Polynomial-Time Solutions of Computational Problems in Noncommutative-Algebraic Cryptography
- 735 Downloads
We introduce the linear centralizer method, and use it to devise a provable polynomial-time solution of the Commutator Key Exchange Problem, the computational problem on which, in the passive adversary model, the security of the Anshel–Anshel–Goldfeld (Anshel et al., Math. Res. Lett. 6:287–291, 1999) Commutator key exchange protocol is based. We also apply this method to solve, in polynomial time, the computational problem underlying the Centralizer key exchange protocol, introduced by Shpilrain and Ushakov in (Contemp. Math. 418:161–167, 2006).
This is the first provable polynomial-time cryptanalysis of the Commutator key exchange protocol, hitherto the most important key exchange protocol in the realm of noncommutative algebraic cryptography, and the first cryptanalysis (of any kind) of the Centralizer key exchange protocol. Unlike earlier cryptanalyses of the Commutator key exchange protocol, our cryptanalyses cannot be foiled by changing the distributions used in the protocol.
Key wordsNoncommutative-algebraic cryptography Group theory-based cryptography Braid-based cryptography Commutator key exchange Centralizer key exchange Braid Diffie–Hellman key exchange Linear cryptanalysis Invertibility lemma Schwartz–Zippel lemma Linear centralizer method Braid infinimum reduction Algebraic cryptanalysis
I worked on the Commutator KEP, from various other angles, since I was introduced to it at the Hebrew University CS Theory seminar, by Alex Lubotzky . I thank Oleg Bogopolski for inviting me, earlier this year (2012), to deliver a minicourse  in the conference Geometric and Combinatorial Group Theory with Applications (Düsseldorf, Germany, July 25–August 3, 2012). Preparing this minicourse, I discovered the linear centralizer attack. Initially, I addressed the Centralizer KEP (Sect. 7). When I moved to consider the Commutator KEP, Arkadius Kalka pointed out an obstacle, mentioned by Shpilrain and Ushakov, that struck me as solvable by linear centralizers. I am indebted to Kalka for making the right comment at the right time.
I also thank David Garber, Arkadius Kalka, and Eliav Levy, and the referees, for comments leading to improvements in the presentation of this paper.
- B. An, K. Ko, A family of pseudo-Anosov braids with large conjugacy invariant sets. arXiv:1203.2320 (2012)
- I. Anshel, M. Anshel, B. Fisher, D. Goldfeld, New key agreement protocols in braid group cryptography, in CT-RSA 2001. Lecture Notes in Computer Science, vol. 2020 (2001), pp. 13–27 Google Scholar
- L. Babai, R. Beals, Á. Seress, Polynomial-time theory of matrix groups, in ACM STOC (2009), pp. 55–64 Google Scholar
- D. Garber, Braid group cryptography, in Braids: Introductory Lectures on Braids, Configurations and Their Applications, ed. by J. Berrick, F.R. Cohen, E. Hanbury, Y.L. Wong, J. Wu. IMS Lecture Notes Series, vol. 19 (National University of Singapore, Singapore, 2009), pp. 329–403 CrossRefGoogle Scholar
- D. Hofheinz, R. Steinwandt, A practical attack on some braid group based cryptographic primitives, in PKC 2003. Lecture Notes in Computer Science, vol. 2567 (2002), pp. 187–198 Google Scholar
- A. Kalka, Representations of braid groups and braid-based cryptography. PhD thesis, Ruhr-Universität Bochum (2007). www-brs.ub.ruhr-uni-bochum.de/netahtml/HSS/Diss/KalkaArkadiusG/
- A. Kalka, Non-associative public key cryptography. 1210.8270 (2012)
- A. Miasnikov, V. Shpilrain, A. Ushakov, Random subgroups of braid groups: an approach to cryptanalysis of a braid group based cryptographic protocol, in PKC 2006. Lecture Notes in Computer Science, vol. 3958 (2006), pp. 302–314 Google Scholar
- A. Miasnikov, V. Shpilrain, A. Ushakov, Non-commutative Cryptography and Complexity of Group-Theoretic Problems. American Mathematical Society Surveys and Monographs, vol. 177 (2011) Google Scholar
- A. Miasnikov, A. Ushakov, Length based attack and braid groups: cryptanalysis of Anshel–Anshel–Goldfeld key exchange protocol, in PKC 2007. Lecture Notes in Computer Science, vol. 4450 (2007), pp. 76–88 Google Scholar
- D. Micciancio, O. Regev, Lattice-based cryptography, in Post-quantum Cryptography, ed. by D. Bernstein, J. Buchmann (Springer, Berlin, 2008) Google Scholar
- A. Lubotzky, Braid group cryptography, in CS Theory Seminar, Hebrew University, March (2001). http://www.cs.huji.ac.il/theorys/2001/Alex_Lubotzky Google Scholar
- V. Shpilrain, Cryptanalysis of Stickel’s key exchange scheme, in Computer Science in Russia. Lecture Notes in Computer Science, vol. 5010 (2008), pp. 283–288 Google Scholar
- V. Shpilrain, A. Ushakov, Thompson’s group and public key cryptography, in ACNS 2005. Lecture Notes in Computer Science, vol. 3531 (2005), pp. 151–164 Google Scholar
- B. Tsaban, The conjugacy problem: cryptoanalytic approaches to a problem of Dehn, Minicourse, Düsseldorf University, Germany, July–August 2012. http://reh.math.uni-duesseldorf.de/~gcgta/slides/Tsaban_minicourses.pdf