Rainer Steinwandt

Learn More
A simple heuristic approach to the conjugacy problem in braid groups is described. Although it does not provide a general solution to the latter problem, it demonstrates that various proposed key parameters for braid group based cryptographic primitives do not offer acceptable cryptographic security. We give experimental evidence that it is often feasible(More)
We examine the popular proof models for group key establishment of Bresson et al. (LNCS 2248: 290–309, 2001; Proceedings of the 8th ACM conference on computer and communications security (CCS-8), 2001) and point out missing security properties addressing malicious protocol participants. We show that established group key establishment schemes from CRYPTO(More)
As a possible new mathematical basis for authentication and signature schemes, at EUROCRYPT ’96 J. Patarin introduced the isomorphisms of polynomials (IP) problem [4, 5]. In this contribution, we describe an attack on the secret key of IP with one secret and demonstrate its efficiency through examples with realistic parameter sizes. The attack is carried(More)
A protocol compiler is described, that transforms any provably secure authenticated 2-party key establishment into a provably secure authenticated group key establishment with 2 more rounds of communication. The compiler introduces neither idealizing assumptions nor high-entropy secrets, e. g., for signing. In particular, applying the compiler to a(More)
Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. To facilitate the compliance with different privacy policies when several parts of an organization or different enterprises cooperate, it is crucial to have tools at hand that allow for a practical management of varying(More)
We describe a hardware device for supporting the sieving step in integer factoring algorithms like the quadratic sieve or the number field sieve. In analogy to Bernstein’s proposal for speeding up the linear algebra step, we rely on a mesh of very simple processing units. Manufacturing the device at moderate cost with current hardware technology on standard(More)
At CRYPTO ’94, Tillich and Zémor proposed a family of hash functions, based on computing a suitable matrix product in groups of the form $SL_{2}(\mathbb{F}_{2^{n}})$ . We show how to construct collisions between palindromic bit strings of length 2n+2 for Tillich and Zémor’s construction. The approach also yields collisions for related proposals by Petit et(More)
We show that for various choices of the parameters in the SL2(IF2n) hashing scheme, suggested by Tillich and Zémor, messages can be modified without changing the hash value. Moreover, examples of hash functions “with a trapdoor” within this family are given. Due to these weaknesses one should impose at least certain restrictions on the allowed parameter(More)