Conjugate adjoining problem in braid groups and new design of braid-based signatures

Abstract

The development of quantum computation casts serious threats to the securities of most existing public-key cryptosystems. Braid-based cryptography is one of the alternatives that have potential advantages in resisting quantum attacks. In this paper, the state of the art of braid cryptography is surveyed, and then a new cryptographic problem—conjugate adjoining problem related to braid groups is proposed. Based on this problem, we design a new braid-based signature scheme. This scheme is efficient and provably secure in the random oracle model. Further, we present the comparison between braid-based signatures and RSA-based ones. The signing process of the braid-based schemes is more efficient than that of RSA-based ones, while the verifying process of the braid-based ones is observably slow. Hence, braid-based signatures are suitable for scenarios where the signing process has to be as quick as possible but delays are permitted in the verifying process, for example, in off-line e-cash systems. The key sizes in braid-based schemes are considerably large—about 2K bits in the case of secret keys and 12K bits in the case of public keys. However, braid operations are much simpler and more efficient than modular exponential operations. Therefore, braid-based schemes can be embedded into devices with low computational ability and large memory space. The capability of braid cryptosystems to resist currently known quantum attacks is also discussed from the perspective of hidden subgroup problems.