Cryptanalysis of GGH Map

Hu, Yupu; Jia, Huiwen

doi:10.1007/978-3-662-49890-3_21

Cited by 99 publications

(49 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As discussed in the previous section, it likely follows that there exists a polynomial time quantum attack (and a subexponential classical attack) that recovers the secret element g from I. The second attack [HJ16] builds upon the first attack and classically breaks the key agreement. We recall the two attacks below.…”

Section: B2 Breaking the Key Agreement Of Ggh13mentioning

confidence: 99%

“…Now, on a classical computer, recovering g from I takes at least subexponential time. We describe below a classical polynomial-time attack of Hu and Jia against the key-agreement protocol [HJ16]. First assume that we recovered I as in the previous attack.…”

Section: B2 Breaking the Key Agreement Of Ggh13mentioning

confidence: 99%

“…Unfortunately, these candidates do not rely on well-established hardness assumptions, and recent months have witnessed a number of attacks (including [CHL + 15], [CGH + 15], [HJ16], [BGH + 15], [PS15], [CFL + 16]) showing that they fail to meet a number of desirable security requirements, and that they cannot be used to securely instantiate such and such protocols. Some attempts to protect against these attacks have also known a similar fate [CLT15, BGH + 15].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Cryptanalysis of GGH15 Multilinear Maps

Coron

Lee

Lepoint

et al. 2016

Advances in Cryptology – CRYPTO 2016

View full text Add to dashboard Cite

Abstract. We describe a cryptanalysis of the GGH15 multilinear maps. Our attack breaks the multipartite key-agreement protocol in polynomial time by generating an equivalent user private key; it also applies to GGH15 with safeguards. We also describe attacks against variants of the GGH13 multilinear maps proposed by Halevi (ePrint 2015/866) aiming at supporting graph-induced constraints, as in GGH15.

show abstract

Section: B2 Breaking the Key Agreement Of Ggh13mentioning

confidence: 99%

Section: B2 Breaking the Key Agreement Of Ggh13mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis of GGH15 Multilinear Maps

Coron

Lee

Lepoint

et al. 2016

Advances in Cryptology – CRYPTO 2016

View full text Add to dashboard Cite

show abstract

“…For GGH13, the graded decisional Diffie-Hellman assumption from [10] was broken by Hu and Jia [18], in the same settings for which the initial zeroizing attack [10] applies (i.e., in the presence of low-level encodings of zero).…”

Section: Impact Of Our Attacksmentioning

confidence: 99%

“…This attack was called in [10] a "weak discrete-log attack". Recently, this attack was used by Hu and Jia [18] as a component in a new attack that breaks the key-exchange protocol from [10].…”

Section: Overview Of Existing Attacksmentioning

confidence: 99%

Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations

Coron

Gentry²,

Halevi³

et al. 2015

Lecture Notes in Computer Science

100

View full text Add to dashboard Cite

We extend the recent zeroizing attacks of Cheon, Han, Lee, Ryu and Stehlé (Eurocrypt'15) on multilinear maps to settings where no encodings of zero below the maximal level are available. Some of the new attacks apply to the CLT13 scheme (resulting in a total break) while others apply to (a variant of) the GGH13 scheme (resulting in a weak-DL attack). We also note the limits of these zeroizing attacks.

show abstract