Advertisement

Indistinguishability Obfuscation Without Multilinear Maps: New Methods for Bootstrapping and Instantiation

  • Shweta AgrawalEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11476)

Abstract

Constructing indistinguishability obfuscation (\(\mathsf{iO}\)) [17] is a central open question in cryptography. We provide new methods to make progress towards this goal. Our contributions may be summarized as follows:
  1. 1.

    Bootstrapping. In a recent work, Lin and Tessaro [71] (LT) show that \(\mathsf{iO}\) may be constructed using (i) Functional Encryption (\(\mathsf {FE}\)) for polynomials of degree L, (ii) Pseudorandom Generators (\(\mathsf{PRG}\)) with blockwise locality L and polynomial expansion, and (iii) Learning With Errors (\(\mathsf{LWE}\)). Since there exist constructions of \(\mathsf {FE}\) for quadratic polynomials from standard assumptions on bilinear maps [16, 68], the ideal scenario would be to set \(L=2\), yielding \(\mathsf{iO}\) from widely believed assumptions

    Unfortunately, it was shown soon after [18, 73] that \(\mathsf{PRG}\) with block locality 2 and the expansion factor required by the LT construction, concretely \(\varOmega (n \cdot 2^{b(3+\epsilon )})\), where n is the input length and b is the block length, do not exist. In the worst case, these lower bounds rule out 2-block local \(\mathsf{PRG}\) with stretch \(\varOmega (n \cdot 2^{b(2+\epsilon )})\). While [18, 73] provided strong negative evidence for constructing \(\mathsf{iO}\) based on bilinear maps, they could not rule out the possibility completely; a tantalizing gap has remained. Given the current state of lower bounds, the existence of 2 block local \(\mathsf{PRG}\) with expansion factor \(\varOmega (n \cdot 2^{b(1+\epsilon )})\) remains open, although this stretch does not suffice for the LT bootstrapping, and is hence unclear to be relevant for \(\mathsf{iO}\).

    In this work, we improve the state of affairs as follows.

    1. (a)

      Weakening requirements on Boolean PRGs: In this work, we show that the narrow window of expansion factors left open by lower bounds do suffice for \(\mathsf{iO}\). We show a new method to construct \(\mathsf {FE}\) for \(\mathsf {NC}_1\) from (i) \(\mathsf {FE}\) for degree L polynomials, (ii) \(\mathsf{PRG}\)s of block locality L and expansion factor \(\tilde{\varOmega }(n \cdot 2^{b(1+\epsilon )})\), and (iii) \(\mathsf{LWE}\) (or \(\mathsf{RLWE}\)).

       
    2. (b)
      Broadening class of sufficient randomness generators: Our bootstrapping theorem may be instantiated with a broader class of pseudorandom generators than hitherto considered for \(\mathsf{iO}\), and may circumvent lower bounds known for the arithmetic degree of \(\mathsf{iO}\)-sufficient \(\mathsf{PRG}\)s [18, 73]; in particular, these may admit instantiations with arithmetic degree 2, yielding \(\mathsf{iO}\) with the additional assumptions of \(\mathsf{SXDH}\) on Bilinear maps and \(\mathsf{LWE}\). In more detail, we may use the following two classes of \(\mathsf{PRG}\):
      1. i.

        Non-Boolean PRGs: We may use pseudorandom generators whose inputs and outputs need not be Boolean but may be integers restricted to a small (polynomial) range. Additionally, the outputs are not required to be pseudorandom but must only satisfy a milder indistinguishability property (We note that our notion of non Boolean PRGs is qualitatively similar to the notion of \(\varDelta \) RGs defined in the concurrent work of Ananth, Jain and Sahai [9]. We emphasize that the methods of [9] and the present work are very different, but both works independently discover the same notion of weak PRG as sufficient for building \(\mathsf{iO}\).).

         
      2. ii.

        Correlated Noise Generators: We introduce an even weaker class of pseudorandom generators, which we call correlated noise generators (\(\mathsf{CNG}\)) which may not only be non-Boolean but are required to satisfy an even milder (seeming) indistinguishability property than \(\varDelta \) RG.

         
       
    3. (c)

      Assumptions and Efficiency. Our bootstrapping theorems can be based on the hardness of the Learning With Errors problem or its ring variant (\(\mathsf{LWE}/ \mathsf{RLWE}\)) and can compile \(\mathsf {FE}\) for degree L polynomials directly to \(\mathsf {FE}\) for \(\mathsf {NC}_1\). Previous work compiles \(\mathsf {FE}\) for degree L polynomials to \(\mathsf {FE}\) for \(\mathsf {NC}_0\) to \(\mathsf {FE}\) for \(\mathsf {NC}_1\) to \(\mathsf{iO}\) [12, 45, 68, 72].

      Our method for bootstrapping to \(\mathsf {NC}_1\) does not go via randomized encodings as in previous works, which makes it simpler and more efficient than in previous works.

       
     
  2. 2.

    Instantiating Primitives. In this work, we provide the first direct candidate of \(\mathsf {FE}\) for constant degree polynomials from new assumptions on lattices. Our construction is new and does not go via multilinear maps or graded encoding schemes as all previous constructions. Together with the bootstrapping step above, this yields a completely new candidate for \(\mathsf{iO}\) (as well as \(\mathsf {FE}\) for \(\mathsf {NC}_1\)), which makes no use of multilinear or even bilinear maps. Our construction is based on the ring learning with errors assumption (\(\mathsf{RLWE}\)) as well as new untested assumptions on NTRU rings.

    We provide a detailed security analysis and discuss why previously known attacks in the context of multilinear maps, especially zeroizing and annihilation attacks, do not appear to apply to our setting. We caution that our construction must yet be subject to rigorous cryptanalysis by the community before confidence can be gained in its security. However, we believe that the significant departure from known multilinear map based constructions opens up a new and potentially fruitful direction to explore in the quest for \(\mathsf{iO}\).

    Our construction is based entirely on lattices, due to which one may hope for post quantum security. Note that this feature is not enjoyed by instantiations that make any use of bilinear maps even if secure instances of weak PRGs, as identified by the present work, the follow-up by Lin and Matt [69] and the independent work by Ananth, Jain and Sahai [9] are found.

     

References

  1. 1.
    Abdalla, M., Bourse, F., De Caro, A., Pointcheval, D.: Simple Functional Encryption Schemes for Inner Products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_33CrossRefGoogle Scholar
  2. 2.
    Agrawal, S.: Stronger security for reusable garbled circuits, general definitions and attacks. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 3–35. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_1CrossRefGoogle Scholar
  3. 3.
    Agrawal, S.: Indistinguishability obfuscation without multilinear maps: new methods for bootstrapping and instantiation. Cryptology ePrint Archive, Report 2018 (2018)Google Scholar
  4. 4.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_28CrossRefzbMATHGoogle Scholar
  5. 5.
    Agrawal, S., Freeman, D.M., Vaikuntanathan, V.: Functional encryption for inner product predicates from learning with errors. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 21–40. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_2CrossRefGoogle Scholar
  6. 6.
    Agrawal, S., Libert, B., Stehle, D.: Fully secure functional encryption for linear functions from standard assumptions, and applications. In: Crypto (2016)Google Scholar
  7. 7.
    Agrawal, S., Rosen, A.: Online offline functional encryption for bounded collusions. Eprint/2016 (2016)Google Scholar
  8. 8.
    Agrawal, S., Rosen, A.: Functional encryption for bounded collusions, revisited. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part I. LNCS, vol. 10677, pp. 173–205. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_7CrossRefGoogle Scholar
  9. 9.
    Ananth, P., Jain, A., Sahai, A.: Indistinguishability obfuscation without multilinear maps: iO from LWE, bilinear maps, and weak pseudorandomness. Cryptology ePrint Archive, Report 2018/615 (2018)Google Scholar
  10. 10.
    Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 308–326. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_15CrossRefGoogle Scholar
  11. 11.
    Ananth, P., Jain, A., Sahai, A.: Achieving compactness generically: indistinguishability obfuscation from non-compact functional encryption. IACR Cryptol. ePrint Arch. 2015, 730 (2015)Google Scholar
  12. 12.
    Ananth, P., Sahai, A.: Projective arithmetic functional encryption and indistinguishability obfuscation from degree-5 multilinear maps. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I. LNCS, vol. 10210, pp. 152–181. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_6CrossRefGoogle Scholar
  13. 13.
    Apon, D., Döttling, N., Garg, S., Mukherjee, P.: Cryptanalysis of indistinguishability obfuscations of circuits over ggh13. eprint 2016 (2016)Google Scholar
  14. 14.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications. Comput. Complex. 15(2), 115–162 (2006)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. In: IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, Palm Springs, 22–25 October 2011, pp. 120–129 (2011)Google Scholar
  16. 16.
    Baltico, C.E.Z., Catalano, D., Fiore, D., Gay, R.: Practical functional encryption for quadratic functions with applications to predicate encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 67–98. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_3CrossRefGoogle Scholar
  17. 17.
    Barak, B., et al.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_1CrossRefGoogle Scholar
  18. 18.
    Barak, B., Brakerski, Z., Komargodski, I., Kothari, P.K.: Limits on low-degree pseudorandom generators (or: sum-of-squares meets program obfuscation). In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 649–679. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78375-8_21CrossRefGoogle Scholar
  19. 19.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
  20. 20.
    Bitansky, N., Garg, S., Lin, H., Pass, R., Telang, S.: Succinct randomized encodings and their applications. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, 14–17 June 2015, pp. 439–448 (2015)Google Scholar
  21. 21.
    Bitansky, N., Nishimaki, R., Passelègue, A., Wichs, D.: From cryptomania to obfustopia through secret-key functional encryption. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 391–418. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53644-5_15CrossRefGoogle Scholar
  22. 22.
    Bitansky, N., Paneth, O., Wichs, D.: Perfect structure on the edge of chaos. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016, Part I. LNCS, vol. 9562, pp. 474–502. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_20CrossRefzbMATHGoogle Scholar
  23. 23.
    Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. FOCS 2015, 163 (2015). http://eprint.iacr.org/2015/163
  24. 24.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  25. 25.
    Boneh, D., et al.: Fully key-homomorphic encryption, arithmetic circuit abe and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_30CrossRefGoogle Scholar
  26. 26.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-70936-7_29CrossRefGoogle Scholar
  27. 27.
    Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006).  https://doi.org/10.1007/11818175_17CrossRefGoogle Scholar
  28. 28.
    Brakerski, Z., Tsabary, R., Vaikuntanathan, V., Wee, H.: Private constrained PRFs (and More) from LWE. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part I. LNCS, vol. 10677, pp. 264–302. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_10CrossRefGoogle Scholar
  29. 29.
    Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_29CrossRefGoogle Scholar
  30. 30.
    Canetti, R., Holmgren, J., Jain, A., Vaikuntanathan, V.: Succinct garbling and indistinguishability obfuscation for RAM programs. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, 14–17 June 2015, pp. 429–437 (2015)Google Scholar
  31. 31.
    Canetti, R., Lin, H., Tessaro, S., Vaikuntanathan, V.: Obfuscation of probabilistic circuits and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 468–497. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_19CrossRefzbMATHGoogle Scholar
  32. 32.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_27CrossRefGoogle Scholar
  33. 33.
    Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 3–12. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_1CrossRefGoogle Scholar
  34. 34.
    Cheon, J.H., Fouque, P.-A., Lee, C., Minaud, B., Ryu, H.: Cryptanalysis of the new CLT multilinear map over the integers. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 509–536. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_20CrossRefGoogle Scholar
  35. 35.
    Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low level encoding of zero. Eprint 2016/139 (2016)Google Scholar
  36. 36.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45325-3_32CrossRefGoogle Scholar
  37. 37.
    Coron, J.-S., et al.: Zeroizing without low-level zeroes: new MMAP attacks and their limitations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 247–266. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_12CrossRefGoogle Scholar
  38. 38.
    Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Zeroizing attacks on indistinguishability obfuscation over CLT13. In: Fehr, S. (ed.) PKC 2017, Part I. LNCS, vol. 10174, pp. 41–58. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54365-8_3CrossRefGoogle Scholar
  39. 39.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_26CrossRefGoogle Scholar
  40. 40.
    Cramer, R., Ducas, L., Peikert, C., Regev, O.: Recovering short generators of principal ideals in cyclotomic rings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 559–585. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_20CrossRefzbMATHGoogle Scholar
  41. 41.
    Ding, J., Yang, B.Y.: Multivariate public key cryptography. In: Bernstein D.J., Buchmann J., Dahmen E. (eds) Post-Quantum Cryptography, pp. 193–241. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-540-88702-7_6
  42. 42.
    Farshim, P., Hesse, J., Hofheinz, D., Larraia, E.: Graded encoding schemes from obfuscation. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part II. LNCS, vol. 10770, pp. 371–400. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76581-5_13CrossRefGoogle Scholar
  43. 43.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_1CrossRefGoogle Scholar
  44. 44.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_1CrossRefGoogle Scholar
  45. 45.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49 (2013). http://eprint.iacr.org/
  46. 46.
    Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 479–499. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_27CrossRefGoogle Scholar
  47. 47.
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Fully secure functional encryption without obfuscation. In: IACR Cryptology ePrint Archive. vol. 2014, p. 666 (2014). http://eprint.iacr.org/2014/666
  48. 48.
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Functional encryption without obfuscation. In: Kushilevitz, E., Malkin, T. (eds.) Theory of Cryptography (2016)Google Scholar
  49. 49.
    Garg, S., Miles, E., Mukherjee, P., Sahai, A., Srinivasan, A., Zhandry, M.: Secure obfuscation in a weak multilinear map model. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 241–268. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53644-5_10CrossRefGoogle Scholar
  50. 50.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)Google Scholar
  51. 51.
    Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_20CrossRefGoogle Scholar
  52. 52.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)Google Scholar
  53. 53.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, New York (2000)zbMATHGoogle Scholar
  54. 54.
    Goldwasser, S., Kalai, Y.T., Popa, R., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: Proceedings of STOC, pp. 555–564. ACM Press, New York (2013)Google Scholar
  55. 55.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: STOC, pp. 555–564 (2013)Google Scholar
  56. 56.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_11CrossRefGoogle Scholar
  57. 57.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute based encryption for circuits. In: STOC (2013)Google Scholar
  58. 58.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_25CrossRefGoogle Scholar
  59. 59.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conference on Computer and Communications Security, pp. 89–98 (2006)Google Scholar
  60. 60.
    Hu, Y., Jia, H.: Cryptanalysis of GGH map. Cryptology ePrint Archive: Report 2015/301 (2015)Google Scholar
  61. 61.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: FOCS (2000)Google Scholar
  62. 62.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_9CrossRefGoogle Scholar
  63. 63.
    Komargodski, I., Moran, T., Naor, M., Pass, R., Rosen, A., Yogev, E.: One-way functions and (im)perfect obfuscation. In: 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS, pp. 374–383 (2014)Google Scholar
  64. 64.
    Koppula, V., Lewko, A.B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. In: STOC, pp. 419–428 (2015)Google Scholar
  65. 65.
    Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_14CrossRefGoogle Scholar
  66. 66.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_4CrossRefGoogle Scholar
  67. 67.
    Lin, H.: Indistinguishability obfuscation from constant-degree graded encoding schemes. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 28–57. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_2CrossRefGoogle Scholar
  68. 68.
    Lin, H.: Indistinguishability obfuscation from SXDH on 5-linear maps and locality-5 PRGs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 599–629. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_20CrossRefGoogle Scholar
  69. 69.
    Lin, H., Matt, C.: Pseudo flawed-smudging generators and their application to indistinguishability obfuscation. Cryptology ePrint Archive, Report 2018/646 (2018)Google Scholar
  70. 70.
    Lin, H., Pass, R., Seth, K., Telang, S.: Output-compressing randomized encodings and applications. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016, Part I. LNCS, vol. 9562, pp. 96–124. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_5CrossRefGoogle Scholar
  71. 71.
    Lin, H., Tessaro, S.: Indistinguishability obfuscation from trilinear maps and block-wise local PRGs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 630–660. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_21CrossRefGoogle Scholar
  72. 72.
    Lin, H., Vaikuntanathan, V.: Indistinguishability obfuscation from DDH-like assumptions on constant-degree graded encodings. In: FOCS, pp. 11–20 (2016)Google Scholar
  73. 73.
    Lombardi, A., Vaikuntanathan, V.: On the non-existence of blockwise 2-local prgs with applications to indistinguishability obfuscation. In: TCC (2018)Google Scholar
  74. 74.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Barstow, D., Brauer, W., Brinch Hansen, P., Gries, D., Luckham, D., Moler, C., Pnueli, A., Seegmüller, G., Stoer, J., Wirth, N., Günther, C.G. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988).  https://doi.org/10.1007/3-540-45961-8_39CrossRefGoogle Scholar
  75. 75.
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 629–658. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_22CrossRefGoogle Scholar
  76. 76.
    Peikert, C.: A Decade of Lattice Cryptography, vol. 10, pp. 283–424, March 2016Google Scholar
  77. 77.
    Pellet-Mary, A.: Quantum attacks against indistinguishablility obfuscators proved secure in the weak multilinear map model. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 153–183. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96878-0_6CrossRefGoogle Scholar
  78. 78.
    Pellet-Mary, A.: Quantum attacks against indistinguishablility obfuscators proved secure in the weak multilinear map model. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 153–183. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96878-0_6CrossRefGoogle Scholar
  79. 79.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34 (2009). (extended abstract in STOC 2005)MathSciNetCrossRefGoogle Scholar
  80. 80.
    Sahai, A., Waters, B.: Functional encryption:beyond public key cryptography. Power Point Presentation (2008). http://userweb.cs.utexas.edu/~bwaters/presentations/files/functional.ppt
  81. 81.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  82. 82.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: Deniable encryption, and more. In: STOC, pp. 475–484 (2014). http://eprint.iacr.org/2013/454.pdf
  83. 83.
    Waters, B.: Functional encryption for regular languages. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 218–235. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_14CrossRefGoogle Scholar
  84. 84.
    Wolf, C.: Multivariate Quadratic Polynomials In Public Key Cryptography. Ph.D. thesis, katholieke universiteit leuven (2005)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.IIT MadrasChennaiIndia

Personalised recommendations