{"title":"anshell - anshell - goldfield - lemieux密钥协议的密码分析","authors":"A. Myasnikov, A. Ushakov","doi":"10.1515/GCC.2009.63","DOIUrl":null,"url":null,"abstract":"The Anshel-Anshel-Goldfeld-Lemieux (abbreviated AAGL) key agreement protocol [Contemp. Math. 418: 1–34, 2006] is proposed to be used on low-cost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser TM (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and point-of-sale applications. In this paper we revisit the computational problem on which AE relies and heuristically analyze its hardness. We show that for proposed parameter values it is impossible to instantiate a secure protocol. To be more precise, in 100% of randomly generated instances of the protocol we were able to find a secret conjugator z generated by the TTP algorithm (part of AAGL protocol).","PeriodicalId":119576,"journal":{"name":"Groups Complex. Cryptol.","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Cryptanalysis of the Anshel-Anshel-Goldfeld-Lemieux Key Agreement Protocol\",\"authors\":\"A. Myasnikov, A. Ushakov\",\"doi\":\"10.1515/GCC.2009.63\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Anshel-Anshel-Goldfeld-Lemieux (abbreviated AAGL) key agreement protocol [Contemp. Math. 418: 1–34, 2006] is proposed to be used on low-cost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser TM (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and point-of-sale applications. In this paper we revisit the computational problem on which AE relies and heuristically analyze its hardness. We show that for proposed parameter values it is impossible to instantiate a secure protocol. To be more precise, in 100% of randomly generated instances of the protocol we were able to find a secret conjugator z generated by the TTP algorithm (part of AAGL protocol).\",\"PeriodicalId\":119576,\"journal\":{\"name\":\"Groups Complex. Cryptol.\",\"volume\":\"76 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-01-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Groups Complex. Cryptol.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1515/GCC.2009.63\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Groups Complex. Cryptol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1515/GCC.2009.63","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cryptanalysis of the Anshel-Anshel-Goldfeld-Lemieux Key Agreement Protocol
The Anshel-Anshel-Goldfeld-Lemieux (abbreviated AAGL) key agreement protocol [Contemp. Math. 418: 1–34, 2006] is proposed to be used on low-cost platforms which constraint the use of computational resources. The core of the protocol is the concept of an Algebraic Eraser TM (abbreviated AE) which is claimed to be a suitable primitive for use within lightweight cryptography. The AE primitive is based on a new and ingenious idea of using an action of a semidirect product on a (semi)group to obscure involved algebraic structures. The underlying motivation for AAGL protocol is the need to secure networks which deploy Radio Frequency Identification (RFID) tags used for identification, authentication, tracing and point-of-sale applications. In this paper we revisit the computational problem on which AE relies and heuristically analyze its hardness. We show that for proposed parameter values it is impossible to instantiate a secure protocol. To be more precise, in 100% of randomly generated instances of the protocol we were able to find a secret conjugator z generated by the TTP algorithm (part of AAGL protocol).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
