Results 1  10
of
98
Conjugacy problem for braid groups and Garside groups
, 2002
"... We present a new algorithm to solve the conjugacy problem in Artin braid groups, which is faster than the one presented by Birman, Ko and Lee [3]. This algorithm can be applied not only to braid groups, but to all Garside groups (which include finite type Artin groups and torus knot groups among oth ..."
Abstract

Cited by 48 (8 self)
 Add to MetaCart
We present a new algorithm to solve the conjugacy problem in Artin braid groups, which is faster than the one presented by Birman, Ko and Lee [3]. This algorithm can be applied not only to braid groups, but to all Garside groups (which include finite type Artin groups and torus knot groups among others).
A new approach to the conjugacy problem in Garside groups
, 2008
"... The cycling operation endows the super summit set Sx of any element x of a Garside group G with the structure of a directed graph Γx. We establish that the subset Ux of Sx consisting of the circuits of Γx can be used instead of Sx for deciding conjugacy to x in G, yielding a faster and more practica ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
The cycling operation endows the super summit set Sx of any element x of a Garside group G with the structure of a directed graph Γx. We establish that the subset Ux of Sx consisting of the circuits of Γx can be used instead of Sx for deciding conjugacy to x in G, yielding a faster and more practical solution to the conjugacy problem for Garside groups. Moreover, we present a probabilistic approach to the conjugacy search problem in Garside groups. The results are likely to have implications for the security of recently proposed cryptosystems based on the hardness of problems related to the conjugacy (search) problem in braid groups.
LengthBased Attacks for Certain Group Based Encryption Rewriting Systems
, 2002
"... In this note, we describe a probabilistic attack on public key cryptosystems based on the word/conjugacy problems for finitely presented groups of the type proposed recently by Anshel, Anshel and Goldfeld. In such a scheme, one makes use of the property that in the given group the word problem has a ..."
Abstract

Cited by 39 (1 self)
 Add to MetaCart
In this note, we describe a probabilistic attack on public key cryptosystems based on the word/conjugacy problems for finitely presented groups of the type proposed recently by Anshel, Anshel and Goldfeld. In such a scheme, one makes use of the property that in the given group the word problem has a polynomial time solution, while the conjugacy problem has no known polynomial solution. An example is the braid group from topology in which the word problem is solvable in polynomial time while the only known solutions to the conjugacy problem are exponential. The attack in this paper is based on having a canonical representative of each string relative to which a length function may be computed. Hence the term length attack. Such canonical representatives are known to exist for the braid group.
An Efficient Implementation of Braid Groups
 Advances in Cryptology: Proceedings of ASIACRYPT 2001, Lecture Notes in Computer Science
, 2001
"... Abstract. We implement various computations in the braid groups via practically efficient and theoretically optimized algorithms whose pseudocodes are provided. The performance of an actual implementation under various choices of parameters is listed. 1 ..."
Abstract

Cited by 34 (5 self)
 Add to MetaCart
Abstract. We implement various computations in the braid groups via practically efficient and theoretically optimized algorithms whose pseudocodes are provided. The performance of an actual implementation under various choices of parameters is listed. 1
Thompson’s group and public key cryptography
 In Third International Conference, ACNS 2005
, 2005
"... Abstract. Recently, several public key exchange protocols based on symbolic computation in noncommutative (semi)groups were proposed as a more efficient alternative to well established protocols based on numeric computation. Notably, the protocols due to AnshelAnshelGoldfeld and KoLee et al. exp ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
Abstract. Recently, several public key exchange protocols based on symbolic computation in noncommutative (semi)groups were proposed as a more efficient alternative to well established protocols based on numeric computation. Notably, the protocols due to AnshelAnshelGoldfeld and KoLee et al. exploited the conjugacy search problem in groups, which is a ramification of the discrete logarithm problem. However, it is a prevalent opinion now that the conjugacy search problem alone is unlikely to provide sufficient level of security no matter what particular group is chosen as a platform. In this paper we employ another problem (we call it the decomposition problem), which is more general than the conjugacy search problem, and we suggest to use R. Thompson’s group as a platform. This group is well known in many areas of mathematics, including algebra, geometry, and analysis. It also has several properties that make it fit for cryptographic purposes. In particular, we show here that the word problem in Thompson’s group is solvable in almost linear time. 1
Entity authentication schemes using braid word reduction
 Proc. Internat. Workshop on Coding and Cryptography, 153–164
, 2003
"... Abstract. Artin’s braid groups currently provide a promising background for cryptographical applications, since the first cryptosystems using braids were introduced in [2, 3, 18] (see also [22]). A variety of key agreement protocols based on braids have been described, but few authentication or sign ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
Abstract. Artin’s braid groups currently provide a promising background for cryptographical applications, since the first cryptosystems using braids were introduced in [2, 3, 18] (see also [22]). A variety of key agreement protocols based on braids have been described, but few authentication or signature schemes have been proposed so far. We introduce three authentication schemes based on braids, two of them being zeroknowledge interactive proofs of knowledge. Then we discuss their possible implementations, involving normal forms or an alternative braid algorithm, called handle reduction, which can achieve good efficiency under specific requirements. 1.
A Linear Algebraic Attack on the AAFG1 Braid Group Cryptosystem
 In 7th Australasian Conference on Information Security and Privacy, ACISP’02, Lecture Notes in Computer Science
, 2002
"... Our purpose is to describe a promising linear algebraic attack on the AAFG1 braid group cryptosystem proposed in [2] employing parameters suggested by the authors. Our method employs the well known Burau matrix representation of the braid group and techniques from computational linear algebra and pr ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Our purpose is to describe a promising linear algebraic attack on the AAFG1 braid group cryptosystem proposed in [2] employing parameters suggested by the authors. Our method employs the well known Burau matrix representation of the braid group and techniques from computational linear algebra and provide evidence which shows that at least a certain class of keys are weak. We argue that if AAFG1 is to be viable the parameters must be fashioned to defend against this attack. 1
Potential Weaknesses of the Commutator Key Agreement Protocol Based on Braid Groups
 In: Advances in cryptology – EUROCRYPT 2002, 14–28 (Lecture Notes Comp. Sc
"... Abstract. The braid group with its conjugacy problem is one of the recent hot issues in cryptography. At CTRSA 2001, Anshel, Anshel, Fisher, and Goldfeld proposed a commutator key agreement protocol (KAP) based on the braid groups and their colored Burau representation. Its security is based on the ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
Abstract. The braid group with its conjugacy problem is one of the recent hot issues in cryptography. At CTRSA 2001, Anshel, Anshel, Fisher, and Goldfeld proposed a commutator key agreement protocol (KAP) based on the braid groups and their colored Burau representation. Its security is based on the multiple simultaneous conjugacy problem (MSCP) plus a newly adopted key extractor. This article shows how to reduce finding the shared key of this KAP to the listMSCPs in a permutation group and in a matrix group over a finite field. We also develop a mathematical algorithm for the MSCP in braid groups. The former implies that the usage of colored Burau representation in the key extractor causes a new weakness, and the latter can be used as a tool to investigate the security level of their KAP.
The conjugacy search problem in public key cryptography: unnecessary and insufficient, IACR ePrint Archive, November 2004, Online available at http://eprint.iacr.org/2004/321.pdf
"... Abstract. The conjugacy search problem in a group G is the problem of recovering an x ∈ G from given g ∈ G and h = x −1 gx. This problem is in the core of several recently suggested public key exchange protocols, most notably the one due to Anshel, Anshel, and Goldfeld, and the one due to Ko, Lee at ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
Abstract. The conjugacy search problem in a group G is the problem of recovering an x ∈ G from given g ∈ G and h = x −1 gx. This problem is in the core of several recently suggested public key exchange protocols, most notably the one due to Anshel, Anshel, and Goldfeld, and the one due to Ko, Lee at al. In this note, we make two observations that seem to have eluded most people’s attention. The first observation is that solving the conjugacy search problem is not necessary for an adversary to get the common secret key in the KoLee protocol. It is sufficient to solve an apparently easier problem of finding x, y∈Gsuch that h = ygx for given g,h∈G. Another observation is that solving the conjugacy search problem is not sufficient for an adversary to get the common secret key in the AnshelAnshelGoldfeld protocol. 1.
Homomorphic PublicKey Cryptosystems and Encrypting Boolean Circuits
, 2003
"... In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group. ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group.