Exponentiation-based key generation using noncommutative groups

Diffie and Hellman (1976) proposed to use exponentiation module a prime for constructing the key generation system. A security of this system is based on the supposed hardness of the following problem (A): given /spl eta//sup x/ and /spl eta//sup y/ compute /spl eta//sup xy/. Sidelnikov, Cherepniov, and Yaschenko (1993) considered a system based on the noncommutative group G. We assume that G is a certain subgroup of the group GL/sub n/(F/sub p/) of n/spl times/n matrices over the finite field F/sub p/. We consider the representation of the group GL/sub n/(F/sub p/) with the aid of exponentiation in a subsidiary cyclic group U of order p and investigate of the security of the resulting key generation systems. The group of F/sub q/-rational point on elliptic curve and the subgroup U= of the multiplicative group of the subsidiary finite field F/sub q/, where p|q-1, /spl eta//spl isin/F/sub q/, /spl eta//sup p/=1, /spl eta//spl ne/1, are the examples of the group U. We consider the group /spl Uscr/ of affine transformations of the field F/sub p/ which is isomorphic to a certain subgroup of GL/sub 2/(F/sub p/). In this case the security of the key generation system under certain conjecture (which simplifies the task of adversary) is based on the hardness of the following problem (B): given /spl eta//sup x/,/spl eta//sup y/,/spl beta//sup z/ compute /spl eta//sup xy/z/. It seems impossible reduce this problem to several Diffie-Hellman problems (A). The system being considered uses a universal key, which does not exist in the Diffie-Hellman system and is presumably a new element for key generation systems. The knowledge of k is supposed to be a necessary condition to compute the private key.<>