14 research outputs found
Length-Based Attacks for Certain Group Based Encryption Rewriting Systems
In this note, we describe a probabilistic attack on public key cryptosystems
based on the word/conjugacy problems for finitely presented groups of the type
proposed recently by Anshel, Anshel and Goldfeld. In such a scheme, one makes
use of the property that in the given group the word problem has a polynomial
time solution, while the conjugacy problem has no known polynomial solution. An
example is the braid group from topology in which the word problem is solvable
in polynomial time while the only known solutions to the conjugacy problem are
exponential. The attack in this paper is based on having a canonical
representative of each string relative to which a length function may be
computed. Hence the term length attack. Such canonical representatives are
known to exist for the braid group
Assessing security of some group based cryptosystems
One of the possible generalizations of the discrete logarithm problem to
arbitrary groups is the so-called conjugacy search problem (sometimes
erroneously called just the conjugacy problem): given two elements a, b of a
group G and the information that a^x=b for some x \in G, find at least one
particular element x like that. Here a^x stands for xax^{-1}. The computational
difficulty of this problem in some particular groups has been used in several
group based cryptosystems. Recently, a few preprints have been in circulation
that suggested various "neighbourhood search" type heuristic attacks on the
conjugacy search problem. The goal of the present survey is to stress a
(probably well known) fact that these heuristic attacks alone are not a threat
to the security of a cryptosystem, and, more importantly, to suggest a more
credible approach to assessing security of group based cryptosystems. Such an
approach should be necessarily based on the concept of the average case
complexity (or expected running time) of an algorithm.
These arguments support the following conclusion: although it is generally
feasible to base the security of a cryptosystem on the difficulty of the
conjugacy search problem, the group G itself (the "platform") has to be chosen
very carefully. In particular, experimental as well as theoretical evidence
collected so far makes it appear likely that braid groups are not a good choice
for the platform. We also reflect on possible replacements.Comment: 10 page
Group theory in cryptography
This paper is a guide for the pure mathematician who would like to know more
about cryptography based on group theory. The paper gives a brief overview of
the subject, and provides pointers to good textbooks, key research papers and
recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor
typographical changes. To appear in Proceedings of Groups St Andrews 2009 in
Bath, U
Towards Generating Secure Keys for Braid Cryptography
Braid cryptosystem was proposed in CRYPTO 2000 as an alternate
public-key cryptosystem. The security of this system is based upon
the conjugacy problem in braid groups. Since then, there have been
several attempts to break the braid cryptosystem by solving the
conjugacy problem in braid groups. In this paper, we first survey
all the major attacks on the braid cryptosystem and conclude that
the attacks were successful because the current ways of random key
generation almost always result in weaker instances of the conjugacy
problem. We then propose several alternate ways of generating hard
instances of the conjugacy problem for use braid cryptography
A New Key Agreement Scheme Based on the Triple Decomposition Problem
Abstract A new key agreement scheme based on the triple decomposition problem over non-commutative platforms is presented. A realization of the new scheme over braid groups is provided and the strengths of it over earlier systems that rely on similar decomposition problems are discussed. The new scheme improves over the earlier systems over braid groups by countering the linear algebra and length based attacks to the decomposition problem in braid groups
Groups With Two Generators Having Unsolvable Word Problem And Presentations of Mihailova Subgroups
A presentation of a group with two generators having unsolvable word problem and an explicit countable presentation of Mihailova subgroup of F_2×F_2 with finite number of generators are given. Where Mihailova subgroup of F_2×F_2 enjoys the unsolvable subgroup membership problem.One then can use the presentation to create entities\u27 private key in a public key cryptsystem
Double shielded Public Key Cryptosystems
By introducing extra shields on Shpilrain and Ushakov\u27s Ko-Lee-like protocol based on the decomposition problem of group elements we propose two new key exchange schemes and then a number of public key cryptographic protocols. We show that these protocols are free of known attacks. Particularly,if the entities taking part in our protocols create their private keys composed by the generators of the Mihailova subgroups of Bn, we show that the safety of our protocols are very highly guarantied by the insolvability of subgroup membership problem of the Mihailova subgroups
A Practical Cryptanalysis of WalnutDSA
We present a practical cryptanalysis of WalnutDSA, a digital signature algorithm trademarked by SecureRF. WalnutDSA uses techniques from permutation groups, matrix groups and braid groups, and is designed to provide post-quantum security in lightweight IoT device contexts. The attack given in this paper bypasses the E-MultiplicationTM and cloaked conjugacy search problems at the heart of the algorithm and forges signatures for arbitrary messages in approximately two minutes. We also discuss potential countermeasures to the attack.</p