Abstract
This paper shows that an eavesdropper can always recover efficiently the private key of one of the two parts of the public key cryptography protocol introduced by Shpilrain and Ushakov (ACNS 2005, Lecture Notes in Comput. Sci., vol. 3531, pp. 151–163, 2005). Thus an eavesdropper can always recover the shared secret key, making the protocol insecure.
Article PDF
Similar content being viewed by others
References
I. Anshel, M. Anshel, D. Goldfeld, An algebraic method for public-key cryptography. Math. Res. Lett. 6(3–4), 287–291 (1999)
J.M. Belk, Thompson’s Group F. PhD thesis, Cornell University, 2004, arXiv:math.GR/0708.3609v1
J.W. Cannon, W.J. Floyd, W.R. Parry, Introductory notes on Richard Thompson’s groups. Enseign. Math. (2) 42(3–4), 215–256 (1996)
P. Dehornoy, The group of parenthesized braids. Adv. Math. 205(2), 354–409 (2006)
M. Kassabov, F. Matucci, The simultaneous conjugacy problem in Thompson’s group F. Preprint, arXiv:math.GR/0607167v2
K.H. Ko, S.J. Lee, J.H. Cheon, J.W. Han, J. Kang, C. Park, New public-key cryptosystem using braid groups, in Advances in cryptology—CRYPTO 2000 (Santa Barbara, CA). Lecture Notes in Comput. Sci., vol. 1880 (Springer, Berlin, 2000), pp. 166–183
D. Ruinskiy, A. Shamir, B. Tsaban, Length-based cryptanalysis: the case of Thompson’s group. J. Math. Cryptol. (to appear), arXiv:cs/0607079v4
D. Ruinskiy, A. Shamir, B. Tsaban, Cryptanalysis of group-based key agreement protocols using subgroup distance functions, in Proceedings of the 10th International Conference on Practice and Theory in Public-Key Cryptography PKC07. Lecture Notes in Comput. Sci., vol. 4450 (Springer, Berlin, 2007), pp. 61–75
V. Shpilrain, A. Ushakov, Thompson’s group and public key cryptography, in ACNS 2005. Lecture Notes in Comput. Sci., vol. 3531 (Springer, Berlin, 2005), pp. 151–163
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Nigel P. Smart
Rights and permissions
About this article
Cite this article
Matucci, F. Cryptanalysis of the Shpilrain–Ushakov Protocol for Thompson’s Group. J Cryptol 21, 458–468 (2008). https://doi.org/10.1007/s00145-007-9016-4
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-007-9016-4