An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero

Cheon, Jung Hee; Jeong, Jinhyuck; Lee, Changmin

doi:10.1112/s1461157016000371

Cited by 81 publications

(30 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The NTRU algorithm [14][15][16] is an open secret system invented by three professors of mathematics at Brown University in 1996. It is a cryptosystem based on polynomial rings, and its security depends on the shortest vector problem (SVP).…”

Section: Description Of the Ntru Algorithmmentioning

confidence: 99%

NFC Secure Payment and Verification Scheme with CS E-Ticket

Fan

Song

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

As one of the most important techniques in IoT, NFC (Near Field Communication) is more interesting than ever. NFC is a shortrange, high-frequency communication technology well suited for electronic tickets, micropayment, and access control function, which is widely used in the financial industry, traffic transport, road ban control, and other fields. However, NFC is becoming increasingly popular in the relevant field, but its secure problems, such as man-in-the-middle-attack and brute force attack, have hindered its further development. To address the security problems and specific application scenarios, we propose a NFC mobile electronic ticket secure payment and verification scheme in the paper. The proposed scheme uses a CS E-Ticket and offline session key generation and distribution technology to prevent major attacks and increase the security of NFC. As a result, the proposed scheme can not only be a good alternative to mobile e-ticket system but also be used in many NFC fields. Furthermore, compared with other existing schemes, the proposed scheme provides a higher security.

show abstract

Section: Description Of the Ntru Algorithmmentioning

confidence: 99%

NFC Secure Payment and Verification Scheme with CS E-Ticket

Fan

Song

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…More recently, Albrecht, Bai, and Ducas [1] gave a quantum break for GGHLite without using any encodings of 0 or the public zero-testing parameter. Subsequently, Cheon, Jeong, and Lee [17] showed how to give a (classical) polynomial-time attack on GGHLite, again without using any encodings of 0. However, their attack re-quires exponential time if the parameters of GGHLite are sufficiently increased (by a polynomial amount).…”

Section: The Gghlite Multilinear Mapmentioning

confidence: 99%

5Gen

Lewi

Malozemoff

Apon

et al. 2016

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Secure multilinear maps (mmaps) have been shown to have remarkable applications in cryptography, such as multi-input functional encryption (MIFE) and program obfuscation. To date, there has been little evaluation of the performance of these applications. In this paper we initiate a systematic study of mmap-based constructions. We build a general framework, called 5Gen, to experiment with these applications. At the top layer we develop a compiler that takes in a high-level program and produces an optimized matrix branching program needed for the applications we consider. Next, we optimize and experiment with several MIFE and obfuscation constructions and evaluate their performance. The 5Gen framework is modular and can easily accommodate new mmap constructions as well as new MIFE and obfuscation constructions, as well as being an open-source tool that can be used by other research groups to experiment with a variety of mmap-based constructions.1 The name 5Gen comes from the fact that multilinear maps can be considered the "fifth generation" of cryptography, where the prior four are: symmetric key, public key, bilinear maps, and fully homomorphic encryption.

show abstract

“…However, the dimension of the cyclotomic ring used in current instantiations on the GGH multilinear map is chosen to be at least λ 2 where λ is the security parameter. This is done to thwart the attacks of [ABD16,CJL16,KF17] over the GGH13 multilinear map, but it also means that the classical variant of the attack described in this article is exponential in the security parameter, even when using the sub-exponential principal ideal solver of [BEF + 17]. It is still interesting to note that any future improvement for solving the principal ideal problem will directly imply an improvement for the attack described in this article.…”

Section: Introductionmentioning

confidence: 99%

Quantum Attacks Against Indistinguishablility Obfuscators Proved Secure in the Weak Multilinear Map Model

Pellet-Mary

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We present a quantum polynomial time attack against the GMMSSZ branching program obfuscator of Garg et al. (TCC'16), when instantiated with the GGH13 multilinear map of Garg et al. . This candidate obfuscator was proved secure in the weak multilinear map model introduced by Miles et al. (CRYPTO'16). Our attack uses the short principal ideal solver of Cramer et al. , to recover a secret element of the GGH13 multilinear map in quantum polynomial time. We then use this secret element to mount a (classical) polynomial time mixed-input attack against the GMMSSZ obfuscator. The main result of this article can hence be seen as a classical reduction from the security of the GMMSSZ obfuscator to the short principal ideal problem (the quantum setting is then only used to solve this problem in polynomial time). As an additional contribution, we explain how the same ideas can be adapted to mount a quantum polynomial time attack against the DG-GMM obfuscator of Döttling et al. (ePrint 2016), which was also proved secure in the weak multilinear map model. under these weaker security notions. In addition to their impossibility result, the authors of [BGI + 01] proposed such a weaker security notion, called indistinguishablility obfuscation (or iO).Indistinguishability obfuscation requires that it should be hard to distinguish between the obfuscation of two equivalent circuits, i.e., circuits that compute the same function. Even if iO security is weaker than VBB security, achieving iO for all circuits would have a lot of applications (see, e.g., [GGH + 13b, SW14]). The first candidate obfuscator for iO security was proposed in 2013 by Garg, Gentry, Halevi, Raykova, Sahai and Waters [GGH + 13b], based on the GGH13 approximate multilinear map [GGH13a]. They showed that iO for the class of polynomial-size branching programs 2 could be bootstrapped to iO for all polynomial-size circuits, 3 and they then described a candidate iO obfuscator for polynomial-size branching programs (without a security proof). Since 2013, numerous candidate obfuscators for polynomial-size branching programs have been proposed, all relying on one of the three candidate cryptographic multilinear map constructions [GGH13a,CLT13,GGH15]. 4 However, none of these candidate obfuscators could be proven secure under classical hardness assumptions.The main security weakness of these candidate obfuscators stems from the underlying candidate multilinear maps. Indeed, all candidate multilinear maps have been shown to suffer from so-called zeroizing attacks [CHL + 15, HJ16], and these zeroizing attacks and their generalizations have made it difficult to design potentially secure iO obfuscators. In the following, we will instantiate all the obfuscators with the GGH13 [GGH13a] multilinear map, 5 as our attack exploits a weakness of this specific multilinear map.In order to improve security confidence, recent obfuscator constructions carefully instantiate the underlying multilinear map (to try to avoid zeroizing attacks) and prove VBB security of their obfuscator in some ...

show abstract

An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero

Cited by 81 publications

References 19 publications

NFC Secure Payment and Verification Scheme with CS E-Ticket

NFC Secure Payment and Verification Scheme with CS E-Ticket

5Gen

Quantum Attacks Against Indistinguishablility Obfuscators Proved Secure in the Weak Multilinear Map Model

Contact Info

Product

Resources

About