请输入您要查询的百科知识:

 

词条 Anshel–Anshel–Goldfeld key exchange
释义

  1. Description

  2. Security

  3. See also

  4. References

Anshel–Anshel–Goldfeld protocol, also known as a commutator key exchange, is a key-exchange protocol using nonabelian groups. It was invented by Drs. Michael Anshel, Iris Anshel, and Dorian Goldfeld. Unlike other group-based protocols, it does not employ any commuting or commutative subgroups of a given platform group and can use any nonabelian group with efficiently computable normal forms. It is often discussed specifically in application of braid groups, which notably are infinite (and the group elements can take variable quantities of space to represent). The computed shared secret is an element of the group, so in practice this scheme must be accompanied with a sufficiently secure compressive hash function to normalize the group element to a usable bitstring.

Description

Let G be a fixed nonabelian group called a platform group.

Alice's public/private information:
  • Alice's public key is a tuple of elements in G.
  • Alice's private key is a sequence of elements from and their inverses: , where and . Based on that sequence she computes the product .
Bob's public/private information:
  • Bob's public key is a tuple of elements in .
  • Bob's private key is a sequence of elements from and their inverses: , where and . Based on that sequence he computes the product .
Transitions:
  • Alice sends a tuple to Bob.
  • Bob sends a tuple to Alice.
Shared key:

The key shared by Alice and Bob is the group element called the commutator of and .

  • Alice computes as a product .
  • Bob computes as a product .

Security

From the standpoint of an attacker trying to attack the protocol, they usually learn the public keys and , and the conjugated public keys and . A direct attack then consists of trying to find a suitable that is generated by the elements of , and that produces the appropriate conjugations when applied. (An 'indirect' attack would consist of trying to find directly, which would require some additional special structure of the group.) For this reason the public keys and must be chosen to generate a large subgroup of — ideally, they form a full set of generators, so that cannot be constrained just by knowing that is generated from .

Solving for a suitable given the conjugation relations is called the conjugation problem, and substantial research has been done on attacks to the conjugacy problem on braid groups, although no full efficient solution has achieved.

See also

  • Algebraic Eraser
  • Group-based cryptography

References

  • I. Anshel, M. Anshel, and D. Goldfeld, [https://web.archive.org/web/20100614211939/http://www-cs.engr.ccny.cuny.edu/~csmma/MRLpap.pdf An algebraic method for public-key cryptography], Math. Res. Lett. 6 (1999), pp. 287–291.
{{DEFAULTSORT:Anshel-Anshel-Goldfeld key exchange}}

1 : Cryptographic protocols

随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/13 14:55:18