Results 1  10
of
12
Random subgroups and analysis of the lengthbased and quotient attacks
 Journal of Mathematical Cryptology
"... ..."
(Show Context)
Cryptanalysis of the AnshelAnshelGoldfeldLemieux key agreement protocol,”
 Groups, Complexity, Cryptology,
, 2009
"... The AnshelAnshelGoldfeldLemieux (abbreviated AAGL) key agreement protocol [1] is proposed to be used on lowcost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser T M (abbreviated AE) which is claimed to be a suitable pr ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
The AnshelAnshelGoldfeldLemieux (abbreviated AAGL) key agreement protocol [1] is proposed to be used on lowcost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser T M (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and pointofsale applications. In this paper we revisit the computational problem on which AE relies and heuristically analyze its hardness. We show that for proposed parameter values it is impossible to instantiate a secure protocol. To be more precise, in 100% of randomly generated instances of the protocol we were able to find a secret conjugator z generated by the TTP algorithm (part of AAGL protocol).
Polynomial time solutions of computational problems in noncommutativealgebraic cryptography
"... ..."
New Developments in Commutator Key Exchange
"... We study the algorithmic security of the AnshelAnshelGoldfeld (AAG) key exchange scheme and show that contrary to prevalent opinion, the computational hardness of AAG depends on the structure of the chosen subgroups, rather than on the conjugacy problem of the ambient braid group. Proper choice of ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We study the algorithmic security of the AnshelAnshelGoldfeld (AAG) key exchange scheme and show that contrary to prevalent opinion, the computational hardness of AAG depends on the structure of the chosen subgroups, rather than on the conjugacy problem of the ambient braid group. Proper choice of these subgroups produces a key exchange scheme which is resistant to all known attacks on AAG.
Polynomial time cryptanalysis of noncommutativealgebraic key exchange protocols
"... We introduce the linear centralizer method for a passive adversary to extract the shared key in grouptheory based key exchange protocols (KEPs). We apply this method to obtain a polynomial time cryptanalysis of the Commutator KEP, introduced by Anshel–Anshel–Goldfeld in 1999 and considered extensiv ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We introduce the linear centralizer method for a passive adversary to extract the shared key in grouptheory based key exchange protocols (KEPs). We apply this method to obtain a polynomial time cryptanalysis of the Commutator KEP, introduced by Anshel–Anshel–Goldfeld in 1999 and considered extensively ever since. We also apply this method to the Centralizer KEP, introduced by Shpilrain–Ushakov in 2006. Our method is proved to be of polynomial time using a technical lemma about sampling invertible matrices from a linear space of matrices.
G.Rosenberger, Generic subgroups of group amalgams
 Groups,Complexity, Cryptology
, 2009
"... Abstract: For many groups the structure of finitely generated subgroups is generically simple. That is with asymptotic density equal to one a randomly chosen finitely generated subgroup has a particular wellknown and easily analyzed structure. For example a result of D. B. A. Epstein says that a f ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract: For many groups the structure of finitely generated subgroups is generically simple. That is with asymptotic density equal to one a randomly chosen finitely generated subgroup has a particular wellknown and easily analyzed structure. For example a result of D. B. A. Epstein says that a finitely generated subgroup of GL(n, R) is generically a free group. We say that a group G has the generic free group property if any finitely generated subgroup is generically a free group. Further G has the strong generic free group property if given randomly chosen elements g 1 , . . . , g n in G then generically they are a free basis for the free subgroup they generate. In this paper we show that for any arbitrary free product of finitely generated infinite groups satisfies the strong generic free group property. There are also extensions to more general amalgams free products with amalgamation and HNN groups. These results have implications in cryptography. In particular several cryptosystems use random choices of subgroups as hard cryptographic problems. In groups with the generic free group property any such cryptosystem may be attackable by a length based attack.
Signature Scheme Using the Root Extraction Problem on Quaternions
"... The root extraction problem over quaternion rings modulo an RSA integer is defined, and the intractability of the problem is examined. A signature scheme is constructed based on the root extraction problem. It is proven that an adversary can forge a signature on a message if and only if he can extr ..."
Abstract
 Add to MetaCart
The root extraction problem over quaternion rings modulo an RSA integer is defined, and the intractability of the problem is examined. A signature scheme is constructed based on the root extraction problem. It is proven that an adversary can forge a signature on a message if and only if he can extract the roots for some quaternion integers. The performance and other security related issues are also discussed.