• Corpus ID: 153311064

Defeating the Hart et al, Beullens-Blackburn, Kotov-Menshov-Ushakov, and Merz-Petit Attacks on WalnutDSA(TM)

@article{Anshel2019DefeatingTH,
  title={Defeating the Hart et al, Beullens-Blackburn, Kotov-Menshov-Ushakov, and Merz-Petit Attacks on WalnutDSA(TM)},
  author={Iris Anshel and Derek Atkins and Dorian Goldfeld and Paul E. Gunnells},
  journal={IACR Cryptol. ePrint Arch.},
  year={2019},
  volume={2019},
  pages={472}
}
The Walnut Digital Signature Algorithm (WalnutDSA) brings together methods in group theory, representation theory, and number theory, to yield a public-key method that provides a means for messages to be signed and signatures to be verified, on platforms where traditional approaches cannot be executed. After briefly reviewing the various heuristic/practical attacks that have be posited by Hart et al, Beullens-Blackburn, Kotov-Menshov-Ushakov, and Merz-Petit, we detail the parameter choices that… 

The Cracking of WalnutDSA: A Survey

TLDR
The design principles behind WalnutDSA are explained and the main attack strategies that have succeeded, contradicting its claimed security properties are surveyed, as well as the recently-proposed ideas aimed at overcoming these issues.

Use of the Walnut Digital Signature Algorithm with CBOR Object Signing and Encryption (COSE)

This document specifies the conventions for using the Walnut Digital Signature Algorithm (WalnutDSA) for digital signatures with the CBOR Object Signing and Encryption (COSE) syntax. WalnutDSA is a

References

SHOWING 1-10 OF 12 REFERENCES

A Practical Cryptanalysis of WalnutDSA TM

TLDR
The attack given in this paper bypasses the E-Multiplication and cloaked conjugacy search problems at the heart of the algorithm and forges signatures for arbitrary messages in approximately two minutes.

Practical attacks against the Walnut digital signature scheme

TLDR
This paper shows that this structure can be exploited to launch several practical attacks against the Walnut cryptosystem, which relies on a one-way function called E-Multiplication, which has a rich algebraic structure.

An attack on the Walnut digital signature algorithm

TLDR
A heuristic algorithm is presented that allows a passive eavesdropper to recover a substitute for the signer’s private key by removing cloaking elements and then solving a system of conjugacy equations in braids.

Parallel Collision Search with Cryptanalytic Applications

TLDR
The new technique greatly extends the reach of practical attacks, providing the most cost-effective means known to date for defeating: the small subgroup used in certain schemes based on discrete logarithms such as Schnorr, DSA, and elliptic curve cryptosystems; hash functions; and double encryption and three-key triple encryption.

Factoring Products of Braids via Garside Normal Form

TLDR
Experimental evidence is provided that under certain conditions parts of the Garside normal form of factors can be found in the GARSidenormal form of their product and this observation can be exploited to decompose products of braids of the form ABC when only B is known.

The theory of braids.

  • E. Artin
  • Mathematics
    American scientist
  • 1950
A theory of braids leading to a classification was given in my paper "Theorie der Zopfe" in vol. 4 of the Hamburger Abhandlungen (quoted as Z). Most of the proofs are entirely intuitive. That of the

A new approach to the word and conjugacy problems in the braid groups

Abstract A new presentation of the n -string braid group B n is studied. Using it, a new solution to the word problem in B n is obtained which retains most of the desirable features of the

A Fast Method for Comparing Braids

Abstract We describe a new method for comparing braid words which relies both on the automatic structure of the braid groups and on the existence of a linear ordering on braids. This syntactical

The Multivariable Alexander Polynomial for a Closed Braid

. A simple multivariable version of the reduced Burau matrix is constructed for any braid. It is shown how the multivariable Alexander poly- nomial for the closure of the braid can be found directly

THE BRAID GROUP AND OTHER GROUPS