Cryptology ePrint Archive: Report 2014/574

Security Analysis of Multilinear Maps over the Integers

Hyung Tae Lee and Jae Hong Seo

Abstract: At Crypto 2013, Coron, Lepoint, and Tibouchi~(CLT) proposed a practical Graded Encoding Scheme (GES) over the integers, which has very similar cryptographic features to ideal multilinear maps. In fact, the scheme of Coron~{\em et al.} is the second proposal of a secure GES, and has advantages over the first scheme of Garg, Gentry, and Halevi~(GGH). For example, unlike the GGH construction, the subgroup decision assumption holds in the CLT construction. Immediately following the elegant innovations of the GES, numerous GES-based cryptographic applications were proposed. Although these applications rely on the security of the underlying GES, the security of the GES has not been analyzed in detail, aside from the original papers produced by Garg~{\em et~al.} and Coron~{\em et~al.}

We present an attack algorithm against the system parameters of the CLT GES. The proposed algorithm's complexity $\tilde\bO(2^{\rho/2})$ is exponentially smaller than $\tilde\bO(2^{\rho})$ of the previous best attack of Coron~{\em et al.}, where $\rho$ is a function of the security parameter. Furthermore, we identify a flaw in the generation of the zero-testing parameter of the CLT GES, which drastically reduces the running time of the proposed algorithm. The experimental results demonstrate the practicality of our attack.

Category / Keywords: public-key cryptography / multilinear maps, graded encoding scheme, approximate common divisors, cryptanalysis

Original Publication (with major differences): IACR-CRYPTO-2014
DOI: 10.1007/978-3-662-44371-2_13

Date: received 23 Jul 2014

Contact author: jhsbhs at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20140724:125059 (All versions of this report)

Short URL: ia.cr/2014/574

Discussion forum: Show discussion | Start new discussion