Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem

@inproceedings{Cheon2018CryptanalysesOB,
  title={Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem},
  author={Jung Hee Cheon and Minki Hhan and Jiseung Kim and Changmin Lee},
  booktitle={CRYPTO},
  year={2018}
}
In this paper, we propose cryptanalyses of all existing indistinguishability obfuscation (iO) candidates based on branching programs (BP) over GGH13 multilinear map for all recommended parameter settings. To achieve this, we introduce two novel techniques, program converting using NTRU-solver and matrix zeroizing, which can be applied to a wide range of obfuscation constructions and BPs compared to previous attacks. We then prove that, for the suggested parameters, the existing general-purpose… 
Cryptanalysis on the HHSS Obfuscation Arising From Absence of Safeguards
TLDR
This paper shows that there exist two functionally equivalent branching programs but obfuscated programs are actually distinguishable, and implies that HHSS obfuscation fails to achieve a general purpose of <inline-formula> <tex-math notation="LaTeX">$iO$ </tex-Math></inline- formula> security.
Indistinguishability Obfuscation Without Maps: Attacks and Fixes for Noisy Linear FE
TLDR
Recent times have seen exciting progress in the construction of indistinguishability obfuscation from bilinear maps (along with other assumptions) [2, 7, 33, 38].
(In)security of concrete instantiation of Lin17's functional encryption scheme from noisy multilinear maps
TLDR
This paper presents a polynomial time attack of the Lin's FE when it is instantiated by well-known candidates of noisy multilinear maps and captures Lin’s FE for arbitrary degree polynomials instantiation by GGH13 and CLT13.
On ideal lattices and the GGH13 multilinear map. (Réseaux idéaux et fonction multilinéaire GGH13)
TLDR
An algorithm which, after some exponential pre-computation, performs better on ideal lattices than the best known algorithm for arbitrary lattices and an algorithm to find short vectors in rank 2 modules, provided that it has access to some oracle solving the closest vector problem in a fixed lattice.
A New Variant of the Winternitz One Time Signature Scheme Based on Graded Encoding Schemes
TLDR
This work introduces WOTS, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated, which significantly reduces the number of required operations needed to calculate the algorithms of WOTS.
Matrix PRFs: Constructions, Attacks, and Applications to Obfuscation
TLDR
This work begins a systematic study of pseudorandom functions (PRFs) that are computable by simple matrix branching programs, and refers to these objects as “matrix PRFs”.
Statistical Zeroizing Attack: Cryptanalysis of Candidates of BP Obfuscation over GGH15 Multilinear Map
TLDR
This work presents a new cryptanalytic algorithm on obfuscations based on GGH15 multilinear map that directly distinguishes two distributions from obfuscation while it follows the zeroizing attack paradigm, that is, it uses evaluations of zeros of obfuscated programs.
The MMap Strikes Back: Obfuscation and New Multilinear Maps Immune to CLT13 Zeroizing Attacks
TLDR
A new construction of polynomial-degree multilinear maps is provided and it is shown that this scheme is provably immune to zeroizing attacks under a strengthening of the Branching Program Un-Annihilatability Assumption.

References

SHOWING 1-10 OF 32 REFERENCES
Cryptanalysis of Indistinguishability Obfuscations of Circuits over GGH13
TLDR
This work provides a general efficiently-testable property for two single-input branching programs, called partial inequivalence, which it is shown is sufficient for the variant of annihilation attacks on several obfuscation constructions based on GGH13 multilinear maps.
Cryptanalyses of Candidate Branching Program Obfuscators
We describe new cryptanalytic attacks on the candidate branching program obfuscator proposed by Garg, Gentry, Halevi, Raykova, Sahai and Waters (GGHRSW) using the GGH13 graded encoding, and its
Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits
TLDR
The obfuscator survives all known attacks on the underlying multilinear maps, by proving that no top-level encodings of 0 can be created by a generic-model adversary, and a key new mathematical tool is obtained to analyze security in a post-zeroizing world.
Protecting Obfuscation against Algebraic Attacks
TLDR
A simplified variant of this compiler is described, and it is proved that it is a virtual black box obfuscator in a generic multilinear map model under the learning with errors (LWE) hardness assumption.
Secure Obfuscation in a Weak Multilinear Map Model
TLDR
A new iO candidate is given which can be seen as a small modification or generalization of the original candidate of Garg, Gentry, Halevi, Raykova, Sahai, and Waters FOCS'13, and its security is proved in the weak multilinear map model, thus giving the first iO candidates that is provably secure against all known polynomial-time attacks on GGH13.
Obfuscating Low-Rank Matrix Branching Programs
TLDR
This work builds the first core obfuscator that can apply to matrix branching programs where matrices can be of arbitrary rank, and proves security of the obfuscator in the generic multilinear model, demonstrating a new proof technique that bypasses Kilian’s statistical simulation theorem.
Protecting obfuscation against arithmetic attacks
TLDR
This work proposes and analyzes another variant of the Garg et al. obfuscator in a setting that imposes fewer restrictions on the adversary, which it is called the arithmetic setting, and shows that VBB security can be achieved under a complexity-theoretic assumption related to the ETH.
Optimizing Obfuscation: Avoiding Barrington's Theorem
TLDR
This work seeks to optimize the efficiency of secure general-purpose obfuscation schemes by generalizing the class of branching programs that can be directly obfuscated, and achieves a simple simulation of formulas by branching programs while avoiding the use of Barrington's theorem.
Obfuscating Circuits via Composite-Order Graded Encoding
TLDR
This work presents a candidate obfuscator based on composite-order Graded Encoding Schemes (GES), which are a generalization of multilinear maps, which improves upon previous constructions whose complexity was related to the formula or branching program size.
Indistinguishability Obfuscation from Semantically-Secure Multilinear Encodings
TLDR
A notion of semantic security of multilinear encoding schemes, which stipulates security of a class of algebraic “decisional” assumptions, is defined and the existence of indistinguishability obfuscators for all polynomial-size circuits is demonstrated.
...
...