Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13

2016 ◽  
pp. 629-658 ◽  
Author(s):  
Eric Miles ◽  
Amit Sahai ◽  
Mark Zhandry
Keyword(s):  
Indistinguishability Obfuscation ◽  
Multilinear Maps

scholarly journals Practical CCA-Secure Functional Encryptions for Deterministic Functions

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Huige Wang ◽  
Kefei Chen ◽  
Tianyu Pan ◽  
Yunlei Zhao
Keyword(s):  
Affirmative Answer ◽  
Inner Product ◽  
Secret Key ◽  
Functional Encryption ◽  
Fine Grained ◽  
Indistinguishability Obfuscation ◽  
Simulation Based ◽  
Multilinear Maps ◽  
Hard Problems ◽  
Generic Transformation

Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).

scholarly journals Multiparty Non-Interactive Key Exchange and More From Isogenies on Elliptic Curves

2020 ◽  
Vol 14 (1) ◽  
pp. 5-14
Author(s):  
Dan Boneh ◽  
Darren Glass ◽  
Daniel Krashen ◽  
Kristin Lauter ◽  
Shahed Sharif ◽  
...  
Keyword(s):  
Elliptic Curves ◽  
Abelian Variety ◽  
Efficient Algorithm ◽  
Group Structure ◽  
Mathematical Problem ◽  
Key Exchange ◽  
Cryptographic Primitives ◽  
Indistinguishability Obfuscation ◽  
Multilinear Maps ◽  
Multilinear Map

AbstractWe describe a framework for constructing an efficient non-interactive key exchange (NIKE) protocol for n parties for any n ≥ 2. Our approach is based on the problem of computing isogenies between isogenous elliptic curves, which is believed to be difficult. We do not obtain a working protocol because of a missing step that is currently an open mathematical problem. What we need to complete our protocol is an efficient algorithm that takes as input an abelian variety presented as a product of isogenous elliptic curves, and outputs an isomorphism invariant of the abelian variety.Our framework builds a cryptographic invariant map, which is a new primitive closely related to a cryptographic multilinear map, but whose range does not necessarily have a group structure. Nevertheless, we show that a cryptographic invariant map can be used to build several cryptographic primitives, including NIKE, that were previously constructed from multilinear maps and indistinguishability obfuscation.

scholarly journals Multilinear Maps from Obfuscation

2020 ◽  
Vol 33 (3) ◽  
pp. 1080-1113 ◽  
Author(s):  
Martin R. Albrecht ◽  
Pooya Farshim ◽  
Shuai Han ◽  
Dennis Hofheinz ◽  
Enrique Larraia ◽  
...  
Keyword(s):  
Prime Order ◽  
Homomorphic Encryption ◽  
A Priori ◽  
Reverse Direction ◽  
Proof Systems ◽  
Indistinguishability Obfuscation ◽  
Security Parameter ◽  
Multilinear Maps ◽  
High Level ◽  
Base Group

AbstractWe provide constructions of multilinear groups equipped with natural hard problems from indistinguishability obfuscation, homomorphic encryption, and NIZKs. This complements known results on the constructions of indistinguishability obfuscators from multilinear maps in the reverse direction. We provide two distinct, but closely related constructions and show that multilinear analogues of the $${\text {DDH}} $$DDH assumption hold for them. Our first construction is symmetric and comes with a $$\kappa $$κ-linear map $$\mathbf{e }: {{\mathbb {G}}}^\kappa \longrightarrow {\mathbb {G}}_T$$e:Gκ⟶GT for prime-order groups $${\mathbb {G}}$$G and $${\mathbb {G}}_T$$GT. To establish the hardness of the $$\kappa $$κ-linear $${\text {DDH}} $$DDH problem, we rely on the existence of a base group for which the $$\kappa $$κ-strong $${\text {DDH}} $$DDH assumption holds. Our second construction is for the asymmetric setting, where $$\mathbf{e }: {\mathbb {G}}_1 \times \cdots \times {\mathbb {G}}_{\kappa } \longrightarrow {\mathbb {G}}_T$$e:G1×⋯×Gκ⟶GT for a collection of $$\kappa +1$$κ+1 prime-order groups $${\mathbb {G}}_i$$Gi and $${\mathbb {G}}_T$$GT, and relies only on the 1-strong $${\text {DDH}} $$DDH assumption in its base group. In both constructions, the linearity $$\kappa $$κ can be set to any arbitrary but a priori fixed polynomial value in the security parameter. We rely on a number of powerful tools in our constructions: probabilistic indistinguishability obfuscation, dual-mode NIZK proof systems (with perfect soundness, witness-indistinguishability, and zero knowledge), and additively homomorphic encryption for the group $$\mathbb {Z}_N^{+}$$ZN+. At a high level, we enable “bootstrapping” multilinear assumptions from their simpler counterparts in standard cryptographic groups and show the equivalence of PIO and multilinear maps under the existence of the aforementioned primitives.

scholarly journals A Novel Construction of Constrained Verifiable Random Functions

2019 ◽  
Vol 2019 ◽  
pp. 1-15
Author(s):  
Muhua Liu ◽  
Ping Zhang ◽  
Qingtao Wu
Keyword(s):  
Random Function ◽  
Secret Key ◽  
Bilinear Maps ◽  
Random Functions ◽  
Compute Function ◽  
Multilinear Maps ◽  
Verifiable Random Functions ◽  
Selective Security

Constrained verifiable random functions (VRFs) were introduced by Fuchsbauer. In a constrained VRF, one can drive a constrained key skS from the master secret key sk, where S is a subset of the domain. Using the constrained key skS, one can compute function values at points which are not in the set S. The security of constrained VRFs requires that the VRFs’ output should be indistinguishable from a random value in the range. They showed how to construct constrained VRFs for the bit-fixing class and the circuit constrained class based on multilinear maps. Their construction can only achieve selective security where an attacker must declare which point he will attack at the beginning of experiment. In this work, we propose a novel construction for constrained verifiable random function from bilinear maps and prove that it satisfies a new security definition which is stronger than the selective security. We call it semiadaptive security where the attacker is allowed to make the evaluation queries before it outputs the challenge point. It can immediately get that if a scheme satisfied semiadaptive security, and it must satisfy selective security.

scholarly journals A note on extensions of multilinear maps defined on multilinear varieties

2021 ◽  
pp. 1-26
Author(s):  
W. T. Gowers ◽  
L. Milićević
Keyword(s):  
Finite Fields ◽  
Vector Spaces ◽  
Restriction Map ◽  
Zero Set ◽  
Dimensional Vector ◽  
Prime Field ◽  
Finite Dimensional ◽  
Multilinear Maps ◽  
Multilinear Map

Abstract Let $G_1, \ldots , G_k$ be finite-dimensional vector spaces over a prime field $\mathbb {F}_p$ . A multilinear variety of codimension at most $d$ is a subset of $G_1 \times \cdots \times G_k$ defined as the zero set of $d$ forms, each of which is multilinear on some subset of the coordinates. A map $\phi$ defined on a multilinear variety $B$ is multilinear if for each coordinate $c$ and all choices of $x_i \in G_i$ , $i\not =c$ , the restriction map $y \mapsto \phi (x_1, \ldots , x_{c-1}, y, x_{c+1}, \ldots , x_k)$ is linear where defined. In this note, we show that a multilinear map defined on a multilinear variety of codimension at most $d$ coincides on a multilinear variety of codimension $O_{k}(d^{O_{k}(1)})$ with a multilinear map defined on the whole of $G_1\times \cdots \times G_k$ . Additionally, in the case of general finite fields, we deduce similar (but slightly weaker) results.

scholarly journals THE POLYNOMIAL NUMERICAL INDEX OF A BANACH SPACE

2006 ◽  
Vol 49 (1) ◽  
pp. 39-52 ◽  
Author(s):  
Yun Sung Choi ◽  
Domingo Garcia ◽  
Sung Guen Kim ◽  
Manuel Maestre
Keyword(s):  
Banach Space ◽  
Positive Integer ◽  
Banach Spaces ◽  
Compact Space ◽  
Linear Operators ◽  
Homogeneous Polynomials ◽  
Numerical Radius ◽  
Disc Algebra ◽  
Multilinear Maps ◽  
Numerical Index

AbstractIn this paper, we introduce the polynomial numerical index of order $k$ of a Banach space, generalizing to $k$-homogeneous polynomials the ‘classical’ numerical index defined by Lumer in the 1970s for linear operators. We also prove some results. Let $k$ be a positive integer. We then have the following:(i) $n^{(k)}(C(K))=1$ for every scattered compact space $K$.(ii) The inequality $n^{(k)}(E)\geq k^{k/(1-k)}$ for every complex Banach space $E$ and the constant $k^{k/(1-k)}$ is sharp.(iii) The inequalities$$ n^{(k)}(E)\leq n^{(k-1)}(E)\leq\frac{k^{(k+(1/(k-1)))}}{(k-1)^{k-1}}n^{(k)}(E) $$for every Banach space $E$.(iv) The relation between the polynomial numerical index of $c_0$, $l_1$, $l_{\infty}$ sums of Banach spaces and the infimum of the polynomial numerical indices of them.(v) The relation between the polynomial numerical index of the space $C(K,E)$ and the polynomial numerical index of $E$.(vi) The inequality $n^{(k)}(E^{**})\leq n^{(k)}(E)$ for every Banach space $E$.Finally, some results about the numerical radius of multilinear maps and homogeneous polynomials on $C(K)$ and the disc algebra are given.

Sign in / Sign up

Export Citation Format

Share Document