Probabilistic Solutions of Equations in the Braid Group

Given a system of equations in a "random" finitely generated subgroup of the braid group, we show how to find a small ordered list of elements in the subgroup, which contains a solution to the equations with a significant probability. Moreover, with a significant probability, the solution will be the first in the list. This gives a probabilistic solution to: The conjugacy problem, the group membership problem, the shortest representation of an element, and other combinatorial group-theoretic problems in random subgroups of the braid group. We use a memory-based extension of the standard length-based approach, which in principle can be applied to any group admitting an efficient, reasonably behaving length function.Comment: Small update

On an authentication scheme based on the Root Problem in the braid group

Lal and Chaturvedi proposed two authentication schemes based on the difficulty of the Root Problem in the braid group. We point out that the first scheme is not really as secure as the Root Problem, and describe an efficient way to crack it. The attack works for any group.Comment: This paper has been withdrawn by the author. One of the claims is incorrect as written. We are working on correcting and generalizing it. This will be published in another pape

Group theory in cryptography

This paper is a guide for the pure mathematician who would like to know more about cryptography based on group theory. The paper gives a brief overview of the subject, and provides pointers to good textbooks, key research papers and recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor typographical changes. To appear in Proceedings of Groups St Andrews 2009 in Bath, U

A new key exchange protocol based on the decomposition problem

In this paper we present a new key establishment protocol based on the decomposition problem in non-commutative groups which is: given two elements $w, w_1$ of the platform group $G$ and two subgroups $A, B \subseteq G$ (not necessarily distinct), find elements $a \in A, b \in B$ such that $w_1 = a w b$. Here we introduce two new ideas that improve the security of key establishment protocols based on the decomposition problem. In particular, we conceal (i.e., do not publish explicitly) one of the subgroups $A, B$, thus introducing an additional computationally hard problem for the adversary, namely, finding the centralizer of a given finitely generated subgroup.Comment: 7 page