# Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem

@inproceedings{Cheon2018CryptanalysesOB, title={Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem}, author={Jung Hee Cheon and Minki Hhan and Jiseung Kim and Changmin Lee}, booktitle={CRYPTO}, year={2018} }

In this paper, we propose cryptanalyses of all existing indistinguishability obfuscation (iO) candidates based on branching programs (BP) over GGH13 multilinear map for all recommended parameter settings. To achieve this, we introduce two novel techniques, program converting using NTRU-solver and matrix zeroizing, which can be applied to a wide range of obfuscation constructions and BPs compared to previous attacks. We then prove that, for the suggested parameters, the existing general-purpose…

## 8 Citations

### The MMap Strikes Back: Obfuscation and New Multilinear Maps Immune to CLT13 Zeroizing Attacks

- Mathematics, Computer ScienceTCC
- 2018

A new construction of polynomial-degree multilinear maps is provided and it is shown that this scheme is provably immune to zeroizing attacks under a strengthening of the Branching Program Un-Annihilatability Assumption.

### Cryptanalysis on the HHSS Obfuscation Arising From Absence of Safeguards

- Computer Science, MathematicsIEEE Access
- 2018

This paper shows that there exist two functionally equivalent branching programs but obfuscated programs are actually distinguishable, and implies that HHSS obfuscation fails to achieve a general purpose of <inline-formula> <tex-math notation="LaTeX">$iO$ </tex-Math></inline- formula> security.

### Statistical Zeroizing Attack: Cryptanalysis of Candidates of BP Obfuscation over GGH15 Multilinear Map

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

This work presents a new cryptanalytic algorithm on obfuscations based on GGH15 multilinear map that directly distinguishes two distributions from obfuscation while it follows the zeroizing attack paradigm, that is, it uses evaluations of zeros of obfuscated programs.

### Indistinguishability Obfuscation Without Maps: Attacks and Fixes for Noisy Linear FE

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2020

Recent times have seen exciting progress in the construction of indistinguishability obfuscation from bilinear maps (along with other assumptions) [2, 7, 33, 38].

### (In)security of concrete instantiation of Lin17's functional encryption scheme from noisy multilinear maps

- Computer Science, MathematicsDes. Codes Cryptogr.
- 2021

This paper presents a polynomial time attack of the Lin's FE when it is instantiated by well-known candidates of noisy multilinear maps and captures Lin’s FE for arbitrary degree polynomials instantiation by GGH13 and CLT13.

### Matrix PRFs: Constructions, Attacks, and Applications to Obfuscation

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work begins a systematic study of pseudorandom functions (PRFs) that are computable by simple matrix branching programs, and refers to these objects as “matrix PRFs”.

### On ideal lattices and the GGH13 multilinear map. (Réseaux idéaux et fonction multilinéaire GGH13)

- Computer Science, Mathematics
- 2019

An algorithm which, after some exponential pre-computation, performs better on ideal lattices than the best known algorithm for arbitrary lattices and an algorithm to find short vectors in rank 2 modules, provided that it has access to some oracle solving the closest vector problem in a fixed lattice.

### A New Variant of the Winternitz One Time Signature Scheme Based on Graded Encoding Schemes

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

This work introduces WOTS, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated, which significantly reduces the number of required operations needed to calculate the algorithms of WOTS.

## References

SHOWING 1-10 OF 32 REFERENCES

### Cryptanalysis of Indistinguishability Obfuscations of Circuits over GGH13

- Mathematics, Computer ScienceICALP
- 2016

This work provides a general efficiently-testable property for two single-input branching programs, called partial inequivalence, which it is shown is sufficient for the variant of annihilation attacks on several obfuscation constructions based on GGH13 multilinear maps.

### Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13

- Computer Science, MathematicsCRYPTO
- 2016

Using annihilation attacks, this work gives the first polynomial-time cryptanalysis of candidate iO schemes over GGH13, and exhibits two simple programs that are functionally equivalent, and shows how to efficiently distinguish between the obfuscations of these two programs.

### Post-zeroizing Obfuscation: New Mathematical Tools, and the Case of Evasive Circuits

- Computer Science, MathematicsEUROCRYPT
- 2016

The obfuscator survives all known attacks on the underlying multilinear maps, by proving that no top-level encodings of 0 can be created by a generic-model adversary, and a key new mathematical tool is obtained to analyze security in a post-zeroizing world.

### Protecting Obfuscation against Algebraic Attacks

- Computer Science, MathematicsEUROCRYPT
- 2013

A simplified variant of this compiler is described, and it is proved that it is a virtual black box obfuscator in a generic multilinear map model under the learning with errors (LWE) hardness assumption.

### Secure Obfuscation in a Weak Multilinear Map Model

- Mathematics, Computer ScienceTCC
- 2016

A new iO candidate is given which can be seen as a small modification or generalization of the original candidate of Garg, Gentry, Halevi, Raykova, Sahai, and Waters FOCS'13, and its security is proved in the weak multilinear map model, thus giving the first iO candidates that is provably secure against all known polynomial-time attacks on GGH13.

### How to Obfuscate Programs Directly

- Computer Science, MathematicsEUROCRYPT
- 2015

The construction operates directly on straight-line programs (arithmetic circuits), rather than converting them to matrix branching programs as in other known approaches, and proves virtual black-box security for the construction in a generic model of multilinear maps of hidden composite order.

### Obfuscating Low-Rank Matrix Branching Programs

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2014

This work builds the first core obfuscator that can apply to matrix branching programs where matrices can be of arbitrary rank, and proves security of the obfuscator in the generic multilinear model, demonstrating a new proof technique that bypasses Kilian’s statistical simulation theorem.

### Protecting obfuscation against arithmetic attacks

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2014

This work proposes and analyzes another variant of the Garg et al. obfuscator in a setting that imposes fewer restrictions on the adversary, which it is called the arithmetic setting, and shows that VBB security can be achieved under a complexity-theoretic assumption related to the ETH.

### The MMap Strikes Back: Obfuscation and New Multilinear Maps Immune to CLT13 Zeroizing Attacks

- Mathematics, Computer ScienceTCC
- 2018

A new construction of polynomial-degree multilinear maps is provided and it is shown that this scheme is provably immune to zeroizing attacks under a strengthening of the Branching Program Un-Annihilatability Assumption.

### Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding

- Computer Science, MathematicsTCC
- 2014

It is proved that the obfuscator exposes no more information than the program’s black- box functionality, and achieves virtual black-box security, in the generic graded encoded scheme model.