Cryptanalysis of a Pseudorandom Generator Based on Braid Groups

  • Rosario Gennaro
  • Daniele Micciancio
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2332)


We show that the decisional version of the Ko-Lee assumption for braid groups put forward by Lee, Lee and Hahn at Crypto 2001 is false, by giving an efficient algorithm that solves (with high probability) the corresponding decisional problem. Our attack immediately applies to the pseudo-random generator and synthesizer proposed by the same authors based on the decisional Ko-Lee assumption, and shows that neither of them is cryptographically secure.


Braid Group Random Oracle Decisional Version Conjugacy Problem Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    I. Anshel, M. Anshel and D. Goldfeld. An Algebraic Method for Public-Key Cryptography. Mathematical Research Letters, 6 (1999), pp. 287–291.MATHMathSciNetGoogle Scholar
  2. 2.
    M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, 1st ACM Conference on Computer and Communications Security, 1993, 62–73.Google Scholar
  3. 3.
    D. Boneh. The Decision Diffie-Hellman Problem. Third Algorithmic Number Theory Symposium. LNCS 1423, pp. 48–63, Springer 1998.CrossRefGoogle Scholar
  4. 4.
    D. Boneh, H. Shacham, and B. Lynn. Short signatures from the Weil pairing. Asiacrypt’ 2001. LNCS 2248, pp. 514–532, Springer-Verlag 2001.CrossRefGoogle Scholar
  5. 5.
    S. Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI (Centre for Mathematics and Computer Science), Amsterdam, 1993.Google Scholar
  6. 6.
    J.L. Carter and M.N. Wegman, Universal classes of hash functions, Journal of Computer and System Sciences 18:143–154, 1979.MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    R. Gennaro, D. Micciancio. Cryptanalysis of a Pseudorandom Generator based on Braid Groups. CRYPTO’2001 rump session, August 2001.Google Scholar
  8. 8.
    O. Goldreich, L. Levin. Hard-core Predicates for any One-way Function. 21st STOC, pp. 25–32, 1989.Google Scholar
  9. 9.
    S. Goldwasser, S. Micali. Probabilistic Encryption. Journal of Computer and System Sciences 28:270–299, April 1984.Google Scholar
  10. 10.
    K.H. Ko, S.J. Lee, J.H. Cheon, J.W. Han, J. Kang, C. Park. New Public-Key Cryptosystem Using Braid Groups. CRYPTO’2000, LNCS 1880, pp. 166–183, Springer 2000.Google Scholar
  11. 11.
    E. Lee, S.J. Lee, S.G. Hahn. Pseudorandomness from Braid Groups. CRYPTO’2001, Springer 2001.Google Scholar
  12. 12.
    T. Okamoto, D. Pointcheval The Gap problem: a new class of problems for the security of cryptographic primitives Public Key Cryptography, PKC 2001, LNCS 1992, Springer-Verlag 2001.Google Scholar
  13. 13.
    E. R. Verheul Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems Eurocrypt’2001. LNCS 2045, p. 195–210Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Rosario Gennaro
    • 1
  • Daniele Micciancio
    • 2
  1. 1.IBM T.J. Watson Research CenterUSA
  2. 2.University of CaliforniaSan Diego, La JollaUSA

Personalised recommendations