A Practical Cryptanalysis of the Algebraic Eraser

We present a novel cryptanalysis of the Algebraic Eraser primitive. This key agreement scheme, based on techniques from permutation groups, matrix groups and braid groups, is proposed as an underlying technology for ISO/IEC 29167-20, which is intended for authentication of RFID tags. SecureRF, the company owning the trademark Algebraic Eraser, markets it as suitable in general for lightweight environments such as RFID tags and other IoT applications. Our attack is practical on standard hardware: for parameter sizes corresponding to claimed 128-bit security, our implementation recovers the shared key using less than 8 CPU hours, and less than 64i¾?MB of memory.

[1]  Boaz Tsaban,et al.  Cryptanalysis via Algebraic Spans , 2018, CRYPTO.

[2]  Alexander Ushakov,et al.  Cryptanalysis of the Anshel-Anshel-Goldfeld-Lemieux Key Agreement Protocol , 2009, Groups Complex. Cryptol..

[3]  Guilin Wang Key Agreement , 2007 .

[4]  Derek Atkins,et al.  Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser , 2016, IACR Cryptol. ePrint Arch..

[5]  Boaz Tsaban,et al.  Short expressions of permutations as products and cryptanalysis of the Algebraic Eraser , 2012, Adv. Appl. Math..

[6]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[7]  P. Gunnells,et al.  Algebraic EraserTM : A lightweight , efficient asymmetric key agreement protocol for use in no-power , low-power , and IoT devices , 2015 .

[8]  Paul E. Gunnells On the cryptanalysis of the generalized simultaneous conjugacy search problem and the security of the Algebraic Eraser , 2011, ArXiv.

[9]  Matthew J. B. Robshaw,et al.  On the Security of the Algebraic Eraser Tag Authentication Protocol , 2016, ACNS.

[10]  Boaz Tsaban Polynomial-Time Solutions of Computational Problems in Noncommutative-Algebraic Cryptography , 2013, Journal of Cryptology.

[11]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[13]  DAAN KRAMMER,et al.  Braid groups are , 2002 .

[14]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[15]  Dorian Goldfeld,et al.  Defeating the Kalka--Teicher--Tsaban linear algebra attack on the Algebraic Eraser , 2012, ArXiv.