Cryptanalyses of Candidate Branching Program Obfuscators

We describe new cryptanalytic attacks on the candidate branching program obfuscator proposed by Garg, Gentry, Halevi, Raykova, Sahai and Waters (GGHRSW) using the GGH13 graded encoding, and its variant using the GGH15 graded encoding as specified by Gentry, Gorbunov and Halevi. All our attacks require very specific structure of the branching programs being obfuscated, which in particular must have some input-partitioning property. Common to all our attacks are techniques to extract information about the “multiplicative bundling” scalars that are used in the GGHRSW construction.

[1]  Joe Zimmerman,et al.  How to Obfuscate Programs Directly , 2015, EUROCRYPT.

[2]  J. Cheon,et al.  An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero , 2016, LMS J. Comput. Math..

[3]  Yuval Ishai,et al.  Optimizing Obfuscation: Avoiding Barrington's Theorem , 2014, CCS.

[4]  Vinod Vaikuntanathan,et al.  Indistinguishability Obfuscation from DDH-Like Assumptions on Constant-Degree Graded Encodings , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[5]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[6]  Nico Döttling,et al.  Cryptanalysis of Indistinguishability Obfuscations of Circuits over GGH13 , 2016, ICALP.

[7]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[8]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2018, J. ACM.

[9]  Allison Bishop,et al.  Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[10]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[11]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[12]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[13]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[14]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[15]  Zvika Brakerski,et al.  Obfuscating Circuits via Composite-Order Graded Encoding , 2015, TCC.

[16]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[17]  David A. Mix Barrington,et al.  Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1986, STOC '86.

[18]  Claus Fieker,et al.  Subexponential class group and unit group computation in large degree number fields , 2014, LMS J. Comput. Math..

[19]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[20]  Eric Miles,et al.  Secure Obfuscation in a Weak Multilinear Map Model , 2016, TCC.

[21]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[22]  Brice Minaud,et al.  Cryptanalysis of the New CLT Multilinear Map over the Integers , 2016, EUROCRYPT.

[23]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[24]  Huijia Lin,et al.  Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes , 2016, EUROCRYPT.

[25]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[26]  Eric Miles,et al.  Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits , 2016, EUROCRYPT.

[27]  Arjen K. Lenstra,et al.  The number field sieve , 1990, STOC '90.

[28]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[29]  Eric Miles,et al.  Protecting obfuscation against arithmetic attacks , 2014, IACR Cryptol. ePrint Arch..

[30]  Jean-Sébastien Coron,et al.  Zeroizing Attacks on Indistinguishability Obfuscation over CLT13 , 2017, Public Key Cryptography.

[31]  Craig Gentry,et al.  Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations , 2015, CRYPTO.

[32]  Jung Hee Cheon,et al.  Cryptanalysis of the Multilinear Map over the Integers , 2014, EUROCRYPT.

[33]  Craig Gentry,et al.  Functional Encryption Without Obfuscation , 2016, TCC.

[34]  Rafael Pass,et al.  Indistinguishability Obfuscation from Semantically-Secure Multilinear Encodings , 2014, CRYPTO.

[35]  Fang Song,et al.  Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields , 2016, SODA.

[36]  Mehdi Tibouchi,et al.  Cryptanalysis of GGH15 Multilinear Maps , 2016, CRYPTO.

[37]  Shai Halevi,et al.  Graded Encoding, Variations on a Scheme , 2015, IACR Cryptol. ePrint Arch..

[38]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[39]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[40]  Sanjam Garg,et al.  Obfuscation without the Vulnerabilities of Multilinear Maps , 2016, IACR Cryptol. ePrint Arch..