TY - GEN
T1 - Annihilation attacks for multilinear maps
T2 - 36th Annual International Cryptology Conference, CRYPTO 2016
AU - Miles, Eric
AU - Sahai, Amit
AU - Zhandry, Mark
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2016.
PY - 2016
Y1 - 2016
N2 - In this work, we present a new class of polynomial-time attacks on the original multilinear maps of Garg, Gentry, and Halevi (2013). Previous polynomial-time attacks on GGH13 were “zeroizing” attacks that generally required the availability of low-level encodings of zero. Most significantly, such zeroizing attacks were not applicable to candidate indistinguishability obfuscation (iO) schemes. iO has been the subject of intense study. To address this gap, we introduce annihilation attacks, which attack multilinear maps using non-linear polynomials. Annihilation attacks can work in situations where there are no low-level encodings of zero. Using annihilation attacks, we give the first polynomial-time cryptanalysis of candidate iO schemes over GGH13. More specifically, we exhibit two simple programs that are functionally equivalent, and show how to efficiently distinguish between the obfuscations of these two programs. Given the enormous applicability of iO, it is important to devise iO schemes that can avoid attack. We discuss some initial directions for safeguarding against annihilating attacks.
AB - In this work, we present a new class of polynomial-time attacks on the original multilinear maps of Garg, Gentry, and Halevi (2013). Previous polynomial-time attacks on GGH13 were “zeroizing” attacks that generally required the availability of low-level encodings of zero. Most significantly, such zeroizing attacks were not applicable to candidate indistinguishability obfuscation (iO) schemes. iO has been the subject of intense study. To address this gap, we introduce annihilation attacks, which attack multilinear maps using non-linear polynomials. Annihilation attacks can work in situations where there are no low-level encodings of zero. Using annihilation attacks, we give the first polynomial-time cryptanalysis of candidate iO schemes over GGH13. More specifically, we exhibit two simple programs that are functionally equivalent, and show how to efficiently distinguish between the obfuscations of these two programs. Given the enormous applicability of iO, it is important to devise iO schemes that can avoid attack. We discuss some initial directions for safeguarding against annihilating attacks.
UR - http://www.scopus.com/inward/record.url?scp=84979500830&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84979500830&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-53008-5_22
DO - 10.1007/978-3-662-53008-5_22
M3 - Conference contribution
AN - SCOPUS:84979500830
SN - 9783662530078
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 629
EP - 658
BT - Advances in Cryptology - 36th Annual International Cryptology Conference, CRYPTO 2016, Proceedings
A2 - Robshaw, Matthew
A2 - Katz, Jonathan
PB - Springer Verlag
Y2 - 14 August 2016 through 18 August 2016
ER -