#### DMCA

## Combinatorial group theory and public key cryptography (2006)

### Cached

### Download Links

Citations: | 19 - 4 self |

### Citations

571 |
Fundamentals of Semigroup Theory
- Howie
- 1995
(Show Context)
Citation Context ...ors of S and R = {r1 = r ′ 1 ,r2 = r ′ 2 ,...} a set of defining relations. The full transformation semigroup of S, denoted by TS, is the set of all functions S → S closed under composition, see e.g. =-=[8]-=-. A function t ∈ TS is well-defined in S if for any w,w ′ ∈ S such that w = w ′ , one has t(w) = t(w ′ ). The set of well-defined functions from TS can be utilized to deliver diffusion in S, i.e., to ... |

153 | An algebraic method for public-key cryptography,
- Anshel, Anshel, et al.
- 1999
(Show Context)
Citation Context ... a x stands for xax −1 . The (alleged) computational difficulty of this problem in some particular groups (namely, in braid groups) has been used in several group based cryptosystems, most notably in =-=[1]-=- and [13]. However, after some initial excitement (which has even resulted in naming a new area of “braid group cryptography” — see [3], [4]), it seems now that the conjugacy search problem in a braid... |

129 |
Combinatorial group theory, Ergebnisse der Mathematik und ihrer Grenzgebiete
- Lyndon, Schupp
- 1977
(Show Context)
Citation Context ...ss of groups “algorithmically homogeneous”. Here we draw attention to a more diverse class of small cancellation groups that satisfy small cancellation conditions C(4), T(4), but not C ′ ( 1 6 ) (see =-=[14]-=-). The latter is needed to try to avoid hyperbolic groups (all finitely presented C ′ ( 1 6 ) groups are hyperbolic), where the conjugacy search problem can be solved very quickly (see [10] and [11] f... |

126 | New public-key cryptosystem using braid group,
- Ko, Lee, et al.
- 2000
(Show Context)
Citation Context ...nds for xax −1 . The (alleged) computational difficulty of this problem in some particular groups (namely, in braid groups) has been used in several group based cryptosystems, most notably in [1] and =-=[13]-=-. However, after some initial excitement (which has even resulted in naming a new area of “braid group cryptography” — see [3], [4]), it seems now that the conjugacy search problem in a braid group ca... |

69 | Generic-case complexity, decision problems in group theory, and random walks.
- Kapovich, Miasnikov, et al.
- 2003
(Show Context)
Citation Context ...1 6 ) (see [14]). The latter is needed to try to avoid hyperbolic groups (all finitely presented C ′ ( 1 6 ) groups are hyperbolic), where the conjugacy search problem can be solved very quickly (see =-=[10]-=- and [11] for discussion). In the class of groups with small cancellation conditions C(4) and T(4), the word problem is solvable in quadratic time (see [14, Theorem V.6.3]), which meets the necessary ... |

48 | A practical attack on some braid group based cryptoraphic primitives,”
- Hofheinz, Steinwandt
- 2003
(Show Context)
Citation Context ...where G is a braid group Bn, and A,B consist of inner automorphisms (i.e., conjugations). This arrangement however makes the cryptosystem vulnerable to so-called “length based” attacks (see e.g. [5], =-=[7]-=-, [9]) because applying a generic automorphism to a generic element of a group tends to increase the length of (the normal form of) this element. To avoid attacks of this kind, we suggest here using n... |

42 | Length-based attacks for certain group based encryption rewriting systems
- Hughes, Tannenbaum
- 2000
(Show Context)
Citation Context ... G is a braid group Bn, and A,B consist of inner automorphisms (i.e., conjugations). This arrangement however makes the cryptosystem vulnerable to so-called “length based” attacks (see e.g. [5], [7], =-=[9]-=-) because applying a generic automorphism to a generic element of a group tends to increase the length of (the normal form of) this element. To avoid attacks of this kind, we suggest here using non-in... |

26 |
Artin groups and infinite Coxeter groups,
- Appel, Schupp
- 1983
(Show Context)
Citation Context ...ion AΓ = 〈 a1,... ,an ; µij = µji for 1 ≤ i < j ≤ n) 〉, where µij = ai aj ai ... � �� � mijs8 V. SHPILRAIN AND G. ZAPATA and mij = mji. Artin groups arise as generalizations of braid groups, see e.g. =-=[2]-=-. For an Artin group AΓ, the associated labeled graph Γ has no multiple edges or loops. The vertices ai of Γ are the generators of the Artin group. Any two vertices ai,aj ∈ Γ are connected by an edge,... |

22 |
Braking Codes: Introduction to Cryptology
- Garrett, Making
- 2000
(Show Context)
Citation Context ...Question 3. Can one efficiently disguise an element of a given group (or a semigroup) by using defining relations? Disguising an element before transmission is sometimes called “diffusion” — see e.g. =-=[6]-=-. The importance of this is rather obvious: if, for example, one transmits a conjugate xax −1 of a public element a “as is”, i.e., without diffusion, then the opponent can determine the private elemen... |

17 | Length-based conjugacy search in the braid group,”
- Garber, Kaplan, et al.
- 2006
(Show Context)
Citation Context ...13], where G is a braid group Bn, and A,B consist of inner automorphisms (i.e., conjugations). This arrangement however makes the cryptosystem vulnerable to so-called “length based” attacks (see e.g. =-=[5]-=-, [7], [9]) because applying a generic automorphism to a generic element of a group tends to increase the length of (the normal form of) this element. To avoid attacks of this kind, we suggest here us... |

16 | Assessing security of some group based cryptosystems. In: Group theory, statistics, and cryptography,
- Shpilrain
- 2004
(Show Context)
Citation Context ... has even resulted in naming a new area of “braid group cryptography” — see [3], [4]), it seems now that the conjugacy search problem in a braid group cannot provide sufficient level of security; see =-=[18]-=- for explanations. 1s2 V. SHPILRAIN AND G. ZAPATA Therefore, one faces the following two natural questions: Question 1. Is there a group, or a class of groups, where the public key exchange protocol s... |

6 | On the andrewscurtis equivalence
- Myasnikov, Myasnikov, et al.
(Show Context)
Citation Context ...s used before in a different context, namely, in attempts to attack the Andrews-Curtis conjecture, a notoriously difficult problem in low-dimensional topology and combinatorial group theory (see e.g. =-=[15]-=-). The idea is to break down defining relations of a group into “small pieces”. More formally, we replace a given group G by an isomorphic group where all relators havesCOMBINATORIAL GROUP THEORY AND ... |

6 |
Braid-based cryptography. In: Group theory, statistics, and cryptography
- Dehornoy
- 2004
(Show Context)
Citation Context ...yptosystems, most notably in [1] and [13]. However, after 1s2 V. SHPILRAIN AND G. ZAPATA some initial excitement (which has even resulted in naming a new area of “braid group cryptography” — see [3], =-=[4]-=-), it seems now that the conjugacy search problem in a braid group may not provide sufficient level of security; see [18] for explanations. Therefore, one faces the following two natural questions: Qu... |

3 |
Artin groups of extra-large type are automatic
- Peifer
- 1996
(Show Context)
Citation Context ...e wants to initiate a public key exchange protocol. A particular class of groups that we consider here is the class of Artin groups of extra large type. Groups in this class are known to be automatic =-=[17]-=-, which implies, in particular, that the word problem in any group from this class is solvable in quadratic time. Further details are given in Section 5. Finally, we note that, as a further generaliza... |

2 |
H.: Conjugacy problem in braid groups and applications, I. Overview: Conjugacy problems, their variations, and their applications, preprint. http://www.kyokan.ms.utokyo.ac.jp/˜topology/files/KS03a.pdf
- Ko
(Show Context)
Citation Context ...e note that, as a further generalization, one can use arbitrary well-defined mappings α,β (not necessarily endomorphisms) of a group G in the above context. A simple example of that kind was given in =-=[12]-=-; see also our Section 2. 2. Algebraic public-key cryptographic systems The central requirement for an operational public-key cryptographic system (PKC) is a one-way function; in theory, it is the sec... |

2 |
Random van Kampen diagrams, preprint
- Myasnikov, Ushakov
(Show Context)
Citation Context ...rs in a product. This is why a diffusion mechanism is of paramount importance in any public key exchange protocol based on symbolic computation. We note here that recent work of Myasnikov and Ushakov =-=[16]-=- makes it appear likely that, speaking somewhat informally, in a “generic” group, the amount of work needed to disguise a “generic” element by using defining relations is about the same as needed to r... |

2 |
Shpilrain V.: On the Andrews-Curtis equivalence. In: Combinatorial and geometric group theory
- Myasnikov, Myasnikov
- 2002
(Show Context)
Citation Context ...s used before in a different context, namely, in attempts to attack the Andrews-Curtis conjecture, a notoriously difficult problem in low-dimensional topology and combinatorial group theory (see e.g. =-=[15]-=-). The idea is to break down defining relations of a group into “small pieces”. More formally, we replace a given group G by an isomorphic group where all relators havesCOMBINATORIAL GROUP THEORY AND ... |

1 | A.: Random van Kampen diagrams - Myasnikov, Ushakov |