Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem

In this paper, we propose cryptanalyses of all existing indistinguishability obfuscation (iO) candidates based on branching programs (BP) over GGH13 multilinear map for all recommended parameter settings. To achieve this, we introduce two novel techniques, program converting using NTRU-solver and matrix zeroizing, which can be applied to a wide range of obfuscation constructions and BPs compared to previous attacks. We then prove that, for the suggested parameters, the existing general-purpose BP obfuscations over GGH13 do not have the desired security. Especially, the first candidate indistinguishability obfuscation with input-unpartitionable branching programs (FOCS 2013) and the recent BP obfuscation (TCC 2016) are not secure against our attack when they use the GGH13 with recommended parameters. Previously, there has been no known polynomial time attack for these cases.

[1]  Yuval Ishai,et al.  Optimizing Obfuscation: Avoiding Barrington's Theorem , 2014, CCS.

[2]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[3]  Zvika Brakerski,et al.  Obfuscating Circuits via Composite-Order Graded Encoding , 2015, TCC.

[4]  Pierre-Alain Fouque,et al.  Revisiting Lattice Attacks on Overstretched NTRU Parameters , 2017, EUROCRYPT.

[5]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[6]  Eric Miles,et al.  Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits , 2016, EUROCRYPT.

[7]  Eric Miles,et al.  Protecting obfuscation against arithmetic attacks , 2014, IACR Cryptol. ePrint Arch..

[8]  Jean-François Biasse,et al.  Subexponential time relations in the class group of large degree number fields , 2014, Adv. Math. Commun..

[9]  Alex J. Malozemoff,et al.  5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs , 2016, CCS.

[10]  Eric Miles,et al.  Secure Obfuscation in a Weak Multilinear Map Model , 2016, TCC.

[11]  Mark Zhandry,et al.  Obfuscating Low-Rank Matrix Branching Programs , 2014, IACR Cryptol. ePrint Arch..

[12]  Rafael Pass,et al.  Indistinguishability Obfuscation from Semantically-Secure Multilinear Encodings , 2014, CRYPTO.

[13]  Fang Song,et al.  Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields , 2016, SODA.

[14]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[15]  Nico Döttling,et al.  Cryptanalysis of Indistinguishability Obfuscations of Circuits over GGH13 , 2016, ICALP.

[16]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[17]  David A. Mix Barrington,et al.  Bounded-Width Polynomial-Size Branching Programs Recognize Exactly Those Languages in NC¹ , 1989, J. Comput. Syst. Sci..

[18]  Mark Zhandry,et al.  The MMap Strikes Back: Obfuscation and New Multilinear Maps Immune to CLT13 Zeroizing Attacks , 2018, TCC.

[19]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[20]  Craig Gentry,et al.  Cryptanalyses of Candidate Branching Program Obfuscators , 2017, EUROCRYPT.

[21]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[22]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[23]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[24]  Thomas Espitau,et al.  Computing generator in cyclotomic integer rings , 2016, IACR Cryptol. ePrint Arch..

[25]  J. Cheon,et al.  An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero , 2016, LMS J. Comput. Math..

[26]  Michael Ben-Or,et al.  Computing Algebraic Formulas Using a Constant Number of Registers , 1992, SIAM J. Comput..

[27]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[28]  Joe Zimmerman,et al.  How to Obfuscate Programs Directly , 2015, EUROCRYPT.

[29]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[30]  Jung Hee Cheon,et al.  Cryptanalysis of the Overstretched NTRU Problem for General Modulus Polynomial , 2017, IACR Cryptol. ePrint Arch..

[31]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[32]  Martin R. Albrecht,et al.  Implementing Candidate Graded Encoding Schemes from Ideal Lattices , 2015, ASIACRYPT.