Combinatorial group theory and public key cryptography

After some excitement generated by recently suggested public key exchange protocols due to Anshel-Anshel-Goldfeld and Ko-Lee et al., it is a prevalent opinion now that the conjugacy search problem is unlikely to provide sufficient level of security if a braid group is used as the platform. In this paper we address the following questions: (1) whether choosing a different group, or a class of groups, can remedy the situation; (2) whether some other "hard" problem from combinatorial group theory can be used, instead of the conjugacy search problem, in a public key exchange protocol. Another question that we address here, although somewhat vague, is likely to become a focus of the future research in public key cryptography based on symbolic computation: (3) whether one can efficiently disguise an element of a given group (or a semigroup) by using defining relations.Comment: 12 page

Using decision problems in public key cryptography

There are several public key establishment protocols as well as complete public key cryptosystems based on allegedly hard problems from combinatorial (semi)group theory known by now. Most of these problems are search problems, i.e., they are of the following nature: given a property P and the information that there are objects with the property P, find at least one particular object with the property P. So far, no cryptographic protocol based on a search problem in a non-commutative (semi)group has been recognized as secure enough to be a viable alternative to established protocols (such as RSA) based on commutative (semi)groups, although most of these protocols are more efficient than RSA is. In this paper, we suggest to use decision problems from combinatorial group theory as the core of a public key establishment protocol or a public key cryptosystem. By using a popular decision problem, the word problem, we design a cryptosystem with the following features: (1) Bob transmits to Alice an encrypted binary sequence which Alice decrypts correctly with probability "very close" to 1; (2) the adversary, Eve, who is granted arbitrarily high (but fixed) computational speed, cannot positively identify (at least, in theory), by using a "brute force attack", the "1" or "0" bits in Bob's binary sequence. In other words: no matter what computational speed we grant Eve at the outset, there is no guarantee that her "brute force attack" program will give a conclusive answer (or an answer which is correct with overwhelming probability) about any bit in Bob's sequence.Comment: 12 page

A KEY EXCHANGE PROTOCOL USING CONJUGACY PROBLEM IN THE DIVISION SEMIRINGS

In this article, we present a new key exchange protocol which works in the division semiring. We prove that the protocol meets the security of key establishment based on the conjugacy search problem and security attribute also discussed

Attacking a public key cryptosystem based on tree replacement

We point out several security flaws in the cryptosystem based on tree replacement systems proposed by Samuel, Thomas, Abisha and Subramanian at INDOCRYPT 2002. Due to the success of (among others) very simple ciphertext-only attacks, we evidence that this system does not, in its present form, offer acceptable security guarantees for cryptographic applications.Work partially supported by projects BFM2001-3239-C03-01 and BFM2001-1284

Analysis of a Group of Automorphisms of a Free Group as a Platform for Conjugacy-Based Group Cryptography

Let F be a finitely generated free group and Aut(F) its group of automorphisms. In this monograph we discuss potential uses of Aut(F) in group-based cryptography. Our main focus is on using Aut(F) as a platform group for the Anshel-Anshel-Goldfeld protocol, Ko-Lee protocol, and other protocols based on different versions of the conjugacy search problem or decomposition problem, such as Shpilrain-Ushakov protocol. We attack the Anshel-Anshel-Goldfeld and Ko-Lee protocols by adapting the existing types of the length-based attack to the specifics of Aut(F). We also present our own version of the length-based attack that significantly increases the attack\u27 success rate. After discussing attacks, we discuss the ways to make keys from Aut(F) resistant to the different versions of length-based attacks including our own

Exploring platform (semi)groups for non-commutative key-exchange protocols

In this work, my advisor Delaram Kahrobaei, our collaborator David Garber, and I explore polycyclic groups generated from number fields as platform for the AAG key-exchange protocol. This is done by implementing four different variations of the length-based attack, one of the major attacks for AAG, and submitting polycyclic groups to all four variations with a variety of tests. We note that this is the first time all four variations of the length-based attack are compared side by side. We conclude that high Hirsch length polycyclic groups generated from number fields are suitable for the AAG key-exchange protocol. Delaram Kahrobaei and I also carry out a similar strategy with the Heisenberg groups, testing them as platform for AAG with the length-based attack. We conclude that the Heisenberg groups, with the right parameters are resistant against the length-based attack. Another work in collaboration with Delaram Kahrobaei and Vladimir Shpilrain is to propose a new platform semigroup for the HKKS key-exchange protocol, that of matrices over a Galois field. We discuss the security of HKKS under this platform and advantages in computation cost. Our implementation of the HKKS key-exchange protocol with matrices over a Galois field yields fast run time