# Cryptanalysis of a Pseudorandom Generator Based on Braid Groups

@inproceedings{Gennaro2002CryptanalysisOA, title={Cryptanalysis of a Pseudorandom Generator Based on Braid Groups}, author={Rosario Gennaro and Daniele Micciancio}, booktitle={EUROCRYPT}, year={2002} }

We show that the decisional version of the Ko-Lee assumption for braid groups put forward by Lee, Lee and Hahn at Crypto 2001 is false, by giving an efficient algorithm that solves (with high probability) the corresponding decisional problem. Our attack immediately applies to the pseudo-random generator and synthesizer proposed by the same authors based on the decisional Ko-Lee assumption, and shows that neither of them is cryptographically secure.

## 11 Citations

### Cryptanalysis of the Public-Key Encryption Based on Braid Groups

- Computer Science, MathematicsEUROCRYPT
- 2003

This paper shows that the private-key can be recovered from the public-key for several parameters with significant probability in a reasonable time and gives a new requirement for secure parameters against the attack, which more or less conflicts with that against brute force attack.

### Cryptanalysis of matrix conjugation schemes

- Computer Science, MathematicsJ. Math. Cryptol.
- 2014

This paper cryptanalyze two protocols: the Grigoriev–Shpilrain authentication protocol and a public key cryptosystem due to Wang, Wang, Cao, Okamoto and Shao and claims that these protocols are insecure for the proposed parameter values.

### A Reaction Attack on a Public Key Cryptosystem Based on the Word Problem

- Computer Science, MathematicsApplicable Algebra in Engineering, Communication and Computing
- 2003

It is proved that in the present form Wagner and Magyarik's approach is vulnerable to so-called reaction attacks, and for the proposed instance it is possible to retrieve the private key just by watching the performance of a legitimate recipient.

### A New Key Exchange Protocol Based on Infinite Non-Abelian Groups

- Mathematics, Computer ScienceSecurity and Communication Networks
- 2022

A shared secret key is constructed which contains two hard problems of equivalent decomposition problem (EDP) and discrete logarithm problem (DLP), and two methods were employed to verify the antiattack for the proposed protocol.

### A Polynomial Time Algorithm for the Braid Diffie-Hellman Conjugacy Problem

- Computer Science, MathematicsCRYPTO
- 2003

The first polynomial time algorithm for the braid Diffie-Hellman conjugacy problem (DHCP) is proposed and the solutions play the equivalent role of the original key for the DHCP of braids.

### Right-Invariance: A Property for Probabilistic Analysis of Cryptography Based on Infinite Groups

- Mathematics, Computer ScienceASIACRYPT
- 2004

This paper pays attention to a property, the so-called right-invariance, which makes finite groups so convenient in cryptography, and gives a mathematical framework for correct, appropriate use of it in infinite groups.

### An Authenticated Group Key Agreement Protocol on Braid groups

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2003

The 2-party key exchange protocol on braid groups is extended and authenticity is provided to the group key agreement protocol based on the hardness of Ko-Lee problem.

### Translation-Randomizable Distributions via Random Walks

- Mathematics, Computer ScienceProvSec
- 2013

This work study the possibility of phrasing random self-reducibility properties for infinite groups in an analogous manner to the case of finite groups with the uniform distribution, using a novel approach based on random walks to construct families of distributions, which are translation-randomizable over infinite groups.

### A new key exchange protocol based on the decomposition problem

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2005

Here two new ideas are introduced that improve the security of key establishment protocols based on the decomposition problem in non-commutative groups by introducing an additional computationally hard problem for the adversary, namely, finding the centralizer of a given finitely generated subgroup.

### Linear representations of braid groups and braid-based cryptography

- Mathematics, Computer Science
- 2007

Braid groups are linear representations of braid groups that have several notions and fundamental properties and some have linear representations that do not have these properties.

## References

SHOWING 1-10 OF 26 REFERENCES

### Pseudorandomness from Braid Groups

- Mathematics, Computer ScienceCRYPTO
- 2001

Some cryptographic primitives under two related assumptions in braid groups are presented: which particular bit of the argument x is pseudorandom given f(x).

### New Public-Key Cryptosystem Using Braid Groups

- Computer Science, MathematicsCRYPTO
- 2000

The aim of this article is to show that the braid groups can serve as a good source to enrich cryptography and to propose and implement a new key agreement scheme and public key cryptosystem based on these primitives in thebraid groups.

### The Decision Diffie-Hellman Problem

- Mathematics, Computer ScienceANTS
- 1998

This paper surveys the recent applications of DDH as well as known results regarding its security, and describes some open problems in this area.

### Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems

- Mathematics, Computer ScienceEUROCRYPT
- 2001

We show that finding an efficiently computable injective homomorphism from the XTR subgroup into the group of points over GF(p2) of a particular type of supersingular elliptic curve is at least as…

### Short Signatures from the Weil Pairing

- Computer Science, MathematicsJ. Cryptol.
- 2004

A short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves is introduced for systems where signatures are typed in by a human or are sent over a low-bandwidth channel.

### Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems

- Mathematics, Computer ScienceJournal of Cryptology
- 2004

Abstract
We show that finding an efficiently computable injective
homomorphism from the XTR subgroup into the group of points over
GF(p2) of a particular type of supersingular elliptic curve is
at…

### Random oracles are practical: a paradigm for designing efficient protocols

- Computer Science, MathematicsCCS '93
- 1993

It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.

### The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes

- Mathematics, Computer SciencePublic Key Cryptography
- 2001

This paper shows the relationship among inverting problems, decision problems and gap problems, and sees how the gap problems find natural applications in cryptography, namely for proving the security of very efficients and for solving a more than 10-year old open security problem: the Chaum's undeniable signature.

### An algebraic method for public-key cryptography

- Computer Science, Mathematics
- 1999

Algebraic key establishment protocols based on the difficulty of solving equations over algebraic structures are described as a theoretical basis for constructing public–key cryptosystems.

### A hard-core predicate for all one-way functions

- Mathematics, Computer ScienceSTOC '89
- 1989

This paper proves a conjecture of [Levin 87, sec. 5.6.2] that the scalar product of Boolean vectors p, g, x is a hard-core of every one-way function ƒ, and extends to multiple (up to the logarithm of security) such bits and to any distribution on the <italic>x</italic>.