Notes on GGH13 Without the Presence of Ideals

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10655)

Abstract

We investigate the merits of altering the Garg, Gentry and Halevi (GGH13) graded encoding scheme to remove the presence of the ideal \(\langle g \rangle \). In particular, we show that we can alter the form of encodings so that effectively a new \(g_i\) is used for each source group \({\mathbb {G}}_i\), while retaining correctness. This would appear to prevent all known attacks on IO candidates instantiated using GGH13. However, when analysing security in a simplified branching program model, we present an IO distinguishing attack that does not use \(\langle g \rangle \). This result opens a counterpoint with the work of Halevi (EPRINT 2015) which stated that the core computational hardness problem underpinning GGH13 is computing a basis of this ideal. Our attempts seem to suggest that there is a structural vulnerability in the way that GGH13 encodings are constructed that lies deeper than the presence of \(\langle g \rangle \). Tangentially, we observe that our attack is prevented when considering all the added machinery of IO candidates.

References

  1. [ABD16]
    Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched NTRU assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 153–178. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_6 CrossRefGoogle Scholar
  2. [ADGM16]
    Apon, D., Döttling, N., Garg, S., Mukherjee, P.: Cryptanalysis of indistinguishability obfuscations of circuits over GGH13. Cryptology ePrint Archive, Report 2016/1003 (2016). http://eprint.iacr.org/2016/1003
  3. [AGIS14]
    Ananth, P.V., Gupta, D., Ishai, Y., Sahai, A.: Optimizing obfuscation: avoiding Barrington’s theorem. In: Ahn, G.-J., Yung, M., Li, N. (eds.), ACM CCS 2014, pp. 646–658. ACM Press, November 2014Google Scholar
  4. [Bar89]
    Barrington, D.A.M.: Bounded-width polynomial-size branching programs recognize exactly those languages in nc\({^1}\). J. Comput. Syst. Sci. 38(1), 150–164 (1989)MathSciNetCrossRefMATHGoogle Scholar
  5. [BGK+14]
    Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 221–238. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_13 CrossRefGoogle Scholar
  6. [BLR+15]
    Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., Zimmerman, J.: Semantically secure order-revealing encryption: multi-input functional encryption without obfuscation. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 563–594. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_19 Google Scholar
  7. [BMSZ15]
    Badrinarayanan, S., Miles, E., Sahai, A., Zhandry, M.: Post-zeroizing obfuscation: the case of evasive circuits. Cryptology ePrint Archive, Report 2015/167 (2015). http://eprint.iacr.org/2015/167
  8. [BS83]
    Baur, W., Strassen, V.: The complexity of partial derivatives. Theor. Comput. Sci. 22, 317–330 (1983)MathSciNetCrossRefMATHGoogle Scholar
  9. [BWZ14]
    Boneh, D., Waters, B., Zhandry, M.: Low overhead broadcast encryption from multilinear maps. In: Garay and Gennaro [GG14], pp. 206–223Google Scholar
  10. [CGH17]
    Chen, Y., Gentry, C., Halevi, S.: Cryptanalyses of candidate branching program obfuscators. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 278–307. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_10 CrossRefGoogle Scholar
  11. [CIV16]
    Castryck, W., Iliashenko, I., Vercauteren, F.: Provably weak instances of ring-LWE revisited. In: Fischlin and Coron [FC16], pp. 147–167Google Scholar
  12. [CJL16]
    Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS J. Comput. Math. 19(A), 255–266 (2016)MathSciNetCrossRefMATHGoogle Scholar
  13. [CLLT16]
    Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Cryptanalysis of GGH15 multilinear maps. In: Robshaw and Katz [RK16], pp. 607–628Google Scholar
  14. [CLLT17]
    Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Zeroizing attacks on indistinguishability obfuscation over CLT13. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10174, pp. 41–58. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54365-8_3 CrossRefGoogle Scholar
  15. [CLR15]
    Cheon, J.H., Lee, C., Ryu, H.: Cryptanalysis of the new CLT multilinear maps. Cryptology ePrint Archive, Report 2015/934 (2015). http://eprint.iacr.org/2015/934
  16. [CLT13]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_26 CrossRefGoogle Scholar
  17. [CLT14]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Cryptanalysis of two candidate fixes of multilinear maps over the integers. Cryptology ePrint Archive, Report 2014/975 (2014). http://eprint.iacr.org/2014/975
  18. [FC16]
    Fischlin, M., Coron, J.-S. (eds.): EUROCRYPT 2016, Part I. LNCS, vol. 9665. Springer, Heidelberg (2016)MATHGoogle Scholar
  19. [FRS16]
    Fernando, R., Rasmussen, P.M.R., Sahai, A.: Preventing CLT zeroizing attacks on obfuscation. Cryptology ePrint Archive, Report 2016/1070 (2016). http://eprint.iacr.org/2016/1070
  20. [GG14]
    Garay, J.A., Gennaro, R. (eds.): CRYPTO 2014, Part I. LNCS, vol. 8616. Springer, Heidelberg (2014)MATHGoogle Scholar
  21. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_1 CrossRefGoogle Scholar
  22. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th FOCS, pp. 40–49. IEEE Computer Society Press, October 2013Google Scholar
  23. [GGH+13c]
    Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 479–499. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_27 CrossRefGoogle Scholar
  24. [GGH15]
    Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_20 CrossRefGoogle Scholar
  25. [GMM+16]
    Garg, S., Miles, E., Mukherjee, P., Sahai, A., Srinivasan, A., Zhandry, M.: Secure obfuscation in a weak multilinear map model. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 241–268. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_10 CrossRefGoogle Scholar
  26. [GMS16]
    Garg, S., Mukherjee, P., Srinivasan, A.: Obfuscation without the vulnerabilities of multilinear maps. Cryptology ePrint Archive, Report 2016/390 (2016). http://eprint.iacr.org/2016/390
  27. [Hal15]
    Halevi, S.: Graded encoding, variations on a scheme. Cryptology ePrint Archive, Report 2015/866 (2015). http://eprint.iacr.org/2015/866
  28. [HJ16]
    Hu, Y., Jia, H.: Cryptanalysis of GGH map. In: Fischlin and Coron [FC16], pp. 537–565Google Scholar
  29. [Kay09]
    Kayal, N.: The complexity of the annihilating polynomial. In: Proceedings of the 24th Annual IEEE Conference on Computational Complexity, CCC 2009, Paris, France, 15–18 July 2009, pp. 184–193. IEEE Computer Society (2009)Google Scholar
  30. [KF17]
    Kirchner, P., Fouque, P.-A.: Revisiting lattice attacks on overstretched NTRU parameters. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 3–26. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_1 CrossRefGoogle Scholar
  31. [Kil88]
    Kilian, J.: Zero-knowledge with log-space verifiers. In: 29th FOCS, pp. 25–35. IEEE Computer Society Press, October 1988Google Scholar
  32. [LTV12]
    López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Karloff, H.J., Pitassi, T. (eds.), 44th ACM STOC, pp. 1219–1234. ACM Press, May 2012Google Scholar
  33. [MR04]
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. In: 45th FOCS, pp. 372–381. IEEE Computer Society Press, October 2004Google Scholar
  34. [MSW14]
    Miles, E., Sahai, A., Weiss, M.: Protecting obfuscation against arithmetic attacks. Cryptology ePrint Archive, Report 2014/878 (2014). http://eprint.iacr.org/2014/878
  35. [MSZ16a]
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. In: Robshaw and Katz [RK16], pp. 629–658Google Scholar
  36. [MSZ16b]
    Miles, E., Sahai, A., Zhandry, M.: Secure obfuscation in a weak multilinear map model: a simple construction secure against all known attacks. Cryptology ePrint Archive, Report 2016/588 (2016). http://eprint.iacr.org/2016/588
  37. [PST14]
    Pass, R., Seth, K., Telang, S.: Indistinguishability obfuscation from semantically-secure multilinear encodings. In: Garay and Gennaro [GG14], pp. 500–517Google Scholar
  38. [RK16]
    Robshaw, M., Katz, J. (eds.): CRYPTO 2016, Part II. LNCS, vol. 9815. Springer, Heidelberg (2016)MATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Royal Holloway, University of LondonEghamUK

Personalised recommendations