Cryptanalysis of the Multilinear Map over the Integers

We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break generalizations of the Decision Linear and Subgroup Membership problems from pairing-based cryptography. For CLT, this leads to a total break: all quantities meant to be kept secret can be efficiently and publicly recovered.

[1]  Jae Hong Seo,et al.  Security Analysis of Multilinear Maps over the Integers , 2014, IACR Cryptol. ePrint Arch..

[2]  Mark Zhandry,et al.  Adaptively Secure Broadcast Encryption with Small System Parameters , 2014, IACR Cryptol. ePrint Arch..

[3]  Joe Zimmerman,et al.  How to Obfuscate Programs Directly , 2015, EUROCRYPT.

[4]  Allison Bishop,et al.  Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[5]  David Pointcheval,et al.  Disjunctions for Hash Proof Systems: New Constructions and Applications , 2015, EUROCRYPT.

[6]  Allison Bishop,et al.  Witness Encryption from Instance Independent Assumptions , 2014, IACR Cryptol. ePrint Arch..

[7]  Craig Gentry,et al.  Fully Secure Functional Encryption without Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[8]  Dan Boneh,et al.  Immunizing Multilinear Maps Against Zeroizing Attacks , 2014, IACR Cryptol. ePrint Arch..

[9]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[10]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[11]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[12]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[13]  David Pointcheval,et al.  Verifier-Based Password-Authenticated Key Exchange: New Models and Constructions , 2013, IACR Cryptol. ePrint Arch..

[14]  Guy N. Rothblum,et al.  Obfuscating Conjunctions , 2015, Journal of Cryptology.

[15]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[16]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[17]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[18]  Kevin Lewi,et al.  Improved Constructions of PRFs Secure Against Related-Key Attacks , 2014, ACNS.

[19]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[20]  Arne Storjohann,et al.  The shifted number system for fast linear algebra on integer matrices , 2005, J. Complex..

[21]  Craig Gentry,et al.  Zeroizing without zeroes: Cryptanalyzing multilinear maps without encodings of zero , 2014, IACR Cryptol. ePrint Arch..

[22]  Nuttapong Attrapadung,et al.  Fully Secure and Succinct Attribute Based Encryption for Circuits from Multi-linear Maps , 2014, IACR Cryptol. ePrint Arch..

[23]  Jean-Sébastien Coron,et al.  Cryptanalysis of Two Candidate Fixes of Multilinear Maps over the Integers , 2014, IACR Cryptol. ePrint Arch..

[24]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[25]  Arne Storjohann,et al.  Integer matrix rank certification , 2009, ISSAC '09.

[26]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[27]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[28]  Craig Gentry,et al.  Fully Secure Attribute Based Encryption from Multilinear Maps , 2014, IACR Cryptol. ePrint Arch..