Advertisement

Cryptanalysis of the New CLT Multilinear Map over the Integers

  • Jung Hee Cheon
  • Pierre-Alain Fouque
  • Changmin Lee
  • Brice Minaud
  • Hansol Ryu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9665)

Abstract

Multilinear maps serve as a basis for a wide range of cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi in 2013, and soon afterwards, another construction was suggested by Coron, Lepoint, and Tibouchi (CLT13), which works over the integers. However, both of these were found to be insecure in the face of so-called zeroizing attacks, by Hu and Jia, and by Cheon, Han, Lee, Ryu and Stehlé. To improve on CLT13, Coron, Lepoint, and Tibouchi proposed another candidate construction of multilinear maps over the integers at Crypto 2015 (CLT15).

This article presents two polynomial attacks on the CLT15 multilinear map, which share ideas similar to the cryptanalysis of CLT13. Our attacks allow recovery of all secret parameters in time polynomial in the security parameter, and lead to a full break of the CLT15 multilinear map for virtually all applications.

Keywords

Multilinear maps Graded encoding schemes 

Notes

Acknowledgement

We would like to thank Damien Stehlé and the authors of CLT13 and CLT15 Jean-Sébastien Coron, Tancrède Lepoint, and Mehdi Tibouchi for fruitful discussions and remarks. The authors of the Seoul National University, Jung Hee Cheon, Changmin Lee, and Hansol Ryu, were supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No. 2014R1A2A1A11050917).

References

  1. [BF01]
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. [BS03]
    Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemp. Math. 324(1), 71–90 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  3. [CGH+15]
    Coron, J.-S., Gentry, C., Halevi, S., Lepoint, T., Maji, H.K., Miles, E., Raykova, M., Sahai, A., Tibouchi, M.: Zeroizing without low-level zeroes: new attacks on multilinear maps and their limitations. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology– CRYPTO 2015. LNCS, vol. 9215, pp. 247–266. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. [CHL+15]
    Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 3–12. Springer, Heidelberg (2015)Google Scholar
  5. [CLR15]
    Cheon, J.H., Lee, C., Ryu, H.: Cryptanalysis of the new CLT multilinear maps. Cryptology ePrint Archive, Report 2015/934 (2015). http://eprint.iacr.org/
  6. [CLT13]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. [CLT15]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: New multilinear maps over the integers. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology– CRYPTO 2015. LNCS, pp. 267–286. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  8. [Cor15]
    Coron, J.-S.: Cryptanalysis of GGH15 multilinear maps. Cryptology ePrint Archive, Report 2015/1037 (2015). http://eprint.iacr.org/
  9. [DH76]
    Diffie, W., Hellman, M.E.: Multiuser cryptographic techniques. In: Proceedings of the 7–10, June 1976, National Computer Conference and Exposition, pp. 109–112. ACM (1976)Google Scholar
  10. [Dix82]
    Dixon, J.D.: Exact solution of linear equations using P-adic expansions. Nümer. Math. 40(1), 137–141 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  11. [Fur14]
    Fürer, M.: How fast can we multiply large integers on an actual computer? In: Pardo, A., Viola, A. (eds.) LATIN 2014: Theoretical Informatics. LNCS, pp. 660–670. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  12. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS), pp. 40–49. IEEE (2013)Google Scholar
  14. [GGH15]
    Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  15. [Hal15a]
    Halevi, S.: Cryptographic graded-encoding schemes: Recent developments. TCS+ online seminar (2015). https://sites.google.com/site/plustcs/past-talks/20150318shaihaleviibmtjwatson
  16. [Hal15b]
    Halevi, S.: Graded encoding, variations on a scheme. Technical report, Cryptology ePrint Archive, Report 2015/866 (2015). http://eprint.iacr.org
  17. [HJ15]
    Hu, Y., Jia, H.: Cryptanalysis of GGH map. Technical report, Cryptology ePrint Archive, Report 2015/301 (2015)Google Scholar
  18. [HSW13]
    Hohenberger, S., Sahai, A., Waters, B.: Full domain hash from (leveled) multilinear maps and identity-based aggregate signatures. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 494–512. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. [Jou00]
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, A. (ed.) Algorithmic Number Theory. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. [MF15]
    Minaud, B., Fouque, P.-A.: Cryptanalysis of the new multilinear map over the integers. Cryptology ePrint Archive, Report 2015/941 (2015). http://eprint.iacr.org
  21. [Mol08]
    Möller, N.: On Schönhage’s algorithm and subquadratic integer GCD computation. Math. Comput. 77(261), 589–607 (2008)CrossRefzbMATHGoogle Scholar
  22. [MS04]
    Mulders, T., Storjohann, A.: Certified dense linear system solving. J. Symbolic Comput. 37(4), 485–510 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  23. [Sha85]
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  24. [Sto05]
    Storjohann, A.: The shifted number system for fast linear algebra on integer matrices. J. Complex. 21(4), 609–650 (2005). Festschrift for the 70th Birthday of Arnold SchonhageMathSciNetCrossRefzbMATHGoogle Scholar
  25. [Sto09]
    Storjohann, A.: Integer matrix rank certification. In: Proceedings of the International Symposium on Symbolic and Algebraic Computation, pp. 333–340. ACM (2009)Google Scholar
  26. [VDGHV10]
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. [Zim15]
    Zimmerman, J.: How to obfuscate programs directly. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 439–467. Springer, Heidelberg (2015)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Seoul National UniversitySeoulKorea
  2. 2.Université de Rennes 1RennesFrance
  3. 3.Institut Universitaire de FranceParisFrance

Personalised recommendations