Zeroizing without zeroes: Cryptanalyzing multilinear maps without encodings of zero
نویسندگان
چکیده
We extend the recent zeroizing attacks of Cheon et al. on multilinear maps to some settings where no encodings of zero below the maximal level are available. Some of the new attacks apply to the CLT scheme (resulting in total break) while others apply to the GGH scheme (resulting in a weak-DL attack).
منابع مشابه
Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations
We extend the recent zeroizing attacks of Cheon, Han, Lee, Ryu and Stehlé (Eurocrypt’15) on multilinear maps to settings where no encodings of zero below the maximal level are available. Some of the new attacks apply to the CLT13 scheme (resulting in a total break) while others apply to (a variant of) the GGH13 scheme (resulting in a weak-DL attack). We also note the limits of these zeroizing a...
متن کاملImmunizing Multilinear Maps Against Zeroizing Attacks
In recent work Cheon, Han, Lee, Ryu, and Stehlé presented an attack on the multilinear map of Coron, Lepoint, and Tibouchi (CLT). They show that given many low-level encodings of zero, the CLT multilinear map can be completely broken, recovering the secret factorization of the CLT modulus. The attack is a generalization of the “zeroizing” attack of Garg, Gentry, and Halevi. We first strengthen ...
متن کاملMultilinear Map via Scale-Invariant FHE: Enhancing Security and Efficiency
Cryptographic multilinear map is a useful tool for constructing numerous secure protocols and Graded Encoding System (GES) is an approximate concept of multilinear map. In multilinear map context, there are several important issues, mainly about security and efficiency. All early stage candidate multilinear maps are recently broken by so-called zeroizing attack, so that it is highly required to...
متن کاملAnnihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13
In this work, we put forward a new class of polynomial-time attacks on the original multilinear maps of Garg, Gentry, and Halevi (2013). Previous polynomial-time attacks on GGH13 were “zeroizing” attacks that generally required the availability of low-level encodings of zero. Most significantly, such zeroizing attacks were not applicable to candidate indistinguishability obfuscation (iO) scheme...
متن کاملCryptanalysis of the New CLT Multilinear Maps
Multilinear maps have many cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi (GGH13) in 2013, and a bit later another candidate was suggested by Coron, Lepoint, and Tibouchi (CLT13) over the integers. However, both of them turned out to be insecure from so-called zeroizing attack (HJ15, CHL15). As a fix of CLT13, Coron, Lep...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014