. We thank members of the study group “Shin-Akarui-Angou-Benkyou-Kai” for their helpful comments. Especially, we would like to thank Satsuya Ohata for his instructive comment on self-bilinear maps, and Takahiro Matsuda and Jacob Schuldt for their detailed proofreading. We also thank Kenny Paterson for his valuable comments. The second author was supported by a JSPS Fellowship for Young Scientists during this work.

## References

- 1.Ananth, P.V., Gupta, D., Ishai, Y., Sahai, A.: Optimizing obfuscation: avoiding Barrington’s theorem. In: ACM SIGSAC 2014, pp. 646–658 (2014)Google Scholar
- 2.Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: EUROCRYPT, pp. 221–238 (2014)Google Scholar
- 3.Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. In: CRYPTO, pp. 1–18 (2001)Google Scholar
- 4.Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: ACM CCS’12, pp. 784–796 (2012)Google Scholar
- 5.Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
- 6.Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput.
**15**(2), 364–383 (1986)MathSciNetCrossRefzbMATHGoogle Scholar - 7.Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: EUROCRYPT, pp. 223–238 (2004)Google Scholar
- 8.Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: CRYPTO, pp. 213–229 (2001)Google Scholar
- 9.Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemp. Math.
**324**, 71–90 (2002)MathSciNetCrossRefzbMATHGoogle Scholar - 10.Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: CRYPTO (2014)Google Scholar
- 11.Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: TCC, pp. 1–25 (2014)Google Scholar
- 12.Cheon, J.H., Fouque, P.-A., Lee, C., Minaud, B., Ryu, H.: Cryptanalysis of the new CLT multilinear map over the integers. In: EUROCRYPT 2016 Part I, pp. 509–536 (2016)Google Scholar
- 13.Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: EUROCRYPT 2015 Part I, pp. 3–12 (2015)Google Scholar
- 14.Cheon, J.H., Lee, D.H.: A note on self-bilinear maps. Bull. Korean Math. Soc.
**46**(2), 303–309 (2009)MathSciNetCrossRefzbMATHGoogle Scholar - 15.Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Cryptanalysis of GGH15 multilinear maps. In: CRYPTO 2016 Part II, pp. 607–628 (2016)Google Scholar
- 16.Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: CRYPTO (1), pp. 476–493 (2013)Google Scholar
- 17.Coron, J.-S., Lepoint, T., Tibouchi, M.: New multilinear maps over the integers. In: CRYPTO 2015 Part I, pp. 267–286 (2015)Google Scholar
- 18.Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory
**22**(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar - 19.Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: EUROCRYPT, pp. 1–17 (2013)Google Scholar
- 20.Garg, S., Gentry, C., Halevi, S., Raykova, M.: Two-round secure MPC from indistinguishability obfuscation. In: TCC, pp. 74–94 (2014)Google Scholar
- 21.Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49 (2013)Google Scholar
- 22.Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: CRYPTO (2), pp. 479–499 (2013)Google Scholar
- 23.Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: STOC, pp. 467–476 (2013)Google Scholar
- 24.Garg, S., Miles, E., Mukherjee, P., Sahai, A., Srinivasan, A., Zhandry, M.: Secure obfuscation in a weak multilinear map model. Cryptology ePrint Archive, Report 2016/817. http://eprint.iacr.org/2016/817 (2016)
- 25.Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: TCC 2015 Part II, pp. 498–527 (2015)Google Scholar
- 26.Gentry, C., Lewko, A.B., Sahai, A., Waters, B.: Indistinguishability obfuscation from the multilinear subgroup elimination assumption. In: FOCS 2015, pp. 151–170 (2015)Google Scholar
- 27.Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: STOC, pp. 25–32 (1989)Google Scholar
- 28.Goldwasser, S., Gordon, S.D., Goyal, V., Jain, A., Katz, J., Liu, F.-H., Sahai, A., Shi, E., Zhou, H.-S.: Multi-input functional encryption. In: Eurocrypt (2014)Google Scholar
- 29.Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC, pp. 545–554 (2013)Google Scholar
- 30.Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conference on Computer and Communications Security, pp. 89–98 (2006)Google Scholar
- 31.Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: EUROCRYPT, pp. 339–358 (2006)Google Scholar
- 32.Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: EUROCRYPT, pp. 415–432 (2008)Google Scholar
- 33.Hofheinz, D.: Fully secure constrained pseudorandom functions using random oracles. Cryptology ePrint Archive, Report 2014/372. http://eprint.iacr.org/ (2014)
- 34.Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: CRYPTO, pp. 637–653 (2009)Google Scholar
- 35.Hohenberger, S., Sahai, A., Waters, B.: Replacing a random oracle: full domain hash from indistinguishability obfuscation. In: Eurocrypt (2014)Google Scholar
- 36.Hu, Y., Jia, H.: Cryptanalysis of GGH map. In: EUROCRYPT 2016 Part I, pp. 537–565 (2016)Google Scholar
- 37.Joux, A.: A one round protocol for tripartite Diffie–Hellman. In: ANTS, pp. 385–394 (2000)Google Scholar
- 38.Khurana, D., Rao, V., Sahai, A.: Multi-party key exchange for unbounded parties from indistinguishability obfuscation. In: ASIACRYPT 2015 I, pp. 52–75 (2015)Google Scholar
- 39.Kiltz, E., O’Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext attack. In: CRYPTO, pp. 295–313 (2010)Google Scholar
- 40.Mei, Q., Li, B., Lu, X., Jia, D.: Chosen ciphertext secure encryption under factoring assumption revisited. In: Public Key Cryptography, pp. 210–227 (2011)Google Scholar
- 41.Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory
**39**(5), 1639–1646 (1993)MathSciNetCrossRefzbMATHGoogle Scholar - 42.Pandey, O., Prabhakaran, M., Sahai, A.: Obfuscation-based non-black-box simulation and four message concurrent zero knowledge for NP. In: TCC 2015 Part II, pp. 638–667 (2015)Google Scholar
- 43.Pass, R., Seth, K., Telang, S.: Indistinguishability obfuscation from semantically-secure multilinear encodings. In: CRYPTO 2014 Part I, pp. 500–517 (2014)Google Scholar
- 44.Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: EUROCRYPT, pp. 457–473 (2005)Google Scholar
- 45.Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: STOC (2014)Google Scholar
- 46.Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing (in Japanese). In: SCIS (2000)Google Scholar
- 47.Seurin, Y.: New constructions and applications of trapdoor DDH groups. In: Public Key Cryptography, pp. 443–460 (2013)Google Scholar
- 48.Waters, B.: Efficient identity-based encryption without random oracles. In: EUROCRYPT, pp. 114–127 (2005)Google Scholar