An improvement of cryptographic schemes based on the conjugacy search problem

The key exchange protocol is a method of securely sharing cryptographic keys over a public channel. It is considered as important part of cryptographic mechanism to protect secure communications between two parties. The Diffie — Hellman protocol, based on the discrete logarithm problem, which is generally difficult to solve, is the most well-known key exchange protocol. One of the possible generalizations of the discrete logarithm problem to arbitrary noncommutative groups is the so-called conjugacy search problem: given two elements g,h of a group G and the information that = h for some x G G, find at least one particular element x like that. Here gx stands for x-1gx. This problem is in the core of several known public key exchange protocols, most notably the one due to Anshel et al. and the other due to Ko et al. In recent years, effective algebraic cryptanalysis methods have been developed that have shown the vulnerability of protocols of this type. The main purpose of this short note is to describe a new tool to improve protocols based on the conjugacy search problem. This tool has been introduced by the author in some recent papers. It is based on a new mathematical concept of a marginal set

Эффективные методы алгебраического криптоанализа и защита от них

Работа состоит из двух частей. В первой части даётся представление авторских методов криптографического анализа алгоритмов алгебраической криптографии. Описываются основные элементы метода линейного разложения. Приводятся примеры его использования для эффективных атак на известные алгоритмы. Даётся представление об альтернативном подходе Б. Тсабана, также базирующемся на линейной алгебре и некоторых теоретико-вероятностных результатах. Кроме этого, приводится описание основных элементов метода нелинейного разложения с соответствующими примерами его применения. Вторая часть посвящена построению эффективных методов защиты от атак, использующих средства линейной алгебры. Для этого вводится новое понятие маргинального множества элементов группы относительно данного слова от порождающих элементов. Показывается, как использование маргинальных множеств позволяет уходить от проблемы нахождения сопрягающего элемента, лежащей в основе многих алгоритмов алгебраической криптографии, к значительно более сложной проблеме вхождения- сопряжённости

A cryptographic application of the Thurston norm

We discuss some applications of 3-manifold topology to cryptography. In particular, we propose a public-key and a symmetric-key cryptographic scheme based on the Thurston norm on the first cohomology of hyperbolic manifolds

On effective computations in special subsemigroups of polynomial transformations and protocol based multivariate cryptosystems

Large semigroups and groups of transformations of finite affine space of dimension n with the option of computability of the composition of n arbitrarily chosen elements in polynomial time are described in the paper. Constructions of such families are given together with effectively computed homomorphisms between members of the family. These algebraic platforms allow us to define protocols for several generators of subsemigroup of affine Cremona semigroups with several outputs. Security of these protocols rests on the complexity of the word decomposition problem, It allows to introduce algebraic protocols expanded to cryptosystems of El Gamal type which are not a public key system. In particular symbiotic combination of these protocol of Noncommutative cryptography with one time pad encryption is given. Some of these nonclassical multivariate cryptosystems are implemented with platforms of cubical transformations

On the cryptosystems based on two Eulerian transfor-mations defined over the commutative rings Z2s,s>1Z_{2^s}, s>1.

We suggest the family of ciphers s^E^n, n=2,3,.... with the space of plaintexts (Z*_{2^s})^n, s >1 such that the encryption map is the composition of kind G=G_1A_1G_2A_2 where A_i are the affine transformations from AGL_n(Z_{2^s}) preserving the variety (Z*_{2^s)}^n , Eulerian endomorphism G_i , i=1,2 of K[x_1, x_2,...., x_n] moves x_i to monomial term ϻ(x_1)^{d(1)}(x_2)^{d(2)}...(x_n)^{d(n)} , ϻϵ Z*_{2^s} and act on (Z*_{2^s})^n as bijective transformations. The cipher is converted to a protocol supported cryptosystem. Protocols of Noncommutative Cryptography implemented on the platform of Eulerian endomorphism are used for the delivery of G_i and A_i from Alice to Bob. One can use twisted Diffie-Hellman protocols which security rests on the complexity of Conjugacy Power problem or hidden tame homomorphism protocol which security rests of the word decomposition problem. Instead of the delivery of G_i Alice and Bob can elaborate these transformations via the inverse twisted Diffie-Hellman protocol implemented on the platform of tame Eulerian transformations of (Z*_{2^s})^n. The cost of single protocol is O(n^3) and the cost of the computation of the reimage of used nonlinear map is O(n^2). So the verification of n^t , t≥1 signatures takes time O(n^{t+2}). Instead of inverse twisted Diffie-Hellman protocol correspondents can use inverse hidden tame homomorphism protocol which rests on the complexity of word decomposition for tame Eulerian transformations. We use natural bijections between Z*_{2^s} and Z_{2^{s-1}}, Z*_{2^s} and finite field F_{2^{s-1}} and Z*_{2^s} and Boolean ring B_{s-1} of order 2^{s-1} to modify the family of ciphers or cryptosystems via the change of AGL_n(Z_{2^s}) for the AGL_n(K), where K is one of the rings Z_{2^{s-1}, F_{2^{s-1} and B_{s-1}. New ciphers are defined via the multiplications of two different commutative rings Z_{2^s} and K. It does not allow to treat them as stream ciphers of multivariate cryptography and use corresponding cryptanalytic technique. Adversary is not able to use known cryptanalytical methods such as linearisation attacks. We discuss the option of change the mentioned above elements of AGL_n(Z_{2^s) or AGL_n(K) for nonlinear multivariate transformation F of (Z_{2^s})^n or K^n with the symmetric trapdoor accelerator T, i.e. the piece of information such that the knowledge of T allows to compute the value F(p) in arbitrarily chosen p ϵ P in time O(n^2) and to solve the equation of kind F(x)=c for each c from C in time O(n ^2)

On Extremal Expanding Algebraic Graphs and post-quantum secure delivery of passwords, encryption maps and tools for multivariate digital signatures.

Expanding graphs are known due to their remarkable applications to Computer Science. We are looking for their applications to Post Quantum Cryptography. One of them is postquantum analog of Diffie-Hellman protocol in the area of intersection of Noncommutative and Multivariate Cryptographies .This graph based protocol allows correspondents to elaborate collision cubic transformations of affine space Kn defined over finite commutative ring K. Security of this protocol rests on the complexity of decomposition problem of nonlinear polynomial map into given generators. We show that expanding graphs allow to use such output as a ‘’seed’’ for secure construction of infinite sequence of cubic transformation of affine spaces of increasing dimension. Correspondents can use the sequence of maps for extracting passwords for one time pads in alphabet K and other symmetric or asymmetric algorithms. We show that cubic polynomial maps of affine spaces of prescribed dimension can be used for transition of quadratic public keys of Multivariate Cryptography into the shadow of private areas

On short digital signatures with Eulerian transformations

Let n stands for the length of digital signatures with quadratic multivariate public rule in n variables. We construct postquantum secure procedure to sign O(n^t), t ≥1 digital documents with the signature of size n in time O(n^{3+t}). It allows to sign O(n^t), t 1 documents of size n in time O(n^{t+3}), t>1. The multivariate encryption map has linear degree O(n) and density O(n^4). We discuss the idea of public key with Eulerian transformations which allows to sign O(n^t), t≥0 documents in time O(n^{t+2}). The idea of delivery and usage of several Eulerian and quadratic transformations is also discussed

On semigroups of multivariate transformations constructed in terms of time dependent linguistic graphs and solutions of Post Quantum Multivariate Cryptography.

Time dependent linguistic graphs over abelian group H are introduced. In the case $H=K*$ such bipartite graph with point set $P=H^n$ can be used for generation of Eulerian transformation of $(K*)^n$, i.e. the endomorphism of $K[x_1, x_2,… , x_n]$ sending each variable to a monomial term. Subsemigroups of such endomorphisms together with their special homomorphic images are used as platforms of cryptographic protocols of noncommutative cryptography. The security of these protocol is evaluated via complexity of hard problem of decomposition of Eulerian transformation into the product of known generators of the semigroup. Nowadays the problem is intractable one in the Postquantum setting. The symbiotic combination of such protocols with special graph based stream ciphers working with plaintext space of kind $K^m$ where $m=n^t$ for arbitrarily chosen parameter $t$ is proposed. This way we obtained a cryptosystem with encryption/decryption procedure of complexity $O(m^{1+2/t})$