Advertisement

Cryptanalysis of the Multilinear Map over the Integers

  • Jung Hee Cheon
  • Kyoohyung Han
  • Changmin Lee
  • Hansol Ryu
  • Damien Stehlé
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9056)

Abstract

We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break generalizations of the Decision Linear and Subgroup Membership problems from pairing-based cryptography. For CLT, this leads to a total break: all quantities meant to be kept secret can be efficiently and publicly recovered.

Keywords

Multilinear maps Graded encoding schemes 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ABP14]
    Abdalla, M., Benhamouda, F., Pointcheval, D.: Disjunctions for hash proof systems: New constructions and applications. IACR Cryptology ePrint Archive 2014, 483 (2014)Google Scholar
  2. [Att14]
    Attrapadung, N.: Fully secure and succinct attribute based encryption for circuits from multi-linear maps. IACR Cryptology ePrint Archive 2014, 772 (2014)Google Scholar
  3. [BBS04]
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  4. [BGN05]
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  5. [BLMR13]
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  6. [BP13]
    Benhamouda, F., Pointcheval, D.: Verifier-based password-authenticated key exchange: New models and constructions. IACR Cryptology ePrint Archive 2013, 833 (2013)Google Scholar
  7. [BR13]
    Brakerski, Z., Rothblum, G.N.: Obfuscating conjunctions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 416–434. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  8. [BS02]
    Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemporary Mathematics 324, 71–90 (2002)CrossRefMathSciNetGoogle Scholar
  9. [BWZ14]
    Boneh, D., Wu, D.J., Zimmerman, J.: Immunizing multilinear maps against zeroizing attacks. IACR Cryptology ePrint Archive 2014, 930 (2014)Google Scholar
  10. [CLT13]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  11. [CLT14a]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Cryptanalysis of two candidate fixes of multilinear maps over the integers. IACR Cryptology ePrint Archive 2014, 975 (2014)Google Scholar
  12. [CLT14b]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Personal communication (2014)Google Scholar
  13. [DGHV10]
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  14. [Gen09]
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of STOC, pp. 169–178. ACM (2009)Google Scholar
  15. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  16. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proceedings of FOCS, pp. 40–49. IEEE Computer Society Press (2013)Google Scholar
  17. [GGH14]
    Gentry, C., Gorbunov, S., Halevi, S.: Graded multilinear maps from lattices. IACR Cryptology ePrint Archive 2014, 645 (2014)Google Scholar
  18. [GGHZ14a]
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Fully secure attribute based encryption from multilinear maps. Cryptology ePrint Archive, Report 2014/622 (2014)Google Scholar
  19. [GGHZ14b]
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Fully secure functional encryption without obfuscation. Cryptology ePrint Archive, Report 2014/666 (2014)Google Scholar
  20. [GHMS14]
    Gentry, C., Halevi, S., Maji, H.K., Sahai, A.: Zeroizing without zeroes: Cryptanalyzing multilinear maps without encodings of zero. IACR Cryptology ePrint Archive 2014, 929 (2014)Google Scholar
  21. [GLSW14]
    Gentry, C., Lewko, A.B., Sahai, A., Waters, B.: Indistinguishability obfuscation from the multilinear subgroup elimination assumption. IACR Cryptology ePrint Archive 2014, 309 (2014)Google Scholar
  22. [GLW14]
    Gentry, C., Lewko, A., Waters, B.: Witness encryption from instance independent assumptions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 426–443. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  23. [LMR14]
    Lewi, K., Montgomery, H., Raghunathan, A.: Improved constructions of PRFs secure against related-key attacks. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 44–61. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  24. [LS14]
    Lee, H.T., Seo, J.H.: Security analysis of multilinear maps over the integers. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 224–240. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  25. [Sco02]
    Scott, M.: Authenticated ID-based key exchange and remote log-in with simple token and PIN number. IACR Cryptology ePrint Archive 2002, 164 (2002)Google Scholar
  26. [Sto09]
    Storjohann, A.: Integer matrix rank certification. In: Proceedings of ISSAC, pp. 333–340. ACM (2009)Google Scholar
  27. [Zha14]
    Zhandry, M.: Adaptively secure broadcast encryption with small system parameters. IACR Cryptology ePrint Archive 2014, 757 (2014)Google Scholar
  28. [Zim14]
    Zimmerman, J.: How to obfuscate programs directly. IACR Cryptology ePrint Archive 2014, 776 (2014)Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Jung Hee Cheon
    • 1
  • Kyoohyung Han
    • 1
  • Changmin Lee
    • 1
  • Hansol Ryu
    • 1
  • Damien Stehlé
    • 2
  1. 1.Seoul National University (SNU)SeoulRepublic of Korea
  2. 2.ENS de Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL)LyonFrance

Personalised recommendations