## Cryptology ePrint Archive: Report 2017/946

The MMap Strikes Back: Obfuscation and New Multilinear Maps Immune to CLT13 Zeroizing Attacks

Fermi Ma and Mark Zhandry

Abstract: All known multilinear map candidates have suffered from a class of attacks known as zeroizing'' attacks, which render them unusable for many applications. We provide a new construction of polynomial-degree multilinear maps and show that our scheme is provably immune to zeroizing attacks under a strengthening of the Branching Program Un-Annihilatability Assumption (Garg et al., TCC 2016-B).

Concretely, we build our scheme on top of the CLT13 multilinear maps (Coron et al., CRYPTO 2013). In order to justify the security of our new scheme, we devise a weak multilinear map model for CLT13 that captures zeroizing attacks and generalizations, reflecting all known classical polynomial-time attacks on CLT13. In our model, we show that our new multilinear map scheme achieves ideal security, meaning no known attacks apply to our scheme. Using our scheme, we give a new multiparty key agreement protocol that is several orders of magnitude more efficient that what was previously possible.

We also demonstrate the general applicability of our model by showing that several existing obfuscation and order-revealing encryption schemes, when instantiated with the CLT13 maps, are secure against known attacks. These are schemes that are actually being implemented for experimentation, but until our work had no rigorous justification for security.

Category / Keywords: multilinear maps, obfuscation, CLT13, multiparty key exchange

Date: received 26 Sep 2017, last revised 25 May 2018

Contact author: fermima1 at gmail com

Available format(s): PDF | BibTeX Citation

Note: improved exposition, more justification for vbpua assumption, extended security to poly-degree mmaps (from constant degree)

Short URL: ia.cr/2017/946

[ Cryptology ePrint archive ]