Generic-case complexity, decision problems in group theory and random walks

We give a precise definition of ``generic-case complexity'' and show that for a very large class of finitely generated groups the classical decision problems of group theory - the word, conjugacy and membership problems - all have linear-time generic-case complexity. We prove such theorems by using the theory of random walks on regular graphs.Comment: Revised versio

Assessing security of some group based cryptosystems

One of the possible generalizations of the discrete logarithm problem to arbitrary groups is the so-called conjugacy search problem (sometimes erroneously called just the conjugacy problem): given two elements a, b of a group G and the information that a^x=b for some x \in G, find at least one particular element x like that. Here a^x stands for xax^{-1}. The computational difficulty of this problem in some particular groups has been used in several group based cryptosystems. Recently, a few preprints have been in circulation that suggested various "neighbourhood search" type heuristic attacks on the conjugacy search problem. The goal of the present survey is to stress a (probably well known) fact that these heuristic attacks alone are not a threat to the security of a cryptosystem, and, more importantly, to suggest a more credible approach to assessing security of group based cryptosystems. Such an approach should be necessarily based on the concept of the average case complexity (or expected running time) of an algorithm. These arguments support the following conclusion: although it is generally feasible to base the security of a cryptosystem on the difficulty of the conjugacy search problem, the group G itself (the "platform") has to be chosen very carefully. In particular, experimental as well as theoretical evidence collected so far makes it appear likely that braid groups are not a good choice for the platform. We also reflect on possible replacements.Comment: 10 page

Parallel Algorithm and Dynamic Exponent for Diffusion-limited Aggregation

A parallel algorithm for ``diffusion-limited aggregation'' (DLA) is described and analyzed from the perspective of computational complexity. The dynamic exponent z of the algorithm is defined with respect to the probabilistic parallel random-access machine (PRAM) model of parallel computation according to $T \sim L^{z}$, where L is the cluster size, T is the running time, and the algorithm uses a number of processors polynomial in L\@. It is argued that z=D-D_2/2, where D is the fractal dimension and D_2 is the second generalized dimension. Simulations of DLA are carried out to measure D_2 and to test scaling assumptions employed in the complexity analysis of the parallel algorithm. It is plausible that the parallel algorithm attains the minimum possible value of the dynamic exponent in which case z characterizes the intrinsic history dependence of DLA.Comment: 24 pages Revtex and 2 figures. A major improvement to the algorithm and smaller dynamic exponent in this versio

Secret Sharing Based on a Hard-on-Average Problem

The main goal of this work is to propose the design of secret sharing schemes based on hard-on-average problems. It includes the description of a new multiparty protocol whose main application is key management in networks. Its unconditionally perfect security relies on a discrete mathematics problem classiffied as DistNP-Complete under the average-case analysis, the so-called Distributional Matrix Representability Problem. Thanks to the use of the search version of the mentioned decision problem, the security of the proposed scheme is guaranteed. Although several secret sharing schemes connected with combinatorial structures may be found in the bibliography, the main contribution of this work is the proposal of a new secret sharing scheme based on a hard-on-average problem, which allows to enlarge the set of tools for designing more secure cryptographic applications