Results 1 
8 of
8
Thompson’s group and public key cryptography
 In Third International Conference, ACNS 2005
, 2005
"... Abstract. Recently, several public key exchange protocols based on symbolic computation in noncommutative (semi)groups were proposed as a more efficient alternative to well established protocols based on numeric computation. Notably, the protocols due to AnshelAnshelGoldfeld and KoLee et al. exp ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Recently, several public key exchange protocols based on symbolic computation in noncommutative (semi)groups were proposed as a more efficient alternative to well established protocols based on numeric computation. Notably, the protocols due to AnshelAnshelGoldfeld and KoLee et al. exploited the conjugacy search problem in groups, which is a ramification of the discrete logarithm problem. However, it is a prevalent opinion now that the conjugacy search problem alone is unlikely to provide sufficient level of security no matter what particular group is chosen as a platform. In this paper we employ another problem (we call it the decomposition problem), which is more general than the conjugacy search problem, and we suggest to use R. Thompson’s group as a platform. This group is well known in many areas of mathematics, including algebra, geometry, and analysis. It also has several properties that make it fit for cryptographic purposes. In particular, we show here that the word problem in Thompson’s group is solvable in almost linear time. 1
The conjugacy search problem in public key cryptography: unnecessary and insufficient, IACR ePrint Archive, November 2004, Online available at http://eprint.iacr.org/2004/321.pdf
"... Abstract. The conjugacy search problem in a group G is the problem of recovering an x ∈ G from given g ∈ G and h = x −1 gx. This problem is in the core of several recently suggested public key exchange protocols, most notably the one due to Anshel, Anshel, and Goldfeld, and the one due to Ko, Lee at ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
(Show Context)
Abstract. The conjugacy search problem in a group G is the problem of recovering an x ∈ G from given g ∈ G and h = x −1 gx. This problem is in the core of several recently suggested public key exchange protocols, most notably the one due to Anshel, Anshel, and Goldfeld, and the one due to Ko, Lee at al. In this note, we make two observations that seem to have eluded most people’s attention. The first observation is that solving the conjugacy search problem is not necessary for an adversary to get the common secret key in the KoLee protocol. It is sufficient to solve an apparently easier problem of finding x, y∈Gsuch that h = ygx for given g,h∈G. Another observation is that solving the conjugacy search problem is not sufficient for an adversary to get the common secret key in the AnshelAnshelGoldfeld protocol. 1.
Lengthbased conjugacy search in the braid group
"... Several key agreement protocols are based on the following Generalized Conjugacy Search Problem: Find, given elements b1,..., bn and xb1x −1,..., xbnx −1 in a nonabelian group G, the conjugator x. In the case of subgroups of the braid group BN, Hughes and Tannenbaum suggested a lengthbased approac ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
Several key agreement protocols are based on the following Generalized Conjugacy Search Problem: Find, given elements b1,..., bn and xb1x −1,..., xbnx −1 in a nonabelian group G, the conjugator x. In the case of subgroups of the braid group BN, Hughes and Tannenbaum suggested a lengthbased approach to finding x. Since the introduction of this approach, its effectiveness and successfulness were debated. We introduce several effective realizations of this approach. In particular, a length function is defined on BN which possesses significantly better properties than the natural length associated to the Garside normal form. We give experimental results concerning the success probability of this approach, which suggest that an unfeasible computational power is required for this method to successfully solve the Generalized Conjugacy Search Problem when its parameters are as in existing protocols.
A new key exchange protocol based on the decomposition problem
 Contemp. Math., Amer. Math. Soc
"... Abstract. In this paper we present a new key establishment protocol based on the decomposition problem in noncommutative groups which is: given two elements w, w1 of the platform group G and two subgroups A, B ⊆ G (not necessarily distinct), find elements a ∈ A, b ∈ B such that w1 = awb. Here we in ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we present a new key establishment protocol based on the decomposition problem in noncommutative groups which is: given two elements w, w1 of the platform group G and two subgroups A, B ⊆ G (not necessarily distinct), find elements a ∈ A, b ∈ B such that w1 = awb. Here we introduce two new ideas that improve the security of key establishment protocols based on the decomposition problem. In particular, we conceal (i.e., do not publish explicitly) one of the subgroups A, B, thus introducing an additional computationally hard problem for the adversary, namely, finding the centralizer of a given finitely generated subgroup. 1.
Using the subgroup membership search problem in public key cryptography
 Contemp. Math., Amer. Math. Soc
"... Abstract. There are several public key protocols around that use the computational hardness of either the conjugacy search problem or the word (search) problem for nonabelian groups. In this paper, we describe a cryptosystem whose security is based on the computational hardness of the subgroup membe ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
Abstract. There are several public key protocols around that use the computational hardness of either the conjugacy search problem or the word (search) problem for nonabelian groups. In this paper, we describe a cryptosystem whose security is based on the computational hardness of the subgroup membership (search) problem: given a group G, a subgroup H generated by h1,..., hk, and an element h ∈ H, find an expression of h in terms of h1,..., hk. It is also interesting to note that groups which we suggest to use as the platform, free metabelian groups, are infinitely presented, in contrast with groups typically used in public key cryptography. Nevertheless, these group have efficiently (and, in fact, very easily) solvable word problem. 1.
Using decision problems in public key cryptography
, 2007
"... There are several public key establishment protocols as well as complete public key cryptosystems based on allegedly hard problems from combinatorial (semi)group theory known by now. Most of these problems are search problems, i.e., they are of the following nature: given a property P and the info ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
There are several public key establishment protocols as well as complete public key cryptosystems based on allegedly hard problems from combinatorial (semi)group theory known by now. Most of these problems are search problems, i.e., they are of the following nature: given a property P and the information that there are objects with the property P, find at least one particular object with the property P. So far, no cryptographic protocol based on a search problem in a noncommutative (semi)group has been recognized as secure enough to be a viable alternative to established protocols (such as RSA) based on commutative (semi)groups, although most of these protocols are more efficient than RSA is. In this paper, we suggest to use decision problems from combinatorial group theory as the core of a public key establishment protocol or a public key cryptosystem. Decision problems are problems of the following nature: given a property P and an object O, find out whether or not the object O has the property P. By using a popular decision problem, the word problem, we design a cryptosystem with the following features: (1) Bob transmits to Alice an encrypted binary sequence which Alice decrypts correctly with probability “very close ” to 1; (2) the adversary, Eve, who is granted arbitrarily high (but fixed) computational speed, cannot positively identify (at least, in theory), by using a “brute force attack”, the “1” or “0 ” bits in Bob’s binary sequence. In other words: no matter what computational speed we grant Eve at the outset, there is no guarantee that her “brute force attack ” program will give a conclusive answer (or an answer which is correct with overwhelming probability) about any bit in Bob’s sequence.
A PROPERTY FOR CRYPTOGRAPHY BASED ON INFINITE GROUPS
"... Abstract. Cryptography using infinite groups has been studied since about twenty years ago. However, it has not been so fruitful as using finite groups. An important reason is the absence of research on probability in this area. Indeed, a number of cryptographic tools concerning probability are play ..."
Abstract
 Add to MetaCart
Abstract. Cryptography using infinite groups has been studied since about twenty years ago. However, it has not been so fruitful as using finite groups. An important reason is the absence of research on probability in this area. Indeed, a number of cryptographic tools concerning probability are playing significant roles in analyses in the case of finite groups. Our purpose is twofold—to deal with not a particular finite subset (as before) of an infinite group but the whole group itself, and to make cryptographic tools developed in finite groups still useful in infinite groups. As a first step to serve this purpose, we study a probabilitytheoretic property, the socalled rightinvariance, that has been widely used in cryptography. Like the uniform distribution over finite sets, rightinvariance property simplifies many complex situations. However, it can be unused or misused since it is not known when this property can be used. We propose a method of deciding whether or not we can use this property in a given situation, and prove that there is no rightinvariant probability distribution on most infinite groups which can be universally used. Therefore, we discuss weaker, yet practical alternatives with concrete examples. 1.