The goal of this paper is to introduce ideas and methodology of the generic case complexity to cryptography community. This relatively new approach allows one to analyze the behavior of an algorithm on “most” inputs in a simple and intuitive fashion which has some practical advantages over classical methods based on averaging. We present an alternative definition of one-way function using the concepts of generic case complexity and show its equivalence to the standard definition. In addition we demonstrate the convenience of the new approach by giving a short proof that extending adversaries to a larger class of partial algorithms with errors does not change the strength of the security assumption.

The Anshel-Anshel-Goldfeld-Lemieux (abbreviated AAGL) key agreement protocol [Contemp. Math. 418: 1–34, 2006] is proposed to be used on low-cost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser TM (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and point-of-sale applications. In this paper we revisit the computational problem on which AE relies and heuristically analyze its hardness. We show that for proposed parameter values it is impossible to instantiate a secure protocol. To be more precise, in 100% of randomly generated instances of the protocol we were able to find a secret conjugator z generated by the TTP algorithm (part of AAGL protocol).

A method for non-abelian Cramer-Shoup cryptosystem is presented. The role of decision and search is explored, and the platform of solvable / polycyclic group is suggested. In the process we review recent progress in non-abelian cryptography and post some open problems that naturally arise from this path of research.

This article surveys many standard results about the braid group, with emphasis on simplifying the usual algebraic proofs.

A generalized tetrahedron group is defined to be a group admitting the following presentation: 〈x, y, z | x = y = z = W p 1 (x, y) = W q 2 (y, z) = W r 3 (x, z) = 1〉, 2 ≤ l,m, n, p, q, r, where each Wi(a, b) is a cyclically reduced word involving both a and b. These groups appear in many contexts, not least as fundamental groups of certain hyperbolic orbifolds or as subgroups of generalized triangle groups. In this paper, we build on previous work to show that the Tits alternative holds for Tsaranov’s generalized tetrahedron groups, that is, if G is a Tsaranov generalized tetrahedron group then G contains a non-abelian free subgroup or is solvable-byfinite. The term Tits alternative comes from the respective property for finitely generated linear groups over a field (see [10]).

It is an open problem whether the shifted conjugacy (decision) problem in B ∞ is solvable. We settle this problem by reduction to an instance of the simultaneous conjugacy problem in B n for some n ∈ ℕ.

This is the first in a two-part survey of current techniques in algebraic cryptanalysis. After introducing the basic setup of algebraic attacks and discussing several attack scenarios for symmetric cryptosystems, public key cryptosystems, and stream ciphers, we discuss a number of individual methods. The XL, XSL, and MutantXL attacks are based on linearization techniques for multivariate polynomial systems. Then we look at Gröbner basis and border bases methods. In the last section we introduce attacks based on integer programming techniques and try them in some concrete cases.

If two groups are residually-𝑃, their free product is not necessarily so; however, it is known that the free product of residually torsion-free nilpotent groups is again residually torsion-free nilpotent. In this paper it is shown that the free metabelian product of a free nilpotent group of class two with a free abelian group is residually torsion-free nilpotent.

For many groups the structure of finitely generated subgroups is generically simple. That is with asymptotic density equal to one a randomly chosen finitely generated subgroup has a particular well-known and easily analyzed structure. For example a result of D. B. A. Epstein says that a finitely generated subgroup of GL(n, ℝ) is generically a free group. We say that a group G has the generic free group property if any finitely generated subgroup is generically a free group. Further G has the strong generic free group property if given randomly chosen elements g1, . . . , gn in G then generically they are a free basis for the free subgroup they generate. In this paper we show that for any arbitrary free product of finitely generated infinite groups satisfies the strong generic free group property. There are also extensions to more general amalgams - free products with amalgamation and HNN groups. These results have implications in cryptography. In particular several cryptosystems use random choices of subgroups as hard cryptographic problems. In groups with the generic free group property any such cryptosystem may be attackable by a length based attack.