Cryptanalysis of the New CLT Multilinear Map over the Integers
نویسندگان
چکیده
Multilinear maps serve as a basis for a wide range of cryptographic applications. The first candidate construction of multilinear maps was proposed by Garg, Gentry, and Halevi in 2013, and soon afterwards, another construction was suggested by Coron, Lepoint, and Tibouchi (CLT13), which works over the integers. However, both of these were found to be insecure in the face of so-called zeroizing attacks, by Hu and Jia, and by Cheon, Han, Lee, Ryu and Stehlé. To improve on CLT13, Coron, Lepoint, and Tibouchi proposed another candidate construction of multilinear maps over the integers at Crypto 2015 (CLT15). This article presents two polynomial attacks on the CLT15 multilinear map, which share ideas similar to the cryptanalysis of CLT13. Our attacks allow recovery of all secret parameters in time polynomial in the security parameter, and lead to a full break of the CLT15 multilinear map for virtually all applications.
منابع مشابه
Cryptanalysis of the Multilinear Map over the Integers
We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break generalizations of the Decision Linear and S...
متن کاملNew Multilinear Maps Over the Integers
In the last few years, cryptographic multilinear maps have proved their tremendous potential as building blocks for new constructions, in particular the first viable approach to general program obfuscation. After the first candidate construction by Garg, Gentry and Halevi (GGH) based on ideal lattices, a second construction over the integers was described by Coron, Lepoint and Tibouchi (CLT). H...
متن کاملCryptanalysis on the Multilinear Map over the Integers and its Related Problems
The CRT-ACD problem is to find the primes p1, . . . , pn given polynomially many instances of CRT(p1,...,pn)(r1, . . . , rn) for small integers r1, . . . , rn. The CRT-ACD problem is regarded as a hard problem, but its hardness is not proven yet. In this paper, we analyze the CRT-ACD problem when given one more input CRT(p1,...,pn)(x0/p1, . . . , x0/pn) for x0 = n ∏ i=1 pi and propose a polynom...
متن کاملCryptanalysis of the New Multilinear Map over the Integers
This article describes a polynomial attack on the new multilinear map over the integers presented by Coron, Lepoint and Tibouchi at Crypto 2015 (CLT15). This version is a fix of the first multilinear map over the integers presented by the same authors at Crypto 2013 (CLT13) and broken by Cheon et al. at Eurocrypt 2015. The attack essentially downgrades CLT15 to its original version CLT13, and l...
متن کاملCryptanalysis of Two Candidate Fixes of Multilinear Maps over the Integers
Shortly following Cheon, Han, Lee, Ryu and Stehlé’s attack against the multilinear map of Coron, Lepoint and Tibouchi (CLT), two independent approaches to thwart this attack have been proposed on the cryptology ePrint archive, due to Garg, Gentry, Halevi and Zhandry on the one hand, and Boneh, Wu and Zimmerman on the other. In this short note, we show that both countermeasures can be defeated i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016