Generalized Hardness Assumption for Self-bilinear Map with Auxiliary Information

Abstract

A self-bilinear map SBM is a bilinear map where source and target groups are identical. An SBM naturally yields a multilinear map, which has numerous applications in cryptography. In spite of its usefulness, there is known a strong negative result on the existence of an ideal SBM. On the other hand, Yamakawa et al. CRYPTO'14 introduced the notion of a self-bilinear map with auxiliary information AI-SBM, which is a weaker variant of SBM and constructed it based on the factoring assumption and an indistinguishability obfuscation $$i\mathcal {O}$$. In their work, they proved that their AI-SBM satisfies the Auxiliary Information Multilinear Computational Diffie-Hellman AI-MCDH assumption, which is a natural analogue of the Multilinear Computational Diffie-Hellman MCDH assumption w.r.t. multilinear maps. Then they show that they can replace multilinear maps with AI-SBMs in some multilinear-map-based primitives that is proven secure under the MCDH assumption. In this work, we further investigate what hardness assumptions hold w.r.t. their AI-SBM. Specifically, we introduce a new hardness assumption called the Auxiliary Information Generalized Multilinear Diffie-Hellman AI-GMDH assumption. The AI-GMDH is parameterized by some parameters and thus can be seen as a family of hardness assumptions. We give a sufficient condition of parameters for which the AI-GMDH assumption holds under the same assumption as in the previous work. Based on this result, we can easily prove the AI-SBM satisfies certain hardness assumptions including not only the AI-GMDH assumption but also more complicated assumptions. This enable us to convert a multilinear-map-based primitive that is proven secure under a complicated hardness assumption to AI-SBP-based and thus the factoring and $$i\mathcal {O}$$-based one. As an example, we convert Catalano et al.'s multilinear-map-based homomorphic signatures CRYPTO'14 to AI-SBP-based ones.