Cryptanalysis of Gu's ideal multilinear map
نویسندگان
چکیده
In March, 2015 Gu Chunsheng proposed a candidate ideal multilinear map [9]. An ideal multilinear map allows to perform as many multiplications as desired, while in κ-multilinear maps like GGH [5] or CLT [3,4] one we can perform at most a predetermined number κ of multiplications. In this note, we show that the extraction Multilinear Computational Diffie-Hellman problem (extMCDH) associated to Gu’s map can be solved in polynomial-time: this candidate ideal multilinear map is insecure. We also give intuition on why we think that the two other ideal multilinear maps proposed by Gu in [9] are not secure either.
منابع مشابه
Cryptanalysis of the New CLT Multilinear Map over the Integers
Multilinear maps serve as a basis for a wide range of cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi in 2013, and soon afterwards, another construction was suggested by Coron, Lepoint, and Tibouchi (CLT13), which works over the integers. However, both of these were found to be insecure in the face of so-called zeroizing ...
متن کاملCryptanalysis of the multilinear map on the ideal lattices
We improve the zeroizing attack on the multilinear map of Garg, Gentry and Halevi (GGH). Our algorithm can solve the Graded Decisional Diffie-Hellman (GDDH) problem on the GGH scheme when the dimension n of the ideal lattice Z[X]/(X+1) is O(κλ) as suggested for the κ-linear GGH scheme. The zeroizing attack is to recover a basis of an ideal generated by a secret element g ∈ Z[X]/(X + 1) from the...
متن کاملCryptanalysis of the Multilinear Map over the Integers
We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break generalizations of the Decision Linear and S...
متن کاملCryptanalysis of the New Multilinear Map over the Integers
This article describes a polynomial attack on the new multilinear map over the integers presented by Coron, Lepoint and Tibouchi at Crypto 2015 (CLT15). This version is a fix of the first multilinear map over the integers presented by the same authors at Crypto 2013 (CLT13) and broken by Cheon et al. at Eurocrypt 2015. The attack essentially downgrades CLT15 to its original version CLT13, and l...
متن کاملIdeal Multilinear Maps based on Ideal Lattices
Cryptographic multilinear maps have many applications, such as multipartite key exchange and software obfuscation. However, the encodings of three current constructions are “noisy” and their multilinearity levels are fixed and bounded in advance. In this paper, we describe a candidate construction of ideal multilinear maps by using ideal lattices, which supports arbitrary multilinearity levels....
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015