Abstract
We provide constructions of multilinear groups equipped with natural hard problems from indistinguishability obfuscation, homomorphic encryption, and NIZKs. This complements known results on the constructions of indistinguishability obfuscators from multilinear maps in the reverse direction. We provide two distinct, but closely related constructions and show that multilinear analogues of the {text {DDH}} assumption hold for them. Our first construction is symmetric and comes with a kappa -linear map mathbf{e }: {{mathbb {G}}}^kappa longrightarrow {mathbb {G}}_T for prime-order groups {mathbb {G}} and {mathbb {G}}_T. To establish the hardness of the kappa -linear {text {DDH}} problem, we rely on the existence of a base group for which the kappa -strong {text {DDH}} assumption holds. Our second construction is for the asymmetric setting, where mathbf{e }: {mathbb {G}}_1 times cdots times {mathbb {G}}_{kappa } longrightarrow {mathbb {G}}_T for a collection of kappa +1 prime-order groups {mathbb {G}}_i and {mathbb {G}}_T, and relies only on the 1-strong {text {DDH}} assumption in its base group. In both constructions, the linearity kappa can be set to any arbitrary but a priori fixed polynomial value in the security parameter. We rely on a number of powerful tools in our constructions: probabilistic indistinguishability obfuscation, dual-mode NIZK proof systems (with perfect soundness, witness-indistinguishability, and zero knowledge), and additively homomorphic encryption for the group mathbb {Z}_N^{+}. At a high level, we enable “bootstrapping” multilinear assumptions from their simpler counterparts in standard cryptographic groups and show the equivalence of PIO and multilinear maps under the existence of the aforementioned primitives.
Highlights
Our main contribution is a construction of multilinear maps for groups of prime order equipped with natural hard problems, using indistinguishability obfuscation (IO) in combination with other tools, namely non-interactive zero-knowledge (NIZK) proofs, homomorphic encryption, and a base group G0 satisfying a mild cryptographic assumption
This complements known results in the reverse direction, showing that various forms of indistinguishability obfuscation can be constructed from multilinear maps [17,24,45]
We formally introduce what we mean by a multilinear group (MLG) scheme
Summary
Our main contribution is a construction of multilinear maps for groups of prime order equipped with natural hard problems, using indistinguishability obfuscation (IO) in combination with other tools, namely NIZK proofs, homomorphic encryption, and a base group G0 satisfying a mild cryptographic assumption. Our other construction is for the asymmetric setting; that is, for multilinear maps e : G1 × · · · × Gκ −→ GT for a collection of κ groups Gi and GT all of prime order N It uses a base group G0 in which we require only that the 1-SDDH assumption holds. It is an important open problem arising from our work to weaken the requirements on, or remove altogether, these additional tools
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.