Cryptanalysis of GGH15 Multilinear Maps

  • Jean-Sébastien Coron
  • Moon Sung Lee
  • Tancrède Lepoint
  • Mehdi Tibouchi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9815)

Abstract

We describe a cryptanalysis of the GGH15 multilinear maps. Our attack breaks the multipartite key-agreement protocol in polynomial time by generating an equivalent user private key; it also applies to GGH15 with safeguards. We also describe attacks against variants of the GGH13 multilinear maps proposed by Halevi (ePrint 2015/866) aiming at supporting graph-induced constraints, as in GGH15.

References

  1. [BGH+15]
    Brakerski, Z., Gentry, C., Halevi, S., Lepoint, T., Sahai, A., Tibouchi, M.: Cryptanalysis of the quadratic zero-testing of GGH. Cryptology ePrint Archive, Report 2015/845 (2015). https://eprint.iacr.org/2015/845
  2. [BS02]
    Boneh, D.: Silverberg, Alice: Applications of multilinear forms to cryptography. Contemp. Math. 324, 71–90 (2002)MathSciNetCrossRefGoogle Scholar
  3. [CFL+16]
    Cheon, J.H., Fouque, P.-A., Lee, C., Minaud, B., Ryu, H.: Cryptanalysis of the new CLT multilinear map over the integers. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 509–536. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_20 CrossRefGoogle Scholar
  4. [CGH+15]
    Coron, J.-S., Gentry, C., Halevi, S., Lepoint, T., Maji, H.K., Miles, E., Raykova, M., Sahai, A., Tibouchi, M.: Zeroizing without low-level zeroes: new MMAP attacks and their limitations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 247–266. Springer, Heidelberg (2015)Google Scholar
  5. [CHL+15]
    Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 3–12. Springer, Heidelberg (2015)Google Scholar
  6. [CLLT15]
    Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Cryptanalysis of GGH15 multilinear maps. Cryptology ePrint Archive, Report 2015/1037 (2015). http://eprint.iacr.org/
  7. [CLT13]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  8. [CLT15]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: New multilinear maps over the integers. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 267–286. Springer, Heidelberg (2015)Google Scholar
  9. [Dev16]
    The Sage Developers. Sage Mathematics Software (Version 7.0) (2016). http://www.sagemath.org
  10. [DH76]
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  11. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Reingold, O. (ed.) FOCS 2013, pp. 40–49. IEEE Computer Society, USA (2013)Google Scholar
  13. [GGH15]
    Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  14. [GSW13]
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. [Hal15]
    Halevi, S.: Graded encoding, variations on a scheme. Cryptology ePrint Archive, Report 2015/866 (2015). https://eprint.iacr.org/2015/866
  16. [HJ16]
    Hu, Y., Jia, H.: Cryptanalysis of GGH Map. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 537–565. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_21 CrossRefGoogle Scholar
  17. [Jou00]
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)Google Scholar
  18. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Simon, J. (ed.) STOC 1988, pp. 20–31. ACM (1988)Google Scholar
  19. [MP12]
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. [MSZ16]
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. Cryptology ePrint Archive, Report 2016/147 (2016). https://eprint.iacr.org/2016/147
  21. [PS15]
    Pellet-Mary, A., Damien Stehlé, D.: Cryptanalysis of Gu’s ideal multilinear map. Cryptology ePrint Archive, Report 2015/759 (2015). https://eprint.iacr.org/2015/759
  22. [Rud08]
    Rudelson, M.: Invertibility of random matrices: norm of the inverse. Ann. Math. 168(2), 575–600 (2008)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
  • Moon Sung Lee
    • 1
  • Tancrède Lepoint
    • 2
  • Mehdi Tibouchi
    • 3
  1. 1.University of LuxembourgLuxembourg CityLuxembourg
  2. 2.CryptoExpertsParisFrance
  3. 3.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations