Cryptanalysis of Indistinguishability Obfuscations of Circuits over GGH13

Annihilation attacks, introduced in the work of Miles, Sahai, and Zhandry (CRYPTO 2016), are a class of polynomial-time attacks against several candidate indistinguishability obfuscation (IO) schemes, built from Garg, Gentry, and Halevi (EUROCRYPT 2013) multilinear maps. In this work, we provide a general efficiently-testable property for two single-input branching programs, called partial inequivalence, which we show is sufficient for our variant of annihilation attacks on several obfuscation constructions based on GGH13 multilinear maps. We give examples of pairs of natural NC1 circuits, which - when processed via Barrington's Theorem - yield pairs of branching programs that are partially inequivalent. As a consequence we are also able to show examples of "bootstrapping circuits,'' (albeit somewhat artificially crafted) used to obtain obfuscations for all circuits (given an obfuscator for NC1 circuits), in certain settings also yield partially inequivalent branching programs. Prior to our work, no attacks on any obfuscation constructions for these settings were known.

[1]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[2]  Mehdi Tibouchi,et al.  Cryptanalysis of GGH15 Multilinear Maps , 2016, CRYPTO.

[3]  Jean-Sébastien Coron,et al.  Zeroizing Attacks on Indistinguishability Obfuscation over CLT13 , 2017, Public Key Cryptography.

[4]  Craig Gentry,et al.  Cryptanalyses of Candidate Branching Program Obfuscators , 2017, EUROCRYPT.

[5]  Rafael Pass,et al.  Indistinguishability Obfuscation from Semantically-Secure Multilinear Encodings , 2014, CRYPTO.

[6]  Neeraj Kayal The Complexity of the Annihilating Polynomial , 2009, 2009 24th Annual IEEE Conference on Computational Complexity.

[7]  Zvika Brakerski,et al.  Obfuscating Circuits via Composite-Order Graded Encoding , 2015, TCC.

[8]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[9]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[10]  Craig Gentry,et al.  Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations , 2015, CRYPTO.

[11]  Jung Hee Cheon,et al.  Cryptanalysis of the Multilinear Map over the Integers , 2014, EUROCRYPT.

[12]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[13]  Eric Miles,et al.  Secure Obfuscation in a Weak Multilinear Map Model , 2016, TCC.

[14]  David A. Mix Barrington,et al.  Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1986, STOC '86.

[15]  Craig Gentry,et al.  Succinct Randomized Encodings and their Applications. , 2014 .

[16]  Benny Applebaum,et al.  Bootstrapping Obfuscators via Fast Pseudorandom Functions , 2014, ASIACRYPT.

[17]  A BarringtonDavid Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1989 .

[18]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[19]  Eric Miles,et al.  Protecting obfuscation against arithmetic attacks , 2014, IACR Cryptol. ePrint Arch..

[20]  Yuval Ishai,et al.  Optimizing Obfuscation: Avoiding Barrington's Theorem , 2014, CCS.

[21]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[22]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[23]  Nico Döttling,et al.  Obfuscation from Low Noise Multilinear Maps , 2018, IACR Cryptol. ePrint Arch..

[24]  Brice Minaud,et al.  Cryptanalysis of the New CLT Multilinear Map over the Integers , 2016, EUROCRYPT.

[25]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[26]  Yupu Hu,et al.  Cryptanalysis of GGH Map , 2016, EUROCRYPT.

[27]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[28]  Jung Hee Cheon,et al.  An Algorithm for NTRU Problems and Cryptanalysis of the GGH Multilinear Map without an encoding of zero , 2016, IACR Cryptol. ePrint Arch..

[29]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[30]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[31]  Eric Miles,et al.  Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits , 2016, EUROCRYPT.

[32]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[33]  Moni Naor,et al.  Universal Constructions and Robust Combiners for Indistinguishability Obfuscation and Witness Encryption , 2016, CRYPTO.