Advertisement

Cryptanalysis of GGH15 Multilinear Maps

  • Jean-Sébastien CoronEmail author
  • Moon Sung Lee
  • Tancrède Lepoint
  • Mehdi Tibouchi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9815)

Abstract

We describe a cryptanalysis of the GGH15 multilinear maps. Our attack breaks the multipartite key-agreement protocol in polynomial time by generating an equivalent user private key; it also applies to GGH15 with safeguards. We also describe attacks against variants of the GGH13 multilinear maps proposed by Halevi (ePrint 2015/866) aiming at supporting graph-induced constraints, as in GGH15.

Keywords

Multilinear Maps Encoding Mask Secret Exponent Column Vector Notation Public Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This work has been supported in part by the European Union’s H2020 Programme under grant agreement number ICT-644209.

References

  1. [BGH+15]
    Brakerski, Z., Gentry, C., Halevi, S., Lepoint, T., Sahai, A., Tibouchi, M.: Cryptanalysis of the quadratic zero-testing of GGH. Cryptology ePrint Archive, Report 2015/845 (2015). https://eprint.iacr.org/2015/845
  2. [BS02]
    Boneh, D.: Silverberg, Alice: Applications of multilinear forms to cryptography. Contemp. Math. 324, 71–90 (2002)MathSciNetCrossRefGoogle Scholar
  3. [CFL+16]
    Cheon, J.H., Fouque, P.-A., Lee, C., Minaud, B., Ryu, H.: Cryptanalysis of the new CLT multilinear map over the integers. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 509–536. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_20 CrossRefGoogle Scholar
  4. [CGH+15]
    Coron, J.-S., Gentry, C., Halevi, S., Lepoint, T., Maji, H.K., Miles, E., Raykova, M., Sahai, A., Tibouchi, M.: Zeroizing without low-level zeroes: new MMAP attacks and their limitations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 247–266. Springer, Heidelberg (2015)Google Scholar
  5. [CHL+15]
    Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 3–12. Springer, Heidelberg (2015)Google Scholar
  6. [CLLT15]
    Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Cryptanalysis of GGH15 multilinear maps. Cryptology ePrint Archive, Report 2015/1037 (2015). http://eprint.iacr.org/
  7. [CLT13]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  8. [CLT15]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: New multilinear maps over the integers. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 267–286. Springer, Heidelberg (2015)Google Scholar
  9. [Dev16]
    The Sage Developers. Sage Mathematics Software (Version 7.0) (2016). http://www.sagemath.org
  10. [DH76]
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  11. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Reingold, O. (ed.) FOCS 2013, pp. 40–49. IEEE Computer Society, USA (2013)Google Scholar
  13. [GGH15]
    Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  14. [GSW13]
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. [Hal15]
    Halevi, S.: Graded encoding, variations on a scheme. Cryptology ePrint Archive, Report 2015/866 (2015). https://eprint.iacr.org/2015/866
  16. [HJ16]
    Hu, Y., Jia, H.: Cryptanalysis of GGH Map. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 537–565. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_21 CrossRefGoogle Scholar
  17. [Jou00]
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)Google Scholar
  18. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Simon, J. (ed.) STOC 1988, pp. 20–31. ACM (1988)Google Scholar
  19. [MP12]
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. [MSZ16]
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. Cryptology ePrint Archive, Report 2016/147 (2016). https://eprint.iacr.org/2016/147
  21. [PS15]
    Pellet-Mary, A., Damien Stehlé, D.: Cryptanalysis of Gu’s ideal multilinear map. Cryptology ePrint Archive, Report 2015/759 (2015). https://eprint.iacr.org/2015/759
  22. [Rud08]
    Rudelson, M.: Invertibility of random matrices: norm of the inverse. Ann. Math. 168(2), 575–600 (2008)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
    Email author
  • Moon Sung Lee
    • 1
  • Tancrède Lepoint
    • 2
  • Mehdi Tibouchi
    • 3
  1. 1.University of LuxembourgLuxembourg CityLuxembourg
  2. 2.CryptoExpertsParisFrance
  3. 3.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations