AbstractWe provide constructions of multilinear groups equipped with natural hard problems from indistinguishability obfuscation, homomorphic encryption, and NIZKs. This complements known results on the constructions of indistinguishability obfuscators from multilinear maps in the reverse direction. We provide two distinct, but closely related constructions and show that multilinear analogues of the $${\text {DDH}} $$DDH assumption hold for them. Our first construction is symmetric and comes with a $$\kappa $$κ-linear map $$\mathbf{e }: {{\mathbb {G}}}^\kappa \longrightarrow {\mathbb {G}}_T$$e:Gκ⟶GT for prime-order groups $${\mathbb {G}}$$G and $${\mathbb {G}}_T$$GT. To establish the hardness of the $$\kappa $$κ-linear $${\text {DDH}} $$DDH problem, we rely on the existence of a base group for which the $$\kappa $$κ-strong $${\text {DDH}} $$DDH assumption holds. Our second construction is for the asymmetric setting, where $$\mathbf{e }: {\mathbb {G}}_1 \times \cdots \times {\mathbb {G}}_{\kappa } \longrightarrow {\mathbb {G}}_T$$e:G1×⋯×Gκ⟶GT for a collection of $$\kappa +1$$κ+1 prime-order groups $${\mathbb {G}}_i$$Gi and $${\mathbb {G}}_T$$GT, and relies only on the 1-strong $${\text {DDH}} $$DDH assumption in its base group. In both constructions, the linearity $$\kappa $$κ can be set to any arbitrary but a priori fixed polynomial value in the security parameter. We rely on a number of powerful tools in our constructions: probabilistic indistinguishability obfuscation, dual-mode NIZK proof systems (with perfect soundness, witness-indistinguishability, and zero knowledge), and additively homomorphic encryption for the group $$\mathbb {Z}_N^{+}$$ZN+. At a high level, we enable “bootstrapping” multilinear assumptions from their simpler counterparts in standard cryptographic groups and show the equivalence of PIO and multilinear maps under the existence of the aforementioned primitives.
Beyond the Limitation of Prime-Order Bilinear Groups, and Round Optimal Blind Signatures
