Paper 2016/1011

Zeroizing Attacks on Indistinguishability Obfuscation over CLT13

Jean-Sébastien Coron, Moon Sung Lee, Tancrède Lepoint, and Mehdi Tibouchi


In this work, we describe a new polynomial-time attack on the multilinear maps of Coron, Lepoint, and Tibouchi (CLT13), when used in candidate iO schemes. More specifically, we show that given the obfuscation of the simple branching program that computes the always zero functionality previously considered by Miles, Sahai and Zhandry (Crypto 2016), one can recover the secret parameters of CLT13 in polynomial time via an extension of the zeroizing attack of Coron et al. (Crypto 2015). Our attack is generalizable to arbitrary oblivious branching programs for arbitrary functionality, and allows (1) to recover the secret parameters of CLT13, and then (2) to recover the randomized branching program entirely. Our analysis thus shows that several of the single-input variants of iO over CLT13 are insecure.

Available format(s)
Publication info
Preprint. MINOR revision.
Multilinear MapsCLT13Indistinguishability ObfuscationZeroizing Attacks
Contact author(s)
tibouchi mehdi @ lab ntt co jp
2016-10-26: received
Short URL
Creative Commons Attribution


      author = {Jean-Sébastien Coron and Moon Sung Lee and Tancrède Lepoint and Mehdi Tibouchi},
      title = {Zeroizing Attacks on Indistinguishability Obfuscation over CLT13},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1011},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.