Designs, Codes and Cryptography

, Volume 32, Issue 1–3, pp 207–216 | Cite as

On the Security of Two Public Key Cryptosystems Using Non-Abelian Groups

  • M. I. González Vasco
  • D. Hofheinz
  • C. Martínez
  • R. Steinwandt


The security of two public key encryption schemes relying on the hardness of different computational problems in non-abelian groups is investigated. First, an attack on a conceptual public key scheme based on Grigorchuk groups is presented. We show that from the public data one can easily derive an “equivalent” secret key that allows the decryption of arbitrary messages encrypted under the public key. Hereafter, a security problem in another conceptual public key scheme based on non-abelian groups is pointed out. We show that in the present form the BMW scheme is vulnerable to an attack, which can recover large parts of the private subgroup chain from the public key.

public key encryption non-abelian groups word problem logarithmic signatures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    J.-C. Birget, S. S. Magliveras and W. Wei, Trap doors from subgroup chains and recombinant bilateral transversals. In Proceedings of RECSI VII, (2002) pp. 31–48.Google Scholar
  2. 2.
    J.-M. Bohli, M. I. González Vasco and R. Steinwandt, Weak keys in MST1, Cryptology ePrint Archive: Report 2002/070 (2002). At the time of writing available at Scholar
  3. 3.
    P. J. Cameron, Some measures of finite groups related to permutation bases. At the time of writing available at Scholar
  4. 4.
    P. J. Cameron, R. Solomon and A. Turull, Chains of subgroups in symmetric groups, Journal of Algebra, Vol. 127 (1989) pp. 340–352.Google Scholar
  5. 5.
    E. Detomi, A. Lucchini and F. Morini, How many elements are needed to generate a finite group with good probability? Israel J. Math., Vol. 132 (2002) pp. 29–44.Google Scholar
  6. 6.
    M. Garzon and Y. Zalcstein, The complexity of Grigorchuk groups with application to cryptography, Theoretical Computer Science, Vol. 88, No. 1 (1991) pp. 83–98.Google Scholar
  7. 7.
    S. S. Magliveras and N. D. Memon, Properties of cryptosystem PGM. In Advances in Cryptology, Proceedings of CRYPTO 1989, Lecture Notes on Computer Science, Springer-Verlag, Berlin (1989) pp. 447–460.Google Scholar
  8. 8.
    S. S. Magliveras, D. R. Stinson and T. van Trung, New approaches to designing public key cryptosystems using one-way functions and trapdoors in finite groups, Journal of Cryptology, Vol. 15, No. 4 (2002) pp. 285–297.Google Scholar
  9. 9.
    A. McIver and P. M. Neumann, Enumerating finite groups, Quart. J. Math., Vol. 38, No. 2 (1987) pp. 473–488.Google Scholar
  10. 10.
    N. R. Wagner and M. R. Magyarik, A public key cryptosystem based on the word problem. In (G. R. Blakley and D. Chaum, eds.), Advances in Cryptology, Proceedings of CRYPTO 1984, volume 196 of Lecture Notes in Computer Science, Springer (1985) pp. 19–36.Google Scholar

Copyright information

© Kluwer Academic Publishers 2004

Authors and Affiliations

  • M. I. González Vasco
    • 1
  • D. Hofheinz
    • 2
  • C. Martínez
    • 1
  • R. Steinwandt
    • 2
  1. 1.Spain
  2. 2.Institut für Algorithmen und Kognitive Systeme, Arbeitsgruppe Systemsicherheit, Th. BethUniversität KarlsruheKarlsruheGermany

Personalised recommendations