GGHLite: More Efficient Multilinear Maps from Ideal Lattices

The GGH Graded Encoding Scheme[9], based on ideal lattices, is the first plausible approximation to a cryptographic multilinear map. Unfortunately, using the security analysis in[9], the scheme requires very large parameters to provide security for its underlying “encoding re-randomization” process. Our main contributions are to formalize, simplify and improve the efficiency and the security analysis of the re-randomization process in the GGH construction. This results in a new construction that we call GGHLite. In particular, we first lower the size of a standard deviation parameter of the re-randomization process of[9] from exponential to polynomial in the security parameter. This first improvement is obtained via a finer security analysis of the “drowning” step of re-randomization, in which we apply the Renyi divergence instead of the conventional statistical distance as a measure of distance between distributions. Our second improvement is to reduce the number of randomizers needed from Ω(n logn) to 2, where n is the dimension of the underlying ideal lattices. These two contributions allow us to decrease the bit size of the public parameters from O(λ 5 logλ) for the GGH scheme to O(λlog2 λ) in GGHLite, with respect to the security parameter λ (for a constant multilinearity parameter κ).

[1]  Peter Harremoës,et al.  Rényi Divergence and Kullback-Leibler Divergence , 2012, IEEE Transactions on Information Theory.

[2]  Abhishek Banerjee,et al.  Pseudorandom Functions and Lattices , 2012, EUROCRYPT.

[3]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[4]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[5]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[6]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[7]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[8]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[9]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[10]  Ron Steinfeld,et al.  Making NTRU as Secure as Worst-Case Problems over Ideal Lattices , 2011, EUROCRYPT.

[11]  Jacques Stern,et al.  Merkle-Hellman Revisited: A Cryptanalysis of the Qu-Vanstone Cryptosystem Based on Group Factorizations , 1997, CRYPTO.

[12]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[13]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[14]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[15]  Ron Steinfeld,et al.  Making NTRUEncrypt and NTRUSign as Secure as Standard Worst-Case Problems over Ideal Lattices , 2013, IACR Cryptol. ePrint Arch..

[16]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[17]  Craig Gentry,et al.  Discrete Gaussian Leftover Hash Lemma over Infinite Domains , 2013, ASIACRYPT.

[18]  Ron Rothblum,et al.  On the Circular Security of Bit-Encryption , 2013, TCC.

[19]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[20]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[21]  Divesh Aggarwal,et al.  A Note on Discrete Gaussian Combinations of Lattice Vectors , 2016, Chic. J. Theor. Comput. Sci..

[22]  Chris Peikert,et al.  Circular and KDM Security for Identity-Based Encryption , 2012, Public Key Cryptography.

[23]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[24]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[25]  Roberto Tamassia,et al.  Optimal Authenticated Data Structures with Multilinear Forms , 2010, Pairing.

[26]  Markus Rückert,et al.  Aggregate and Verifiably Encrypted Signatures from Multilinear Maps Without Random Oracles , 2009, IACR Cryptol. ePrint Arch..

[27]  G. Crooks On Measures of Entropy and Information , 2015 .