CryptoDB
Zeroizing Attacks against Evasive and Circular Evasive LWE
Authors: |
|
---|---|
Download: | |
Conference: | TCC 2025 |
Abstract: | We develop new attacks against the Evasive LWE family of assumptions, in both the public and private-coin regime. To the best of our knowledge, ours are the "first" attacks against Evasive LWE in the "public-coin" regime, for any instantiation from the family. Our attacks are summarized below. Public-Coin Attacks. 1. The recent work by Hseih, Lin and Luo [HLL23] constructed the first Attribute Based Encryption (ABE) for unbounded depth circuits by relying on the ``circular'' evasive LWE assumption. This assumption has been popularly considered as a safe, public-coin instance of Evasive LWE in contrast to its ``private-coin'' cousins (for instance, see [CW25, DJM+25a]). We provide the first attack against this assumption, challenging the widely held belief that this is a public-coin assumption. 2. We demonstrate a counter-example against vanilla public-coin evasive LWE by Wee [Wee22] in an unnatural parameter regime. Our attack crucially relies on the error in the pre-condition being larger than the error in the post-condition, necessitating a refinement of the assumption. Private-Coin Attacks. 1. The recent work by Agrawal, Kumari and Yamada [AKY24a] constructed the first functional encryption scheme for pseudorandom functionalities (PRFE) and extended this to obfuscation for pseudorandom functionalities (PRIO) [AKY24c] by relying on private-coin evasive LWE. We provide a new attack against the assumption stated in the first posting of their work (subsequently refined to avoid these attacks). 2. The recent work by Branco et al. [BDJ+24] (concurrently to [AKY24c]) provides a construction of obfuscation for pseudorandom functionalities by relying on private-coin evasive LWE. We provide a new attack against their stated assumption. 3. Branco et al. [BDJ+24] showed that there exist contrived, ``self-referential'' classes of pseudorandom functionalities for which pseudorandom obfuscation cannot exist. We extend their techniques to develop an analogous result for pseudorandom functional encryption. While Evasive LWE was developed to specifically avoid ``zeroizing attacks'', our work shows that in certain settings, such attacks can still apply. |
BibTeX
@inproceedings{tcc-2025-36278, title={Zeroizing Attacks against Evasive and Circular Evasive LWE}, publisher={Springer-Verlag}, author={Shweta Agrawal and Anuja Modi and Anshu Yadav and Shota Yamada}, year=2025 }