On an authentication scheme based on the Root Problem in the braid group

Lal and Chaturvedi proposed two authentication schemes based on the difficulty of the Root Problem in the braid group. We point out that the first scheme is not really as secure as the Root Problem, and describe an efficient way to crack it. The attack works for any group.Comment: This paper has been withdrawn by the author. One of the claims is incorrect as written. We are working on correcting and generalizing it. This will be published in another pape

Group theory in cryptography

This paper is a guide for the pure mathematician who would like to know more about cryptography based on group theory. The paper gives a brief overview of the subject, and provides pointers to good textbooks, key research papers and recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor typographical changes. To appear in Proceedings of Groups St Andrews 2009 in Bath, U

Combinatorial group theory and public key cryptography

After some excitement generated by recently suggested public key exchange protocols due to Anshel-Anshel-Goldfeld and Ko-Lee et al., it is a prevalent opinion now that the conjugacy search problem is unlikely to provide sufficient level of security if a braid group is used as the platform. In this paper we address the following questions: (1) whether choosing a different group, or a class of groups, can remedy the situation; (2) whether some other "hard" problem from combinatorial group theory can be used, instead of the conjugacy search problem, in a public key exchange protocol. Another question that we address here, although somewhat vague, is likely to become a focus of the future research in public key cryptography based on symbolic computation: (3) whether one can efficiently disguise an element of a given group (or a semigroup) by using defining relations.Comment: 12 page

Short expressions of permutations as products and cryptanalysis of the Algebraic Eraser

On March 2004, Anshel, Anshel, Goldfeld, and Lemieux introduced the \emph{Algebraic Eraser} scheme for key agreement over an insecure channel, using a novel hybrid of infinite and finite noncommutative groups. They also introduced the \emph{Colored Burau Key Agreement Protocol (CBKAP)}, a concrete realization of this scheme. We present general, efficient heuristic algorithms, which extract the shared key out of the public information provided by CBKAP. These algorithms are, according to heuristic reasoning and according to massive experiments, successful for all sizes of the security parameters, assuming that the keys are chosen with standard distributions. Our methods come from probabilistic group theory (permutation group actions and expander graphs). In particular, we provide a simple algorithm for finding short expressions of permutations in $S_n$, as products of given random permutations. Heuristically, our algorithm gives expressions of length $O(n^2\log n)$, in time and space $O(n^3)$. Moreover, this is provable from \emph{the Minimal Cycle Conjecture}, a simply stated hypothesis concerning the uniform distribution on $S_n$. Experiments show that the constants in these estimations are small. This is the first practical algorithm for this problem for $n\ge 256$. Remark: \emph{Algebraic Eraser} is a trademark of SecureRF. The variant of CBKAP actually implemented by SecureRF uses proprietary distributions, and thus our results do not imply its vulnerability. See also arXiv:abs/12020598Comment: Final version, accepted to Advances in Applied Mathematics. Title slightly change

Iterated LD-Problem in non-associative key establishment

We construct new non-associative key establishment protocols for all left self-distributive (LD), multi-LD-, and mutual LD-systems. The hardness of these protocols relies on variations of the (simultaneous) iterated LD-problem and its generalizations. We discuss instantiations of these protocols using generalized shifted conjugacy in braid groups and their quotients, LD-conjugacy and $f$-symmetric conjugacy in groups. We suggest parameter choices for instantiations in braid groups, symmetric groups and several matrix groups.Comment: 30 pages, 5 figures. arXiv admin note: substantial text overlap with arXiv:1305.440

The conjugacy problem and related problems in lattice-ordered groups

We study, from a constructive computational point of view, the techniques used to solve the conjugacy problem in the "generic" lattice-ordered group Aut(R) of order automorphisms of the real line. We use these techniques in order to show that for each choice of parameters f,g in Aut(R), the equation xfx=g is effectively solvable in Aut(R).Comment: Small update