Abstract The definition of graph automatic groups by Kharlampovich, Khoussainov and Miasnikov and its extension to 𝒞-graph automatic by Elder and the first author raise the question of whether Thompson's group F is graph automatic. We define a language of normal forms based on the combinatorial “caret types”, which arise when elements of F are considered as pairs of finite rooted binary trees. The language is accepted by a finite state machine with two counters, and forms the basis of a 3-counter graph automatic structure for the group.
{"title":"Tree-based language complexity of Thompson's group F","authors":"J. Taback, Sharif Younes","doi":"10.1515/gcc-2015-0009","DOIUrl":"https://doi.org/10.1515/gcc-2015-0009","url":null,"abstract":"Abstract The definition of graph automatic groups by Kharlampovich, Khoussainov and Miasnikov and its extension to 𝒞-graph automatic by Elder and the first author raise the question of whether Thompson's group F is graph automatic. We define a language of normal forms based on the combinatorial “caret types”, which arise when elements of F are considered as pairs of finite rooted binary trees. The language is accepted by a finite state machine with two counters, and forms the basis of a 3-counter graph automatic structure for the group.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"35 1","pages":"135 - 152"},"PeriodicalIF":0.0,"publicationDate":"2015-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74807542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract Lattice rounding in Euclidean space can be viewed as finding the nearest point in the orbit of an action by a discrete group, relative to the norm inherited from the ambient space. Using this point of view, we initiate the study of non-abelian analogs of lattice rounding involving matrix groups. In one direction, we consider an algorithm for solving a normed word problem when the inputs are random products over a basis set, and give theoretical justification for its success. In another direction, we prove a general inapproximability result which essentially rules out strong approximation algorithms (i.e., whose approximation factors depend only on dimension) analogous to LLL in the general case.
{"title":"Non-abelian analogs of lattice rounding","authors":"Evgeni Begelfor, S. Miller, R. Venkatesan","doi":"10.1515/gcc-2015-0010","DOIUrl":"https://doi.org/10.1515/gcc-2015-0010","url":null,"abstract":"Abstract Lattice rounding in Euclidean space can be viewed as finding the nearest point in the orbit of an action by a discrete group, relative to the norm inherited from the ambient space. Using this point of view, we initiate the study of non-abelian analogs of lattice rounding involving matrix groups. In one direction, we consider an algorithm for solving a normed word problem when the inputs are random products over a basis set, and give theoretical justification for its success. In another direction, we prove a general inapproximability result which essentially rules out strong approximation algorithms (i.e., whose approximation factors depend only on dimension) analogous to LLL in the general case.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"49 1","pages":"117 - 133"},"PeriodicalIF":0.0,"publicationDate":"2015-01-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76542512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with linear functions of one variable over 𝔽 p ${mathbb{F}_{p}}$ . The corresponding hash functions are very efficient. In particular, we show that hashing a bit string of length n with our method requires, in general, at most 2 n ${2n}$ multiplications in 𝔽 p ${mathbb{F}_{p}}$ , but with particular pairs of linear functions that we suggest, one does not need to perform any multiplications at all. We also give explicit lower bounds on the length of collisions for hash functions corresponding to these particular pairs of linear functions over 𝔽 p ${mathbb{F}_{p}}$ .
Cayley哈希函数基于一个简单的思想,即使用一对(半)群元素a和B分别对0和1位进行哈希,然后使用(半)群中元素的乘法以自然的方式对任意位串进行哈希。在本文中,我们主要讨论了一类一元线性函数的哈希问题。相应的哈希函数非常高效。特别地,我们证明了用我们的方法哈希一个长度为n的位串,一般情况下,需要在 p ${mathbb{F}_{p}}$中最多2个n ${2n}$乘法,但是对于我们建议的特定线性函数对,根本不需要执行任何乘法。我们也给出了这些特定的线性函数对对应的哈希函数的碰撞长度的显式下界。
{"title":"Compositions of linear functions and applications to hashing","authors":"V. Shpilrain, Bianca Sosnovski","doi":"10.1515/gcc-2016-0016","DOIUrl":"https://doi.org/10.1515/gcc-2016-0016","url":null,"abstract":"Abstract Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with linear functions of one variable over 𝔽 p ${mathbb{F}_{p}}$ . The corresponding hash functions are very efficient. In particular, we show that hashing a bit string of length n with our method requires, in general, at most 2 n ${2n}$ multiplications in 𝔽 p ${mathbb{F}_{p}}$ , but with particular pairs of linear functions that we suggest, one does not need to perform any multiplications at all. We also give explicit lower bounds on the length of collisions for hash functions corresponding to these particular pairs of linear functions over 𝔽 p ${mathbb{F}_{p}}$ .","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"20 1","pages":"155 - 161"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90294739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract For the class of differentiable modulo pn functions, the numbers of all bijective and transitive functions are found. A recurrent formula for calculating inverse functions is constructed, and the bijectivity and transitivity conditions are formulated.
{"title":"On transitive differentiable modulo pn functions","authors":"A. Ivachev","doi":"10.1515/gcc-2015-0014","DOIUrl":"https://doi.org/10.1515/gcc-2015-0014","url":null,"abstract":"Abstract For the class of differentiable modulo pn functions, the numbers of all bijective and transitive functions are found. A recurrent formula for calculating inverse functions is constructed, and the bijectivity and transitivity conditions are formulated.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"115 1","pages":"183 - 190"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84868022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Hart, Ivo Hedtke, M. Müller-Hannemann, Sandeep Murthy
Abstract We present a new fast search algorithm for 〈m,m,m〉 Triple Product Property (TPP) triples as defined by Cohn and Umans in 2003. The new algorithm achieves a speed-up factor of 40 up to 194 in comparison to the best known search algorithm. With a parallelized version of the new algorithm we are able to search for TPP triples in groups up to order 55. As an application we identify lists “C1” and “C2” of groups that, if they contain a 〈5,5,5〉 TPP triple, could realize 5×5 matrix multiplication with under 100, respectively under 125, scalar multiplications, i.e., the best known upper bound by Makarov (1987), respectively the trivial upper bound. With our new algorithm we show that no group in this list can realize 5×5 matrix multiplication better than Makarov's algorithm. We also show a direction towards a modified group-theoretic search, not covered by the C1 list.
{"title":"A fast search algorithm for 〈m,m,m〉 Triple Product Property triples and an application for 5×5 matrix multiplication","authors":"S. Hart, Ivo Hedtke, M. Müller-Hannemann, Sandeep Murthy","doi":"10.1515/gcc-2015-0001","DOIUrl":"https://doi.org/10.1515/gcc-2015-0001","url":null,"abstract":"Abstract We present a new fast search algorithm for 〈m,m,m〉 Triple Product Property (TPP) triples as defined by Cohn and Umans in 2003. The new algorithm achieves a speed-up factor of 40 up to 194 in comparison to the best known search algorithm. With a parallelized version of the new algorithm we are able to search for TPP triples in groups up to order 55. As an application we identify lists “C1” and “C2” of groups that, if they contain a 〈5,5,5〉 TPP triple, could realize 5×5 matrix multiplication with under 100, respectively under 125, scalar multiplications, i.e., the best known upper bound by Makarov (1987), respectively the trivial upper bound. With our new algorithm we show that no group in this list can realize 5×5 matrix multiplication better than Makarov's algorithm. We also show a direction towards a modified group-theoretic search, not covered by the C1 list.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"2 8 1","pages":"31 - 46"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82030704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract A generic-case approach to algorithmic problems was suggested by Myasnikov, Kapovich, Schupp and Shpilrain in 2003. This approach studies the behavior of an algorithm on typical inputs and ignores the rest of the inputs. In this paper we consider generic complexity of the searching graph isomorphism problem. We fit this problem in the frameworks of generic complexity and prove that its natural subproblem is generically hard provided that the searching graph isomorphism problem is hard in the worst case.
{"title":"On the generic complexity of the searching graph isomorphism problem","authors":"A. Rybalov","doi":"10.1515/gcc-2015-0015","DOIUrl":"https://doi.org/10.1515/gcc-2015-0015","url":null,"abstract":"Abstract A generic-case approach to algorithmic problems was suggested by Myasnikov, Kapovich, Schupp and Shpilrain in 2003. This approach studies the behavior of an algorithm on typical inputs and ignores the rest of the inputs. In this paper we consider generic complexity of the searching graph isomorphism problem. We fit this problem in the frameworks of generic complexity and prove that its natural subproblem is generically hard provided that the searching graph isomorphism problem is hard in the worst case.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"38 1","pages":"191 - 193"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73297881","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract In several recent works of D. Kahrobaei, C. Koupparis, and V. Shpilrain, public-key protocols have been proposed which depend on the difficulty of computing discrete logarithms in matrix rings over group rings. In particular, the specific ring of 3×3 matrices over 𝔽 7 S 5 ${mathbb {F}_7S_5}$ has been proposed for use in some of these protocols. In this paper, we show that the discrete logarithm problem in this matrix ring can be solved on a modern PC in seconds, and we give a solution to the challenge problem over 𝔽 2 S 5 ${mathbb {F}_2S_5}$ proposed in one of the aforementioned works.
在D. Kahrobaei, C. Koupparis和V. Shpilrain最近的几篇文章中,提出了依赖于群环上矩阵环离散对数计算难度的公钥协议。特别地,我们提出了在某些协议中使用3×3矩阵的特定环{mathbb {F}_7S_5}$。本文证明了该矩阵环上的离散对数问题可以在现代PC上以秒为单位求解,并给出了前人提出的挑战问题的一个解。
{"title":"Cryptanalysis of a system using matrices over group rings","authors":"C. Monico, Mara D. Neusel","doi":"10.1515/gcc-2015-0008","DOIUrl":"https://doi.org/10.1515/gcc-2015-0008","url":null,"abstract":"Abstract In several recent works of D. Kahrobaei, C. Koupparis, and V. Shpilrain, public-key protocols have been proposed which depend on the difficulty of computing discrete logarithms in matrix rings over group rings. In particular, the specific ring of 3×3 matrices over 𝔽 7 S 5 ${mathbb {F}_7S_5}$ has been proposed for use in some of these protocols. In this paper, we show that the discrete logarithm problem in this matrix ring can be solved on a modern PC in seconds, and we give a solution to the challenge problem over 𝔽 2 S 5 ${mathbb {F}_2S_5}$ proposed in one of the aforementioned works.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"43 1","pages":"175 - 182"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73566643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract We present a multi-signature scheme based on bilinear pairings. The scheme is key escrow-free and does not require any secure channel for private key issuance to users. We use a binding-blinding technique to avoid the key escrow problem and to eliminate a secure channel requirement for the key issuance stage. The basic scheme is extended to sequential and parallel multi-signature schemes. We show that the basic scheme and multi-signature schemes are secure against adaptive chosen message attacks under standard assumptions.
{"title":"Key-escrow free multi-signature scheme using bilinear pairings","authors":"M. Das","doi":"10.1515/gcc-2015-0002","DOIUrl":"https://doi.org/10.1515/gcc-2015-0002","url":null,"abstract":"Abstract We present a multi-signature scheme based on bilinear pairings. The scheme is key escrow-free and does not require any secure channel for private key issuance to users. We use a binding-blinding technique to avoid the key escrow problem and to eliminate a secure channel requirement for the key issuance stage. The basic scheme is extended to sequential and parallel multi-signature schemes. We show that the basic scheme and multi-signature schemes are secure against adaptive chosen message attacks under standard assumptions.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"16 1","pages":"47 - 57"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87258685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract We propose a novel probabilistic public-key encryption, based on the RSA cryptosystem. We prove that in contrast to the (standard model) RSA cryptosystem each user can choose his own encryption exponent from a more extensive set of positive integers than it can be done by the creator of the concrete RSA cryptosystem who chooses and distributes encryption keys among all users. Moreover, we show that the proposed encryption remains secure even in the case when the adversary knows the factors of the modulus n=pq${n=pq}$ , where p and q are distinct primes. So, the security assumptions are stronger for the proposed encryption than for the RSA cryptosystem. More exactly, the adversary can break the proposed scheme if he can solve the general prime factorization problem for positive integers, in particular for the modulus n=pq${n=pq}$ and the Euler function ϕ(n)=(p-1)(q-1)${varphi (n)=(p-1)(q-1)}$ . In fact, the proposed encryption does not use any extra tools or functions compared to the RSA cryptosystem.
{"title":"New probabilistic public-key encryption based on the RSA cryptosystem","authors":"V. Roman’kov","doi":"10.1515/gcc-2015-0016","DOIUrl":"https://doi.org/10.1515/gcc-2015-0016","url":null,"abstract":"Abstract We propose a novel probabilistic public-key encryption, based on the RSA cryptosystem. We prove that in contrast to the (standard model) RSA cryptosystem each user can choose his own encryption exponent from a more extensive set of positive integers than it can be done by the creator of the concrete RSA cryptosystem who chooses and distributes encryption keys among all users. Moreover, we show that the proposed encryption remains secure even in the case when the adversary knows the factors of the modulus n=pq${n=pq}$ , where p and q are distinct primes. So, the security assumptions are stronger for the proposed encryption than for the RSA cryptosystem. More exactly, the adversary can break the proposed scheme if he can solve the general prime factorization problem for positive integers, in particular for the modulus n=pq${n=pq}$ and the Euler function ϕ(n)=(p-1)(q-1)${varphi (n)=(p-1)(q-1)}$ . In fact, the proposed encryption does not use any extra tools or functions compared to the RSA cryptosystem.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"1 1","pages":"153 - 156"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89527461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract We discuss a new attack, termed a dimension or linear decomposition attack, on several known group-based cryptosystems. This attack gives a polynomial time deterministic algorithm that recovers the secret shared key from the public data in all the schemes under consideration. Furthermore, we show that in this case, contrary to the common opinion, the typical computational security assumptions are not very relevant to the security of the schemes, i.e., one can break the schemes without solving the algorithmic problems on which the assumptions are based.
{"title":"A linear decomposition attack","authors":"A. Myasnikov, V. Roman’kov","doi":"10.1515/gcc-2015-0007","DOIUrl":"https://doi.org/10.1515/gcc-2015-0007","url":null,"abstract":"Abstract We discuss a new attack, termed a dimension or linear decomposition attack, on several known group-based cryptosystems. This attack gives a polynomial time deterministic algorithm that recovers the secret shared key from the public data in all the schemes under consideration. Furthermore, we show that in this case, contrary to the common opinion, the typical computational security assumptions are not very relevant to the security of the schemes, i.e., one can break the schemes without solving the algorithmic problems on which the assumptions are based.","PeriodicalId":41862,"journal":{"name":"Groups Complexity Cryptology","volume":"28 1","pages":"81 - 94"},"PeriodicalIF":0.0,"publicationDate":"2014-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87557012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: