Factoring Products of Braids via Garside Normal Form

Braid groups are infinite non-abelian groups naturally arising from geometric braids. For two decades they have been proposed for cryptographic use. In braid group cryptography public braids often contain secret braids as factors and it is hoped that rewriting the product of braid words hides individual factors. We provide experimental evidence that this is in general not the case and argue that under certain conditions parts of the Garside normal form of factors can be found in the Garside normal form of their product. This observation can be exploited to decompose products of braids of the form ABC when only B is known.

[1]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[2]  Volker Gebhardt A New Approach to the Conjugacy Problem in Garside Groups , 2003 .

[3]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[4]  Hugh R. Morton,et al.  ALGORITHMS FOR POSITIVE BRAIDS , 1994 .

[5]  Derek Atkins,et al.  Kayawood, a Key Agreement Protocol , 2017, IACR Cryptol. ePrint Arch..

[6]  V. Gebhardt,et al.  Normal forms of random braids , 2013, 1302.6676.

[7]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[8]  Boaz Tsaban,et al.  A Practical Cryptanalysis of the Algebraic Eraser , 2016, CRYPTO.

[9]  Giacomo Micheli,et al.  A Practical Cryptanalysis of WalnutDSA , 2017, IACR Cryptol. ePrint Arch..

[10]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[11]  Alexander Ushakov,et al.  An attack on the Walnut digital signature algorithm , 2018, IACR Cryptol. ePrint Arch..

[12]  Alexander Ushakov,et al.  Length Based Attack and Braid Groups: Cryptanalysis of Anshel-Anshel-Goldfeld Key Exchange Protocol , 2007, Public Key Cryptography.

[13]  Boaz Tsaban,et al.  Short expressions of permutations as products and cryptanalysis of the Algebraic Eraser , 2012, Adv. Appl. Math..

[14]  Jung Hee Cheon,et al.  New Public-Key Cryptosystem Using Braid Groups , 2000, CRYPTO.

[15]  Emil Artin,et al.  Theorie der Zöpfe , 1925 .

[16]  Derek Atkins,et al.  WalnutDSA(TM): A Quantum Resistant Group Theoretic Digital Signature Algorithm , 2017, IACR Cryptol. ePrint Arch..

[17]  Juan González-Meneses,et al.  The cyclic sliding operation in Garside groups , 2008, 0808.1430.

[18]  Vladimir Shpilrain,et al.  Thompson's Group and Public Key Cryptography , 2005, ACNS.

[19]  Joan S. Birman,et al.  A new approach to the word and conjugacy problems in the braid groups , 1997 .

[20]  Boaz Tsaban,et al.  Cryptanalysis via Algebraic Spans , 2018, CRYPTO.

[21]  Anton Stolbunov,et al.  Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves , 2010, Adv. Math. Commun..

[22]  Xavier Bressaud A NORMAL FORM FOR BRAIDS , 2008 .

[23]  Patrick Dehornoy,et al.  A Fast Method for Comparing Braids , 1997 .

[24]  Joan S. Birman,et al.  Braids, Links, and Mapping Class Groups. (AM-82) , 1975 .

[25]  Allen R. Tannenbaum,et al.  Length-Based Attacks for Certain Group Based Encryption Rewriting Systems , 2003, IACR Cryptol. ePrint Arch..

[26]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[27]  D. Goldfeld,et al.  An algebraic method for public-key cryptography , 1999 .

[28]  David Garber,et al.  Braid Group Cryptography , 2007, ArXiv.

[29]  Patrick Dehornoy Alternating normal forms for braids and locally Garside monoids monoids , 2007 .

[30]  Giacomo Micheli,et al.  A Practical Cryptanalysis of WalnutDSA , 2017, IACR Cryptol. ePrint Arch..

[31]  Juan González-Meneses,et al.  Generating random braids , 2013, J. Comb. Theory, Ser. A.

[32]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[33]  F. A. Garside,et al.  THE BRAID GROUP AND OTHER GROUPS , 1969 .

[34]  Simon R. Blackburn,et al.  Practical attacks against the Walnut digital signature scheme , 2018, IACR Cryptol. ePrint Arch..

[35]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[36]  Bo-Yin Yang,et al.  Multivariate Public Key Cryptography , 2009 .

[37]  Volker Gebhardt,et al.  Conjugacy in Garside groups I: cyclings, powers and rigidity , 2006, math/0605230.

[38]  Werner Burau,et al.  Über Zopfgruppen und gleichsinnig verdrillte Verkettungen , 1935 .

[39]  David B. A. Epstein,et al.  Word processing in groups , 1992 .

[40]  Iris Anshel,et al.  New Key Agreement Protocols in Braid Group Cryptography , 2001, CT-RSA.