Cryptanalysis of the New CLT Multilinear Maps
نویسندگان
چکیده
Multilinear maps have many cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi (GGH13) in 2013, and a bit later another candidate was suggested by Coron, Lepoint, and Tibouchi (CLT13) over the integers. However, both of them turned out to be insecure from so-called zeroizing attack (HJ15, CHL15). As a fix of CLT13, Coron, Lepoint, and Tibouchi proposed another candidate of new multilinear maps over the integers (CLT15). In this paper, we describe an attack against CLT15. Our attack shares the essence of cryptanalysis of CLT13 and exploits low level encodings of zero as well as other public parameters. As in the CHL15, this leads to find all the secret parameters of κ-multiliear maps in polynomial time of security parameter.
منابع مشابه
Cryptanalysis of Gu's ideal multilinear map
In March, 2015 Gu Chunsheng proposed a candidate ideal multilinear map [9]. An ideal multilinear map allows to perform as many multiplications as desired, while in κ-multilinear maps like GGH [5] or CLT [3,4] one we can perform at most a predetermined number κ of multiplications. In this note, we show that the extraction Multilinear Computational Diffie-Hellman problem (extMCDH) associated to G...
متن کاملCryptanalysis of the New CLT Multilinear Map over the Integers
Multilinear maps serve as a basis for a wide range of cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi in 2013, and soon afterwards, another construction was suggested by Coron, Lepoint, and Tibouchi (CLT13), which works over the integers. However, both of these were found to be insecure in the face of so-called zeroizing ...
متن کاملCryptanalysis of the Multilinear Map over the Integers
We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break generalizations of the Decision Linear and S...
متن کاملCryptanalysis on the Multilinear Map over the Integers and its Related Problems
The CRT-ACD problem is to find the primes p1, . . . , pn given polynomially many instances of CRT(p1,...,pn)(r1, . . . , rn) for small integers r1, . . . , rn. The CRT-ACD problem is regarded as a hard problem, but its hardness is not proven yet. In this paper, we analyze the CRT-ACD problem when given one more input CRT(p1,...,pn)(x0/p1, . . . , x0/pn) for x0 = n ∏ i=1 pi and propose a polynom...
متن کاملNew Multilinear Maps Over the Integers
In the last few years, cryptographic multilinear maps have proved their tremendous potential as building blocks for new constructions, in particular the first viable approach to general program obfuscation. After the first candidate construction by Garg, Gentry and Halevi (GGH) based on ideal lattices, a second construction over the integers was described by Coron, Lepoint and Tibouchi (CLT). H...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015