120 research outputs found
Assessing security of some group based cryptosystems
One of the possible generalizations of the discrete logarithm problem to
arbitrary groups is the so-called conjugacy search problem (sometimes
erroneously called just the conjugacy problem): given two elements a, b of a
group G and the information that a^x=b for some x \in G, find at least one
particular element x like that. Here a^x stands for xax^{-1}. The computational
difficulty of this problem in some particular groups has been used in several
group based cryptosystems. Recently, a few preprints have been in circulation
that suggested various "neighbourhood search" type heuristic attacks on the
conjugacy search problem. The goal of the present survey is to stress a
(probably well known) fact that these heuristic attacks alone are not a threat
to the security of a cryptosystem, and, more importantly, to suggest a more
credible approach to assessing security of group based cryptosystems. Such an
approach should be necessarily based on the concept of the average case
complexity (or expected running time) of an algorithm.
These arguments support the following conclusion: although it is generally
feasible to base the security of a cryptosystem on the difficulty of the
conjugacy search problem, the group G itself (the "platform") has to be chosen
very carefully. In particular, experimental as well as theoretical evidence
collected so far makes it appear likely that braid groups are not a good choice
for the platform. We also reflect on possible replacements.Comment: 10 page
Search and witness problems in group theory
Decision problems are problems of the following nature: given a property P
and an object O, find out whether or not the object O has the property P. On
the other hand, witness problems are: given a property P and an object O with
the property P, find a proof of the fact that O indeed has the property P. On
the third hand(?!), search problems are of the following nature: given a
property P and an object O with the property P, find something "material"
establishing the property P; for example, given two conjugate elements of a
group, find a conjugator. In this survey our focus is on various search
problems in group theory, including the word search problem, the subgroup
membership search problem, the conjugacy search problem, and others
Automorphisms of one-relator groups
It is a well-known fact that every group has a presentation of the form
, where is a free group and the kernel of the natural
epimorphism from onto . Driven by the desire to obtain a similar
presentation of the group of automorphisms , we can consider the
subgroup of those automorphisms of that
stabilize , and try to figure out if the natural homomorphism is onto, and if it is, to determine its kernel. Both parts of this task
are usually quite hard. The former part received considerable attention in the
past, whereas the latter, more difficult, part (determining the kernel) seemed
unapproachable. Here we approach this problem for a class of one-relator groups
with a special kind of small cancellation condition. Then, we address a
somewhat easier case of 2-generator (not necessarily one-relator) groups, and
determine the kernel of the above mentioned homomorphism for a rather general
class of those groups.Comment: LaTex file, 8 page
Using decision problems in public key cryptography
There are several public key establishment protocols as well as complete
public key cryptosystems based on allegedly hard problems from combinatorial
(semi)group theory known by now. Most of these problems are search problems,
i.e., they are of the following nature: given a property P and the information
that there are objects with the property P, find at least one particular object
with the property P. So far, no cryptographic protocol based on a search
problem in a non-commutative (semi)group has been recognized as secure enough
to be a viable alternative to established protocols (such as RSA) based on
commutative (semi)groups, although most of these protocols are more efficient
than RSA is.
In this paper, we suggest to use decision problems from combinatorial group
theory as the core of a public key establishment protocol or a public key
cryptosystem. By using a popular decision problem, the word problem, we design
a cryptosystem with the following features: (1) Bob transmits to Alice an
encrypted binary sequence which Alice decrypts correctly with probability "very
close" to 1; (2) the adversary, Eve, who is granted arbitrarily high (but
fixed) computational speed, cannot positively identify (at least, in theory),
by using a "brute force attack", the "1" or "0" bits in Bob's binary sequence.
In other words: no matter what computational speed we grant Eve at the outset,
there is no guarantee that her "brute force attack" program will give a
conclusive answer (or an answer which is correct with overwhelming probability)
about any bit in Bob's sequence.Comment: 12 page
Embeddings of curves in the plane
In this paper, we contribute toward a classification of two-variable
polynomials by classifying (up to an automorphism of ) polynomials whose
Newton polygon is either a triangle or a line segment. Our classification has
several applications to the study of embeddings of algebraic curves in the
plane. In particular, we show that for any , there is an irreducible
curve with one place at infinity, which has at least inequivalent
embeddings in . Also, upon combining our method with a well-known theorem
of Zaidenberg and Lin, we show that one can decide "almost" just by inspection
whether or not a polynomial fiber is an irreducible simply connected curve.Comment: 11 page
Combinatorial group theory and public key cryptography
After some excitement generated by recently suggested public key exchange
protocols due to Anshel-Anshel-Goldfeld and Ko-Lee et al., it is a prevalent
opinion now that the conjugacy search problem is unlikely to provide sufficient
level of security if a braid group is used as the platform. In this paper we
address the following questions: (1) whether choosing a different group, or a
class of groups, can remedy the situation; (2) whether some other "hard"
problem from combinatorial group theory can be used, instead of the conjugacy
search problem, in a public key exchange protocol. Another question that we
address here, although somewhat vague, is likely to become a focus of the
future research in public key cryptography based on symbolic computation: (3)
whether one can efficiently disguise an element of a given group (or a
semigroup) by using defining relations.Comment: 12 page
- …