FINDING N-TH ROOTS IN NILPOTENT GROUPS AND ...

More documents

Recommendations

Info

590 S. Sze, D. Kahrobaei, R. Dambreville, M. Dupas A chosen-ciphertext attack may be used on this protocol: suppose Eve chooses a random m ∈ Z ∗ n and sends c ≡ m 2 (mod n) to Alice, who decrypts c and returns a plaintext y. If y ≡ ±m (mod n), then (m − y,n) is one of the prime factors of n. If y ≡ ±m mod n, Eve repeats the attack with m 3 . To avoid this attack and the problem Alice has in deciding the correct m from c ≡ m 2 (mod n), an additional redundancy is added to the original plaintext prior to encryption. With high probability, one of the four solutions will have redundancy so Alice will not have difficulty deciding the correct m. Furthermore, if Eve tries to use the chosen-ciphertext attack, Alice will always recover the correct m (assuming Eve follows the redundancy requirement, otherwise Alice will not be able to decrypt her message because none of the four values for m will have redundancy). 8.3. Complexity of Finding Square Roots Recall that factoring n and computing square roots modulo n are computationally equivalent; that is, there is an algorithm that solves the factoring problem which uses an algorithm for solving the square root problem and vice versa. Computing square root modulo p, where p is prime, can be performed efficiently, but computing square root modulo n, where n is composite, is difficult when the prime factors are unknown. When p ≡ 3 (mod 4), the algorithm used to compute the square root has running time of O((log 2 p) 3 ) bit operations. In general, to compute the square root modulo p, the expected running time is O((log 2 p) 4 ) bit operations. When p and q are known, decrypting the Rabin cryptosystem requires O(log n) bit operations, which is quick. If there is an algorithm which can find the square root modulo n in polynomial time, then the algorithm can be used to factor n in expected polynomial time. This means that if we assume that factoring n is hard, then it will be difficult to find square roots modulo n. 9. Cryptosystems Based on n-Engel Groups 9.1. A public Key Based on 2-Engel Groups A satellite generates some data from a 2-Engel group. Alice and Bob choose two elements x(s,t) and y(s,t) respectively as their secret keys. Then Alice sends x 2 to Bob and Bob sends y 2 to Alice. Since in any 2-engel group, xy 2 x = yx 2 y,
FINDING N-TH ROOTS IN NILPOTENT GROUPS... 591 they both agree on a key. The security of this scheme lies on the difficulty of finding square roots in 2-Engel groups. (see [7] for more information about this part.) One could extend this scheme to other n-Engel groups, since there are similar relations in them as well (see [17]). 9.2. A Digital Signature Based on 4-Engel Groups Consider a 4-Engel group, which is nilpotent and satisfies the following semigroup law: xy 2 xyx 2 y 2 x 2 yxy 2 xyx 2 yxy 2 x 2 y 2 xyx 2 y = yx 2 yxy 2 x 2 y 2 xyx 2 yxy 2 xyx 2 y 2 x 2 yxy 2 x The idea to make a digital signature is as follows: Suppose x and y are secret and x 2 , y 2 , xy 2 x and xy 2 x 2 y 2 x public information. The public key is x 2 and the signature is the tuple of xy 2 x and xy 2 x 2 y 2 x. The verifier knows y, so he only needs to verify both of the semigroup identity. The security of this digital signature lies on the fact that the complexity of finding square root in a 4-Engel group is experimentally proved to be exponential. The Hirsch length of a 4−Engel group could even be 88 and nilpotent of class 9 (see Werner Nickel’s webpage and [12]) and by the best known algorithm by Nickel, we know that the complexity of finding matrix representations in a nilpotent group of class 9 and Hirsch length 88 is exponential; which ultimately gives us a solution to finding a square root in the underlying 4-engel group. Acknowledgments The authors are grateful to Professor Michael Anshel for helpful discussion in the early stage of this project. The authors also thank Professor Gilbert Baumslag for his useful comments. Delaram Kahrobaei, would like to thank Professor Derek Holt for his helpful comments during her visit to Warwick University. The research of Delaram Kahrobaei has been supported by a grant from the City Tech Foundation and PSC CUNY Research Foundation of CUNY. The research of Makenson and Renald has been supported by City Tech Foundation and NSF-AMP.
Page 1 and 2: International Journal of Pure and A
Page 3 and 4: FINDING N-TH ROOTS IN NILPOTENT GRO
Page 19: FINDING N-TH ROOTS IN NILPOTENT GRO

FINDING N-TH ROOTS IN NILPOTENT GROUPS AND ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?