Length-based cryptanalysis: The case of Thompson's Group

The length-based approach is a heuristic for solving randomly generated equations in groups which possess a reasonably behaved length function. We describe several improvements of the previously suggested length-based algorithms, that make them applicable to Thompson's group with significant success rates. In particular, this shows that the Shpilrain-Ushakov public key cryptosystem based on Thompson's group is insecure, and suggests that no practical public key cryptosystem based on this group can be secure.Comment: Final version, to appear in JM

Cryptanalysis of group-based key agreement protocols using subgroup distance functions

We introduce a new approach for cryptanalysis of key agreement protocols based on noncommutative groups. This approach uses functions that estimate the distance of a group element to a given subgroup. We test it against the Shpilrain-Ushakov protocol, which is based on Thompson's group F

Fixed points of endomorphisms of a free metabelian group

We consider IA-endomorphisms (i.e. Identical in Abelianization) of a free metabelian group of finite rank, and give a matrix characterization of their fixed points which is similar to (yet different from) the well-known characterization of eigenvectors of a linear operator in a vector space. We then use our matrix characterization to elaborate several properties of the fixed point groups of metabelian endomorphisms. In particular, we show that the rank of the fixed point group of an IA-endomorphism of the free metabelian group of rank n[gt-or-equal, slanted]2 can be either equal to 0, 1, or greater than (n−1) (in particular, it can be infinite). We also point out a connection between these properties of metabelian IA-endomorphisms and some properties of the Gassner representation of pure braid groups.published_or_final_versio

Measuring sets in infinite groups

We are now witnessing a rapid growth of a new part of group theory which has become known as "statistical group theory". A typical result in this area would say something like ``a random element (or a tuple of elements) of a group G has a property P with probability p". The validity of a statement like that does, of course, heavily depend on how one defines probability on groups, or, equivalently, how one measures sets in a group (in particular, in a free group). We hope that new approaches to defining probabilities on groups outlined in this paper create, among other things, an appropriate framework for the study of the "average case" complexity of algorithms on groups.Comment: 22 page

Polynomial Retracts and the Jacobian Conjecture

Let K[x, y] be the polynomial algebra in two variables over a field K of characteristic 0. A subalgebra R of K[x, y] is called a retract if there is an idempotent homomorphism (a retraction, or projection) phi : K[x, y] --> K[x, y] such that phi(K[x, y]) = R. The presence of other, equivalent, definitions of retracts provides several different methods of studying and applying them, and brings together ideas from combinatorial algebra, homological algebra, and algebraic geometry. In this paper, we characterize all the retracts of K[x, y] up to an automorphism, and give several applications of this characterization, in particular, to the well-known Jacobian conjecture.published_or_final_versio

Embeddings of hypersurfaces in affine spaces

In this paper, we address the following two general problems: given two algebraic varieties in Cn, find out whether or not they are (1) isomorphic and (2) equivalent under an automorphism of Cn. Although a complete solution of either of those problems is out of the question at this time, we give here some handy and useful invariants of isomorphic as well as of equivalent varieties. Furthermore, and more importantly, we give a universal procedure for obtaining all possible algebraic varieties isomorphic to a given one and use it to construct numerous examples of isomorphic but inequivalent algebraic varieties in Cn. Among other things, we establish the following interesting fact: for isomorphic hypersurfaces p(x1,...,xn)=0 and q(x1,...,xn)=0, the number of zeros of grad(p) might be different from that of grad(q). This implies, in particular, that, although the fibers p=0 and q=0 are isomorphic, there are some other fibers p=c and q=c which are not. We construct examples like this for any n≥2. © 2001 Academic Press.postprin

Equivalence of polynomials under automorphisms of K [x, y]

Let K [x, y] be the algebra of polynomials in two variables over an arbitrary field K. We show that if the maximum of the x- and y-degrees of a given polynomial p (x, y) cannot be decreased by a single triangular or linear automorphism of K [x, y], then it cannot be decreased by any automorphism of K [x, y]. If K is an algebraically closed constructible field, this result yields an algorithm for deciding whether or not two polynomials p, q ∈ K [x, y] are equivalent under an automorphism of K [x, y]. We also show that if there is an automorphism of K [x, y] taking p to q, then it is "almost" unique. More precisely: if an automorphism α of K [x, y] is not conjugate to a triangular or linear automorphism, then any polynomial invariant (or even semiinvariant) under α is a constant. © 2006 Elsevier Ltd. All rights reserved.preprin

Actions of the braid group, and new algebraic proofs of results of Dehornoy and Larue

This article surveys many standard results about the braid group with emphasis on simplifying the usual algebraic proofs. We use van der Waerden's trick to illuminate the Artin-Magnus proof of the classic presentation of the algebraic mapping-class group of a punctured disc. We give a simple, new proof of the Dehornoy-Larue braid-group trichotomy, and, hence, recover the Dehornoy right-ordering of the braid group. We then turn to the Birman-Hilden theorem concerning braid-group actions on free products of cyclic groups, and the consequences derived by Perron-Vannier, and the connections with the Wada representations. We recall the very simple Crisp-Paris proof of the Birman-Hilden theorem that uses the Larue-Shpilrain technique. Studying ends of free groups permits a deeper understanding of the braid group; this gives us a generalization of the Birman-Hilden theorem. Studying Jordan curves in the punctured disc permits a still deeper understanding of the braid group; this gave Larue, in his PhD thesis, correspondingly deeper results, and, in an appendix, we recall the essence of Larue's thesis, giving simpler combinatorial proofs.Comment: 51`pages, 13 figure