Cryptanalysis of the Multilinear Map over the Integers
نویسندگان
چکیده
We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break generalizations of the Decision Linear and Subgroup Membership problems from pairing-based cryptography. For CLT, this leads to a total break: all quantities meant to be kept secret can be efficiently and publicly recovered.
منابع مشابه
Cryptanalysis of the New Multilinear Map over the Integers
This article describes a polynomial attack on the new multilinear map over the integers presented by Coron, Lepoint and Tibouchi at Crypto 2015 (CLT15). This version is a fix of the first multilinear map over the integers presented by the same authors at Crypto 2013 (CLT13) and broken by Cheon et al. at Eurocrypt 2015. The attack essentially downgrades CLT15 to its original version CLT13, and l...
متن کاملCryptanalysis of the New CLT Multilinear Map over the Integers
Multilinear maps serve as a basis for a wide range of cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi in 2013, and soon afterwards, another construction was suggested by Coron, Lepoint, and Tibouchi (CLT13), which works over the integers. However, both of these were found to be insecure in the face of so-called zeroizing ...
متن کاملCryptanalysis on the Multilinear Map over the Integers and its Related Problems
The CRT-ACD problem is to find the primes p1, . . . , pn given polynomially many instances of CRT(p1,...,pn)(r1, . . . , rn) for small integers r1, . . . , rn. The CRT-ACD problem is regarded as a hard problem, but its hardness is not proven yet. In this paper, we analyze the CRT-ACD problem when given one more input CRT(p1,...,pn)(x0/p1, . . . , x0/pn) for x0 = n ∏ i=1 pi and propose a polynom...
متن کاملCryptanalysis of Two Candidate Fixes of Multilinear Maps over the Integers
Shortly following Cheon, Han, Lee, Ryu and Stehlé’s attack against the multilinear map of Coron, Lepoint and Tibouchi (CLT), two independent approaches to thwart this attack have been proposed on the cryptology ePrint archive, due to Garg, Gentry, Halevi and Zhandry on the one hand, and Boneh, Wu and Zimmerman on the other. In this short note, we show that both countermeasures can be defeated i...
متن کاملCryptanalysis of the New CLT Multilinear Maps
Multilinear maps have many cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi (GGH13) in 2013, and a bit later another candidate was suggested by Coron, Lepoint, and Tibouchi (CLT13) over the integers. However, both of them turned out to be insecure from so-called zeroizing attack (HJ15, CHL15). As a fix of CLT13, Coron, Lep...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014