4 research outputs found
On the cryptanalysis of the generalized simultaneous conjugacy search problem and the security of the Algebraic Eraser
The Algebraic Eraser (AE) is a cryptographic primitive that can be used to
obscure information in certain algebraic cryptosystems. The Colored Burau Key
Agreement Protocol (CBKAP), which is built on the AE, was introduced by I.
Anshel, M. Anshel, D. Goldfeld, and S. Lemieux in 2006 as a protocol suitable
for use on platforms with constrained computational resources, such as RFID and
wireless sensors. In 2009 A. Myasnikov and A. Ushnakov proposed an attack on
CBKAP that attempts to defeat the generalized simultaneous conjugacy search
problem, which is the public-key computational problem underlying CBKAP. In
this paper we investigate the effectiveness of this attack. Our findings are
that success of the attack only comes from applying it to short keys, and that
with appropriate keys the attack fails in 100% of cases and does not pose a
threat against CBKAP. Moreover, the attack makes assumptions about CBKAP that
do not hold in practical implementations, and thus does not represent a threat
to the use of CBKAP in applications
Defeating the Kalka--Teicher--Tsaban linear algebra attack on the Algebraic Eraser
The Algebraic Eraser (AE) is a public key protocol for sharing information
over an insecure channel using commutative and noncommutative groups; a
concrete realization is given by Colored Burau Key Agreement Protocol (CBKAP).
In this paper, we describe how to choose data in CBKAP to thwart an attack by
Kalka--Teicher--Tsaban
Short expressions of permutations as products and cryptanalysis of the Algebraic Eraser
On March 2004, Anshel, Anshel, Goldfeld, and Lemieux introduced the
\emph{Algebraic Eraser} scheme for key agreement over an insecure channel,
using a novel hybrid of infinite and finite noncommutative groups. They also
introduced the \emph{Colored Burau Key Agreement Protocol (CBKAP)}, a concrete
realization of this scheme.
We present general, efficient heuristic algorithms, which extract the shared
key out of the public information provided by CBKAP. These algorithms are,
according to heuristic reasoning and according to massive experiments,
successful for all sizes of the security parameters, assuming that the keys are
chosen with standard distributions.
Our methods come from probabilistic group theory (permutation group actions
and expander graphs). In particular, we provide a simple algorithm for finding
short expressions of permutations in , as products of given random
permutations. Heuristically, our algorithm gives expressions of length
, in time and space . Moreover, this is provable from
\emph{the Minimal Cycle Conjecture}, a simply stated hypothesis concerning the
uniform distribution on . Experiments show that the constants in these
estimations are small. This is the first practical algorithm for this problem
for .
Remark: \emph{Algebraic Eraser} is a trademark of SecureRF. The variant of
CBKAP actually implemented by SecureRF uses proprietary distributions, and thus
our results do not imply its vulnerability. See also arXiv:abs/12020598Comment: Final version, accepted to Advances in Applied Mathematics. Title
slightly change
Analysis of a Group of Automorphisms of a Free Group as a Platform for Conjugacy-Based Group Cryptography
Let F be a finitely generated free group and Aut(F) its group of automorphisms.
In this monograph we discuss potential uses of Aut(F) in group-based cryptography.
Our main focus is on using Aut(F) as a platform group for the Anshel-Anshel-Goldfeld protocol, Ko-Lee protocol, and other protocols based on different versions of the conjugacy search problem or decomposition problem, such as Shpilrain-Ushakov protocol.
We attack the Anshel-Anshel-Goldfeld and Ko-Lee protocols by adapting the existing types of the length-based attack to the specifics of Aut(F). We also present our own version of the length-based attack that significantly increases the attack\u27 success rate. After discussing attacks, we discuss the ways to make keys from Aut(F) resistant to the different versions of length-based attacks including our own