Paper 2014/574

Security Analysis of Multilinear Maps over the Integers

Hyung Tae Lee and Jae Hong Seo

Abstract

At Crypto 2013, Coron, Lepoint, and Tibouchi~(CLT) proposed a practical Graded Encoding Scheme (GES) over the integers, which has very similar cryptographic features to ideal multilinear maps. In fact, the scheme of Coron~{\em et al.} is the second proposal of a secure GES, and has advantages over the first scheme of Garg, Gentry, and Halevi~(GGH). For example, unlike the GGH construction, the subgroup decision assumption holds in the CLT construction. Immediately following the elegant innovations of the GES, numerous GES-based cryptographic applications were proposed. Although these applications rely on the security of the underlying GES, the security of the GES has not been analyzed in detail, aside from the original papers produced by Garg~{\em et~al.} and Coron~{\em et~al.} We present an attack algorithm against the system parameters of the CLT GES. The proposed algorithm's complexity $\tilde\bO(2^{\rho/2})$ is exponentially smaller than $\tilde\bO(2^{\rho})$ of the previous best attack of Coron~{\em et al.}, where $\rho$ is a function of the security parameter. Furthermore, we identify a flaw in the generation of the zero-testing parameter of the CLT GES, which drastically reduces the running time of the proposed algorithm. The experimental results demonstrate the practicality of our attack.