cryptography via burnside groups

play

Cryptography via Burnside Groups Antonio R. Nicolosi Stevens - PowerPoint PPT Presentation

Feb 17, 2023 •122 likes •1.01k views

Cryptography via Burnside Groups Antonio R. Nicolosi Stevens Institute of Technology Based on work w/ G.Baumslag, N.Fazio, K.Iga, L.Perret, V.Shpilrain and W.E.Skeith III Mathematics of Cryptography September 1, 2015. University of California,

Cryptography via Burnside Groups Antonio R. Nicolosi Stevens Institute of Technology Based on work w/ G.Baumslag, N.Fazio, K.Iga, L.Perret, V.Shpilrain and W.E.Skeith III Mathematics of Cryptography September 1, 2015. University of California, Irvine, CA
Talk Preview Goal Identify viable intractability assumptions from combinatorial group theory Evidence of (average-case) hardness (random self-reducibility) Cryptographically useful Approach Generalize well-established crypto assumptions (LPN/LWE) to a group-theoretic setting Study instantiation in suitable non-commutative groups Antonio R. Nicolosi Cryptography via Burnside Groups
Outline Background 1 Burnside Groups ( B n ) Learning Burnside Homomorphisms with Noise ( B n -LHN) Random Self-Reducibility of B n -LHN 2 Cryptography (Minicrypt) via Burnside Groups 3 Antonio R. Nicolosi Cryptography via Burnside Groups
Outline Background 1 Burnside Groups ( B n ) Learning Burnside Homomorphisms with Noise ( B n -LHN) Random Self-Reducibility of B n -LHN 2 Cryptography (Minicrypt) via Burnside Groups 3 Antonio R. Nicolosi Cryptography via Burnside Groups
Burnside Problem (Informal) Are groups whose elements all have finite order necessarily finite ? What is their combinatorial structure? Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Free Burnside group of exponent m B ( n , m ) : “Most generic” group with n generators where the order of all elements divides m Generators x 1 , . . . , x n (like indeterminates in a multivariate poly) Elements are sequences of x i and x − 1 i Empty sequence is the identity element of the group Exponent condition: For every w ∈ B ( n , m ) it holds that w m = 1 Examples: x 1 x − 1 x − 1 1 x − 1 4 x 1 ∈ B ( 4 , 3 ) , ∈ B ( 4 , 3 ) 4 x 2 1 = x − 1 1 , but x 1 x − 1 4 x 1 � = x − 1 1 x − 1 = x 1 x 1 x − 1 ( B ( 4 , 3 ) is not abelian) 4 4 On the other hand: 4 ) 3 = 1 x 1 x − 1 4 x 1 = x 4 x − 1 since x 1 x − 1 4 x 1 x − 1 4 x 1 x − 1 = ( x 1 x − 1 1 x 4 , 4 Antonio R. Nicolosi Cryptography via Burnside Groups
Burnside Groups (cont’d) Characterizing B ( n , m ) not so easy . . . Finite and abelian, isomorphic to ( F n B ( n , 2 ) 2 , +) Finite, non-commutative, much larger than ( F n B ( n , 3 ) 3 , +) B ( n , 4 ) Finite B ( n , 5 ) Unknown B ( n , 6 ) Finite B ( n , 7 ) Unknown . . . . . . B ( n , m ) , m “large” Infinite Will focus on B ( n , 3 ) (simplest case beyond vector spaces) Notation: B n . = B ( n , 3 ) Antonio R. Nicolosi Cryptography via Burnside Groups
Burnside Groups (cont’d) Characterizing B ( n , m ) not so easy . . . Finite and abelian, isomorphic to ( F n B ( n , 2 ) 2 , +) Finite, non-commutative, much larger than ( F n B ( n , 3 ) 3 , +) B ( n , 4 ) Finite B ( n , 5 ) Unknown B ( n , 6 ) Finite B ( n , 7 ) Unknown . . . . . . B ( n , m ) , m “large” Infinite Will focus on B ( n , 3 ) (simplest case beyond vector spaces) Notation: B n . = B ( n , 3 ) Antonio R. Nicolosi Cryptography via Burnside Groups
B n : Burnside Groups of Exponent 3 B n : “Most generic” group with n generators where the order of all non-identity elements is 3 Generators x 1 , . . . , x n Elements are sequences of x i and x − 1 i Exponent condition: ∀ w ∈ B n , www = 1 ( ⋆ ) Q : “Most generic”!? A : The only non-trivial identities in B n are those implied by ( ⋆ ) ⇒ B n non-commutative x i x j � = x j x i for any two distinct generators ( i � = j ) ⇒ Group operation in B n defined “formally” To “multiply” w 1 , w 2 ∈ B n , just concatenate them Simplifications may arise at the interface of w 1 and w 2 Antonio R. Nicolosi Cryptography via Burnside Groups

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

More recommend