16 research outputs found
Short expressions of permutations as products and cryptanalysis of the Algebraic Eraser
On March 2004, Anshel, Anshel, Goldfeld, and Lemieux introduced the
\emph{Algebraic Eraser} scheme for key agreement over an insecure channel,
using a novel hybrid of infinite and finite noncommutative groups. They also
introduced the \emph{Colored Burau Key Agreement Protocol (CBKAP)}, a concrete
realization of this scheme.
We present general, efficient heuristic algorithms, which extract the shared
key out of the public information provided by CBKAP. These algorithms are,
according to heuristic reasoning and according to massive experiments,
successful for all sizes of the security parameters, assuming that the keys are
chosen with standard distributions.
Our methods come from probabilistic group theory (permutation group actions
and expander graphs). In particular, we provide a simple algorithm for finding
short expressions of permutations in , as products of given random
permutations. Heuristically, our algorithm gives expressions of length
, in time and space . Moreover, this is provable from
\emph{the Minimal Cycle Conjecture}, a simply stated hypothesis concerning the
uniform distribution on . Experiments show that the constants in these
estimations are small. This is the first practical algorithm for this problem
for .
Remark: \emph{Algebraic Eraser} is a trademark of SecureRF. The variant of
CBKAP actually implemented by SecureRF uses proprietary distributions, and thus
our results do not imply its vulnerability. See also arXiv:abs/12020598Comment: Final version, accepted to Advances in Applied Mathematics. Title
slightly change
How long does it take to generate a group?
The diameter of a finite group with respect to a generating set is
the smallest non-negative integer such that every element of can be
written as a product of at most elements of . We denote this
invariant by \diam_A(G). It can be interpreted as the diameter of the Cayley
graph induced by on and arises, for instance, in the context of
efficient communication networks.
In this paper we study the diameters of a finite abelian group with
respect to its various generating sets . We determine the maximum possible
value of \diam_A(G) and classify all generating sets for which this maximum
value is attained. Also, we determine the maximum possible cardinality of
subject to the condition that \diam_A(G) is "not too small". Connections with
caps, sum-free sets, and quasi-perfect codes are discussed
Diameters of Chevalley groups over local rings
Let G be a Chevalley group scheme of rank l. We show that the following holds
for some absolute constant d>0 and two functions p_0=p_0(l) and C=C(l,p). Let
p>p_0 be a prime number and let G_n:=G(\Z/p^n\Z) be the family of finite groups
for n>0.
Then for any n>0 and any subset S which generates G_n we have diam(G_n,S)< C
n^d, i.e., any element of G_n is a product of Cn^d elements from S\cup S^{-1}.
In particular, for some C'=C'(l,p) and for any n>0 we have, diam(G_n,S)< C'
log^d(|G_n|).
Our proof is elementary and effective, in the sense that the constant d and
the functions p_0(l) and C(l,p) are calculated explicitly. Moreover, there
exists an efficient algorithm to compute a short path between any two vertices
in any Cayley graph of the groups G_n.Comment: 8 page
A Sharp Diameter Bound for Unipotent Groups of Classical Type Overℤ /pℤ
The unipotent subgroup of a finite group of Lie type over a prime field Fp comes equipped with a natural set of generators; the properties of the Cayley graph associated to this set of generators have been much studied. In the present paper, we show that the diameter of this Cayley graph is bounded above and below by constant multiples of np + n2 log p, where n is the rank of the associated Lie group. This generalizes the result of Ellenberg, A sharp diameter bound for an upper triangular matrix group, Harvard University, 1993, which treated the case of SLn(Fp)