New Public-Key Cryptosystem Using Braid Groups
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Implementation of Braid Groups
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Practical Attack on Some Braid Group Based Cryptographic Primitives
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Cryptanalysis of group-based key agreement protocols using subgroup distance functions
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Cryptanalysis of Stickel's key exchange scheme
CSR'08 Proceedings of the 3rd international conference on Computer science: theory and applications
Towards provably secure group key agreement building on group theory
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
| Hi-index | 0.01 |
Recently, several public key exchange protocols based on symbolic computation in non-commutative (semi)groups were proposed as a more efficient alternative to well established protocols based on numeric computation. Notably, the protocols due to Anshel-Anshel-Goldfeld and Ko-Lee et al. exploited the conjugacy search problem in groups, which is a ramification of the discrete logarithm problem. However, it is a prevalent opinion now that the conjugacy search problem alone is unlikely to provide sufficient level of security no matter what particular group is chosen as a platform. In this paper we employ another problem (we call it the decomposition problem), which is more general than the conjugacy search problem, and we suggest to use R. Thompson's group as a platform. This group is well known in many areas of mathematics, including algebra, geometry, and analysis. It also has several properties that make it fit for cryptographic purposes. In particular, we show here that the word problem in Thompson's group is solvable in almost linear time.