Quantum Attacks Against Indistinguishablility Obfuscators Proved Secure in the Weak Multilinear Map Model

Abstract: We present a quantum polynomial time attack against the GMMSSZ branching program obfuscator of Garg et al. (TCC'16), when instantiated with the GGH13 multilinear map of Garg et al. . This candidate obfuscator was proved secure in the weak multilinear map model introduced by Miles et al. (CRYPTO'16). Our attack uses the short principal ideal solver of Cramer et al. , to recover a secret element of the GGH13 multilinear map in quantum polynomial time. We then use this secret element to mount a (classical) polyno… Show more

“…[26]), however, there is only one actual attack [17] in such class for GGH15-based obfuscation so far, which only exploits several input-consistent evaluations as well in the first phase to extract the information to run mixed-input attack. Some attack that indeed use the mixed-inputs for other multilinear maps [25,24], but the first step either uses the valid inputs [40] or decodes the multilinear map using known weakness of the NTRU problem [20].…”

Matrix PRFs: Constructions, Attacks, and Applications to Obfuscation

“…[26]), however, there is only one actual attack [17] in such class for GGH15-based obfuscation so far, which only exploits several input-consistent evaluations as well in the first phase to extract the information to run mixed-input attack. Some attack that indeed use the mixed-inputs for other multilinear maps [25,24], but the first step either uses the valid inputs [40] or decodes the multilinear map using known weakness of the NTRU problem [20].…”

Matrix PRFs: Constructions, Attacks, and Applications to Obfuscation

The MMap Strikes Back: Obfuscation and New Multilinear Maps Immune to CLT13 Zeroizing Attacks

Return of GGH15: Provable Security Against Zeroizing Attacks