Combinatorial group theory and public key cryptography

After some excitement generated by recently suggested public key exchange protocols due to Anshel-Anshel-Goldfeld and Ko-Lee et al., it is a prevalent opinion now that the conjugacy search problem is unlikely to provide sufficient level of security if a braid group is used as the platform. In this paper we address the following questions: (1) whether choosing a different group, or a class of groups, can remedy the situation; (2) whether some other "hard" problem from combinatorial group theory can be used, instead of the conjugacy search problem, in a public key exchange protocol. Another question that we address here, although somewhat vague, is likely to become a focus of the future research in public key cryptography based on symbolic computation: (3) whether one can efficiently disguise an element of a given group (or a semigroup) by using defining relations.Comment: 12 page

Rakto apsikeitimo protokolas begalinės pusgrupės įvaizdžio lygmenyje

Matrix decomposition problem over integer ring is presented. Solving methods are discussed and it is showed, that this problem is hard computational problem regard to computer memory resources. A key agreement protocol based on matrix decomposition problem is presented

Using decision problems in public key cryptography

There are several public key establishment protocols as well as complete public key cryptosystems based on allegedly hard problems from combinatorial (semi)group theory known by now. Most of these problems are search problems, i.e., they are of the following nature: given a property P and the information that there are objects with the property P, find at least one particular object with the property P. So far, no cryptographic protocol based on a search problem in a non-commutative (semi)group has been recognized as secure enough to be a viable alternative to established protocols (such as RSA) based on commutative (semi)groups, although most of these protocols are more efficient than RSA is. In this paper, we suggest to use decision problems from combinatorial group theory as the core of a public key establishment protocol or a public key cryptosystem. By using a popular decision problem, the word problem, we design a cryptosystem with the following features: (1) Bob transmits to Alice an encrypted binary sequence which Alice decrypts correctly with probability "very close" to 1; (2) the adversary, Eve, who is granted arbitrarily high (but fixed) computational speed, cannot positively identify (at least, in theory), by using a "brute force attack", the "1" or "0" bits in Bob's binary sequence. In other words: no matter what computational speed we grant Eve at the outset, there is no guarantee that her "brute force attack" program will give a conclusive answer (or an answer which is correct with overwhelming probability) about any bit in Bob's sequence.Comment: 12 page

Conjugacy in Baumslag's group, generic case complexity, and division in power circuits

The conjugacy problem belongs to algorithmic group theory. It is the following question: given two words x, y over generators of a fixed group G, decide whether x and y are conjugated, i.e., whether there exists some z such that zxz^{-1} = y in G. The conjugacy problem is more difficult than the word problem, in general. We investigate the complexity of the conjugacy problem for two prominent groups: the Baumslag-Solitar group BS(1,2) and the Baumslag(-Gersten) group G(1,2). The conjugacy problem in BS(1,2) is TC^0-complete. To the best of our knowledge BS(1,2) is the first natural infinite non-commutative group where such a precise and low complexity is shown. The Baumslag group G(1,2) is an HNN-extension of BS(1,2). We show that the conjugacy problem is decidable (which has been known before); but our results go far beyond decidability. In particular, we are able to show that conjugacy in G(1,2) can be solved in polynomial time in a strongly generic setting. This means that essentially for all inputs conjugacy in G(1,2) can be decided efficiently. In contrast, we show that under a plausible assumption the average case complexity of the same problem is non-elementary. Moreover, we provide a lower bound for the conjugacy problem in G(1,2) by reducing the division problem in power circuits to the conjugacy problem in G(1,2). The complexity of the division problem in power circuits is an open and interesting problem in integer arithmetic.Comment: Section 5 added: We show that an HNN extension G = < H, b | bab^-1 = {\phi}(a), a \in A > has a non-amenable Schreier graph with respect to the base group H if and only if A \neq H \neq

Group ring based public key cryptosystems

In this paper, we propose two cryptosystems based on group rings and existing cryptosystem. First one is Elliptic ElGamal type group ring public key cryptosystem whose security is greater than security of cryptosystems based on elliptic curves discrete logarithmic problem (ECDLP). Second is ElGamal type group ring public key cryptosystem, which is analogous to ElGamal public key cryptosystem but has comparatively greater security. Examples are also given for both the proposed cryptosystems