## New Public-key Cryptosystem Using Braid Groups (2000)

### Cached

### Download Links

- [www.iacr.org]
- [knot.kaist.ac.kr]
- [crypt.kaist.ac.kr]
- [www.mathmagic.cn]
- DBLP

### Other Repositories/Bibliography

Venue: | Advances in cryptology—CRYPTO 2000 (Santa Barbara, CA), 166–183, Lecture Notes in Comput. Sci. 1880 |

Citations: | 95 - 4 self |

### BibTeX

@INPROCEEDINGS{Ko00newpublic-key,

author = {Ki Hyoung Ko and Sang Jin Lee and Jung Hee Cheon and Jae Woo Han and Ju-sung Kang and Choonsik Park},

title = {New Public-key Cryptosystem Using Braid Groups},

booktitle = {Advances in cryptology—CRYPTO 2000 (Santa Barbara, CA), 166–183, Lecture Notes in Comput. Sci. 1880},

year = {2000},

pages = {166--183},

publisher = {Springer}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. The braid groups are infinite non-commutative groups naturally arising from geometric braids. The aim of this article is twofold. One is to show that the braid groups can serve as a good source to enrich cryptography. The feature that makes the braid groups useful to cryptography includes the followings: (i) The word problem is solved via a fast algorithm which computes the canonical form which can be efficiently manipulated by computers. (ii) The group operations can be performed efficiently. (iii) The braid groups have many mathematically hard problems that can be utilized to design cryptographic primitives. The other is to propose and implement a new key agreement scheme and public key cryptosystem based on these primitives in the braid groups. The efficiency of our systems is demonstrated by their speed and information rate. The security of our systems is based on topological, combinatorial and group-theoretical problems that are intractible according to our current mathematical knowledge. The foundation of our systems is quite different from widely used cryptosystems based on number theory, but there are some similarities in design. Key words: public key cryptosystem, braid group, conjugacy problem, key exchange, hard problem, non-commutative group, one-way function, public key infrastructure 1

### Citations

2716 | New directions in cryptography
- Diffie, Hellman
- 1976
(Show Context)
Citation Context ...oblem, non-commutative group, one-way function, public key infrastructure 1 Introduction 1.1 Background and previous results Since Diffie and Hellman first presented a public-key cryptosystem(PKC) in =-=[11]-=- using a trapdoor one-way function, many PKC’s have been proposed and broken.s167 Most of successful PKC’s require large prime numbers. The difficulty of factorization of integers with large prime fac... |

1114 |
A public-key cryptosystem and a signature scheme based on discrete logarithms
- ElGamal
- 1985
(Show Context)
Citation Context ...lliams [28, 36], LUC’s scheme [32] or elliptic curve versions of RSA like KMOV [20]. Also the difficulty of the discrete logarithm problem forms the ground of Diffie-Hellman type schemes like ElGamal =-=[12]-=-, elliptic curve cryptosystem, DSS, McCurley [23]. There have been several efforts to develop alternative PKC’s that are not based on number theory. The first attempt was to use NP-hard problems in co... |

600 |
Quantum Cryptography: Public key distribution and coin tossing
- Bennett, Brassard
- 1984
(Show Context)
Citation Context ...ppearance of Brassard theorem [8], there may still be some hopes as Koblitz has noted in [21]. The other systems that are worth to mention are the quantum cryptography proposed by Bennet and Brassard =-=[4]-=- and the lattice cryptography proposed by Goldreich, Goldwasser and Halevi [18]. Another approach is to use hard problems in combinatorial group theory such as the word problem [1, 37, 17] or using th... |

411 |
mapping class groups
- Birman, Braids
- 1974
(Show Context)
Citation Context ...tion, we will briefly introduce the notion of braids and give evidence that the braid groups can also play important roles in cryptography. The general reference for braid theory is the Birman’s book =-=[5]-=- and for the word problem and conjugacy problem, see [6, 13, 14, 16]. This section is composed as follows: §2.1 is the definition of the braid groups. In §2.2 we first summarize the known results on t... |

248 | New directions in cryptography - e, Hellman - 1976 |

205 |
links and mapping class groups
- Birman, Braids
- 1975
(Show Context)
Citation Context ... −1 1 σ2 (b) the generator σi Fig. 1. An example of braid and the generator the braid groups can also play important roles in cryptography. The general reference for braid theory is the Birman’s book =-=[5]-=- and for the word problem and conjugacy problem, see [6,13,14,16]. This section is composed as follows: §2.1 is the definition of the braid groups. In §2.2 we first summarize the known results on the ... |

137 |
Theory of braids
- Artin
- 1947
(Show Context)
Citation Context ...ible improvements of our cryptosystems and possible replacements of the braid groups are discussed in §6. 2 A cryptographic aspect of the braid groups The braid group was first introduced by Artin in =-=[3]-=-. Because these groups play important roles in low dimensional topology, combinatorial group theory ands(a) the 3-braid σ 2 2σ −1 1 σ2 (b) the generator σi Fig. 1. An example of braid and the generato... |

128 | Twenty years of attacks on the RSA cryptosystem - Boneh - 1999 |

123 |
The braid group and other groups, Quart
- Garside
- 1969
(Show Context)
Citation Context ... give evidence that the braid groups can also play important roles in cryptography. The general reference for braid theory is the Birman’s book [5] and for the word problem and conjugacy problem, see =-=[6, 13, 14, 16]-=-. This section is composed as follows: §2.1 is the definition of the braid groups. In §2.2 we first summarize the known results on the word problem (or the canonical form problem). Theorem 1 is import... |

122 | A new approach to the word and conjugacy problems in the braid groups
- Birman, Ko, et al.
- 1998
(Show Context)
Citation Context ... give evidence that the braid groups can also play important roles in cryptography. The general reference for braid theory is the Birman’s book [5] and for the word problem and conjugacy problem, see =-=[6, 13, 14, 16]-=-. This section is composed as follows: §2.1 is the definition of the braid groups. In §2.2 we first summarize the known results on the word problem (or the canonical form problem). Theorem 1 is import... |

122 | Public-key cryptosystems from lattice reduction problems
- Goldreich, Goldwasser, et al.
(Show Context)
Citation Context ...s noted in [21]. The other systems that are worth to mention are the quantum cryptography proposed by Bennet and Brassard [4] and the lattice cryptography proposed by Goldreich, Goldwasser and Halevi =-=[18]-=-. Another approach is to use hard problems in combinatorial group theory such as the word problem [1, 37, 17] or using the Lyndon words [31]. Recently Anshel-Anshel-Goldfeld proposed in [2] a key agre... |

115 | An algebraic method for public-key cryptography
- Anshel, Anshel, et al.
- 1999
(Show Context)
Citation Context ...nd Halevi [18]. Another approach is to use hard problems in combinatorial group theory such as the word problem [1, 37, 17] or using the Lyndon words [31]. Recently Anshel-Anshel-Goldfeld proposed in =-=[2]-=- a key agreement system and a PKC using groups where the word problem is easy but the conjugacy problem is intractible. And they noted that the usage of braid groups is particularly promising. Our pro... |

102 |
H.R.Morton, Algorithms for positive braids
- Elrifai
- 1994
(Show Context)
Citation Context ... give evidence that the braid groups can also play important roles in cryptography. The general reference for braid theory is the Birman’s book [5] and for the word problem and conjugacy problem, see =-=[6, 13, 14, 16]-=-. This section is composed as follows: §2.1 is the definition of the braid groups. In §2.2 we first summarize the known results on the word problem (or the canonical form problem). Theorem 1 is import... |

38 |
Word Processing in Groups
- Epstein, Cannon, et al.
- 1992
(Show Context)
Citation Context ...ut an attack to Generalized Conjugacy Search Problem.s5.3 Attack using the super summit set 181 The adversary may try to use a mathematical solution to the conjugacy problem by Garside [16], Thurston =-=[14]-=-, Elrifai-Morton [13] and Birman-Ko-Lee [6]. But the known algorithms find an element a ∈ Bℓ+r, not in LBℓ. Hence the attack using the super summit set will not be successful. 6 Further study 1. We th... |

33 |
Breaking Iterated Knapsacks
- Brickell
- 1985
(Show Context)
Citation Context ...-Hellman Knapsack [24] and its modifications. Though many cryptographers have been pessimistic about combinatorial cryptography after the breakdown of the Knapsack-type PKC’s by Shamir [30], Brickell =-=[9]-=-, Lagarias [22], Odlyzko [26], Vaudenay [35] and others, and after the appearance of Brassard theorem [8], there may still be some hopes as Koblitz has noted in [21]. The other systems that are worth ... |

33 | A fast method for comparing braids - Dehornoy - 1997 |

26 | Quantum cryptography: Public key distribution and coin tossing - Bennet, Brassard - 1984 |

25 |
A note on the complexity of cryptography
- Brassard
- 1979
(Show Context)
Citation Context ...inatorial cryptography after the breakdown of the Knapsack-type PKC’s by Shamir [30], Brickell [9], Lagarias [22], Odlyzko [26], Vaudenay [35] and others, and after the appearance of Brassard theorem =-=[8]-=-, there may still be some hopes as Koblitz has noted in [21]. The other systems that are worth to mention are the quantum cryptography proposed by Bennet and Brassard [4] and the lattice cryptography ... |

20 |
Centralisers in the braid group and singular braid monoid
- Fenn, Rolfsen, et al.
- 1996
(Show Context)
Citation Context ...= 3. If x were decomposed into x1x2z, then by1b −1 = (ax1a −1 )(bx2b −1 )z would be obtained from y1 = (ax1a −1 )x2z and y2 = x1(bx2b −1 )z without knowing a and b. It is shown by Fenn-Rolfsen-Zhu in =-=[15]-=- that (ℓ + r)-braids that commute with RBr (or LBℓ) are of the form x1z (or x2z, respectively) up to full twists ∆ 2 ℓ and ∆2 r of left ℓ strands and right rs176 Fig. 4. An example of reducible braid ... |

16 |
The complexity of Grigorchuk groups with application to cryptography, Theoret
- Garzon, Zalcstein
- 1991
(Show Context)
Citation Context ...Bennet and Brassard [4] and the lattice cryptography proposed by Goldreich, Goldwasser and Halevi [18]. Another approach is to use hard problems in combinatorial group theory such as the word problem =-=[1, 37, 17]-=- or using the Lyndon words [31]. Recently Anshel-Anshel-Goldfeld proposed in [2] a key agreement system and a PKC using groups where the word problem is easy but the conjugacy problem is intractible. ... |

4 |
From the Post-Markov theorem through decision problems to public-key cryptography
- Anshel, Anshel
- 1993
(Show Context)
Citation Context ...Bennet and Brassard [4] and the lattice cryptography proposed by Goldreich, Goldwasser and Halevi [18]. Another approach is to use hard problems in combinatorial group theory such as the word problem =-=[1, 37, 17]-=- or using the Lyndon words [31]. Recently Anshel-Anshel-Goldfeld proposed in [2] a key agreement system and a PKC using groups where the word problem is easy but the conjugacy problem is intractible. ... |