A Linear Algebraic Attack on the AAFG1 Braid Group Cryptosystem

Our purpose is to describe a promising linear algebraic attack on the AAFG1 braid group cryptosystem proposed in [2] employing parameters suggested by the authors. Our method employs the well known Burau matrix representation of the braid group and techniques from computational linear algebra and provide evidence which shows that at least a certain class of keys are weak. We argue that if AAFG1 is to be viable the parameters must be fashioned to defend against this attack.

[1]  Ruth Lawrence,et al.  Homological representations of the Hecke algebra , 1990 .

[2]  Elias M. Stein,et al.  Multilinear estimates and fractional integration , 1999 .

[3]  Jack Dongarra,et al.  Implementation in ScaLAPACK of Divide-and-Conquer Algorithms forBanded and Tridiagonal Linear Systems , 1997 .

[4]  Patrick Dehornoy,et al.  A Fast Method for Comparing Braids , 1997 .

[5]  Joan S. Birman,et al.  A new approach to the word and conjugacy problems in the braid groups , 1997 .

[6]  Stephen Bigelow The Burau representation is not faithful for n = 5 , 1999 .

[7]  Antoine Joux,et al.  Cryptanalysis of Another Knapsack Cryptosystem , 1991, ASIACRYPT.

[8]  Hugh R. Morton,et al.  ALGORITHMS FOR POSITIVE BRAIDS , 1994 .

[9]  Jung Hee Cheon,et al.  New Public-Key Cryptosystem Using Braid Groups , 2000, CRYPTO.

[10]  J. Birman Braids, Links, and Mapping Class Groups. , 1975 .

[11]  J. González-Meneses,et al.  Computation of Centralizers in Braid groups and Garside groups , 2002, math/0201243.

[12]  Darren D. Long,et al.  The Burau representation is not faithful for n ≥ 6 , 1993 .

[13]  Werner Burau,et al.  Über Zopfgruppen und gleichsinnig verdrillte Verkettungen , 1935 .

[14]  Stephen J. Bigelow,et al.  Braid groups are linear , 2000, math/0005038.

[15]  Iris Anshel,et al.  New Key Agreement Protocols in Braid Group Cryptography , 2001, CT-RSA.

[16]  Egbert Brieskorn,et al.  Artin-Gruppen und Coxeter-Gruppen , 1972 .

[17]  Alexandre V. Borovik,et al.  Measuring sets in infinite groups , 2002, math/0204078.

[18]  F. A. Garside,et al.  THE BRAID GROUP AND OTHER GROUPS , 1969 .

[19]  Andrew M. Odlyzko,et al.  Cryptanalytic attacks on the multiplicative knapsack cryptosystem and on Shamir's fast signature scheme , 1984, IEEE Trans. Inf. Theory.

[20]  Emil Artin,et al.  Theorie der Zöpfe , 1925 .

[21]  David Naccache,et al.  Why You Cannot Even Hope to use Gröbner Bases in Public Key Cryptography: An Open Letter to a Scientist Who Failed and a Challenge to Those Who Have Not Yet Failed , 1994, J. Symb. Comput..

[22]  Allen R. Tannenbaum,et al.  Length-Based Attacks for Certain Group Based Encryption Rewriting Systems , 2003, IACR Cryptol. ePrint Arch..

[23]  D. Goldfeld,et al.  An algebraic method for public-key cryptography , 1999 .

[24]  Ronald L. Rivest,et al.  Cryptography , 1990, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.