Cryptanalysis of Cryptosystems Based on Non-commutative Skew Polynomials

International audienceTen years ago, Ko et al. described a Diffie-Hellman like protocol based on decomposition with respect to a non-commutative semigroup law. Instantiation with braid groups had first been considered, however intense research on braid groups revealed vulnerabilities of the group structure and of the braid based DH problem itself.Recently, Boucher et al. proposed a similar scheme based on a particular non-commutative multiplication of polynomials over a finite field. These so called skew polynomials have a well-studied theory and have many applications in mathematics and coding theory, however they are quite unknown in a cryptographic application.In this paper, we show that the Diffie-Hellman problem based on skew polynomials is susceptible to a very efficient attack. This attack is in fact general in nature, it uses the availability of a one-sided notion of gcd and exact division. Given such tools, one can shift the Diffie-Hellman probllem to a linear algebra type problem

Computational Approaches to Problems in Noncommutative Algebra -- Theory, Applications and Implementations

Noncommutative rings appear in several areas of mathematics. Most prominently, they can be used to model operator equations, such as differential or difference equations. In the Ph.D. studies leading to this thesis, the focus was mainly on two areas: Factorization in certain noncommutative domains and matrix normal forms over noncommutative principal ideal domains. Regarding the area of factorization, we initialize in this thesis a classification of noncommutative domains with respect to the factorization properties of their elements. Such a classification is well established in the area of commutative integral domains. Specifically, we define conditions to identify so-called finite factorization domains, and discover that the ubiquitous G-algebras are finite factorization domains. We furthermore realize a practical factorization algorithm applicable to G-algebras, with minor assumptions on the underlying field. Since the generality of our algorithm comes with the price of performance, we also study how it can be optimized for specific domains. Moreover, all of these factorization algorithms are implemented. However, it turns out that factorization is difficult for many types of noncommutative rings. This observation leads to the adjunct examination of noncommutative rings in the context of cryptography. In particular, we develop a Diffie-Hellman-like key exchange protocol based on certain noncommutative rings. Regarding the matrix normal forms, we present a polynomial-time algorithm of Las Vegas type to compute the Jacobson normal form of matrices over specific domains. We will study the flexibility, as well as the limitations of our proposal. Another core contribution of this thesis consists of various implementations to assist future researchers working with noncommutative algebras. Detailed reports on all these programs and software-libraries are provided. We furthermore develop a benchmarking tool called SDEval, tailored to the needs of the computer algebra community. A description of this tool is also included in this thesis