Multilinear maps have lots of cryptographic applications including multipartite key exchange and indistinguishability obfuscations. Since the concept of multilinear map was suggested, three kinds of candidate multilinear maps are constructed. However, the security of multilinear maps suffers from various attacks. In this paper, we overview suggested multilinear maps and cryptanalysis of them in diverse cases.

Secure computation of the set intersection functionality allows n parties to find the intersection between their datasets without revealing anything else about them. An efficient protocol for such a task could have multiple potential applications in commerce, health care, and security. However, all currently known secure set intersection protocols for n > 2 parties have computational costs that are quadratic in the (maximum) number of entries in the dataset contributed by each party, making secure computation of the set intersection only practical for small datasets. In this paper, we describe the first multi-party protocol for securely computing the set intersection functionality with both the communication and the computation costs that are quasi-linear in the size of the datasets. For a fixed security parameter, our protocols require O(n2k) bits of communication and Õ(n2k) group multiplications per player in the malicious adversary setting, where k is the size of each dataset. Our protocol follows the basic idea of the protocol proposed by Kissner and Song, but we gain efficiency by using different representations of the polynomials associated with users' datasets and careful employment of algorithms that interpolate or evaluate polynomials on multiple points more efficiently. Moreover, the proposed protocol is robust. This means that the protocol outputs the desired result even if some corrupted players leave during the execution of the protocol.

We develop several tools to derive quadratic equations from algebraic S-boxes and to prove their linear independence. By applying them to all known almost perfect nonlinear (APN) power functions and the inverse function, we can estimate the resistance against algebraic attacks. As a result, we can show that APN functions have different resistance against algebraic attacks, and especially S-boxes with Gold or Kasami exponents have very weak resistance.