Advertisement

Security Analysis of Multilinear Maps over the Integers

  • Hyung Tae Lee
  • Jae Hong Seo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8616)

Abstract

At Crypto 2013, Coron, Lepoint, and Tibouchi (CLT) proposed a practical Graded Encoding Scheme (GES) over the integers, which has very similar cryptographic features to ideal multilinear maps. In fact, the scheme of Coron et al. is the second proposal of a secure GES, and has advantages over the first scheme of Garg, Gentry, and Halevi (GGH). For example, unlike the GGH construction, the subgroup decision assumption holds in the CLT construction. Immediately following the elegant innovations of the GES, numerous GES-based cryptographic applications were proposed. Although these applications rely on the security of the underlying GES, the security of the GES has not been analyzed in detail, aside from the original papers produced by Garg et al. and Coron et al.

We present an attack algorithm against the system parameters of the CLT GES. The proposed algorithm’s complexity \(\tilde{\mathcal{O}}(2^{\rho/2})\) is exponentially smaller than \(\tilde{\mathcal{O}}(2^{\rho})\) of the previous best attack of Coron et al., where ρ is a function of the security parameter. Furthermore, we identify a flaw in the generation of the zero-testing parameter of the CLT GES, which drastically reduces the running time of the proposed algorithm. The experimental results demonstrate the practicality of our attack.

Keywords

Clock Cycle Security Analysis Security Parameter Full Version Homomorphic Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    GMP: The GNU multiple precision arithmetic library ver. 5.1.3 (2013), http://gmplib.org
  2. 2.
    Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemporary Mathematics 324(1), 71–90 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bostan, A., Schost, É.: On the complexities of multipoint evaluation and interpolation. Theoretical Computer Sciences 329(1-3), 223–235 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bostan, A., Schost, É.: Polynomial evaluation and interpolation on special sets of points. Journal of Complexity 21(4), 420–446 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Brakerski, Z., Rothblum, G.N.: Obfuscating conjunctions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 416–434. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 1–25. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    Chen, Y., Nguyen, P.Q.: Faster algorithms for approximate common divisors: Breaking fully-homomorphic-encryption challenges over the integers. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 502–519. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Cheon, J.H., Coron, J.-S., Kim, J., Lee, M.S., Lepoint, T., Tibouchi, M., Yun, A.: Batch fully homomorphic encryption over the integers. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 315–335. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Coron, J.-S., Joux, A., Mandal, A., Naccache, D., Tibouchi, M.: Cryptanalysis of the RSA subgroup assumption from TCC 2005. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 147–155. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers (2013), http://eprint.iacr.org/2013/183 (Full version of [10])
  12. 12.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Batch fully homomorphic encryption over the integers (2013), http://eprint.iacr.org/2013/036 (Full version of the second part of [8])
  13. 13.
    Coron, J.-S., Mandal, A., Naccache, D., Tibouchi, M.: Fully homomorphic encryption over the integers with shorter public keys. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 487–504. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Coron, J.-S., Naccache, D., Tibouchi, M.: Public key compression and modulus switching for fully homomorphic encryption over the integers. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 446–464. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Fiduccia, A.M.: Polynomial evaluation via the division algorithm: the fast Fourier transform revisited. In: STOC 1972, pp. 88–93 (1972)Google Scholar
  16. 16.
    Fouque, P.-A., Tibouchi, M., Zapalowicz, J.-C.: Recovering private keys generated with weak PRNGs. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 158–172. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  17. 17.
    Freire, E.S.V., Hofheinz, D., Paterson, K.G., Striecks, C.: Programmable hash functions in the multilinear setting. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 513–530. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  18. 18.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. 19.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS 2013, pp. 40–49. IEEE Computer Society (2013)Google Scholar
  20. 20.
    Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 479–499. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  21. 21.
    Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: STOC 2013, pp. 467–476. ACM (2013)Google Scholar
  22. 22.
    Hohenberger, S., Sahai, A., Waters, B.: Full domain hash from (leveled) multilinear maps and identity-based aggregate signatures. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 494–512. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  23. 23.
    Howgrave-Graham, N.: Approximate integer common divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 51–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: More efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  25. 25.
    Lee, H.T., Seo, J.H.: Security analysis of multilinear maps over the integers. IACR Cryptology ePrint Archive (2014), http://eprint.iacr.org
  26. 26.
    Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  27. 27.
    Mateer, T.: Fast Fourier transform algorithms with applications. PhD thesis, Clemson University (2008)Google Scholar
  28. 28.
    Seo, J.H.: Faster algorithms for variants of approximate common divisors problem: Application to multilinear maps over the integers. In: Memoirs of the 7th Cryptology Paper Contest, arranged by Korea government organization (2013)Google Scholar
  29. 29.
    Shoup, V.: NTL: A library for doing number theory ver. 6.0.0 (2013), http://www.shoup.net/ntl/
  30. 30.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    von zur Gathen, J., Gerhard, J.: Modern computer algebra, 2nd edn. Cambridge University Press (2003)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Hyung Tae Lee
    • 1
  • Jae Hong Seo
    • 2
  1. 1.Division of Mathematical Sciences, School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore
  2. 2.Myongji UniversityKorea

Personalised recommendations