TY - JOUR
T1 - Attack on Kayawood protocol
T2 - Uncloaking private keys
AU - Kotov, Matvei
AU - Menshov, Anton
AU - Ushakov, Alexander
N1 - Publisher Copyright:
© 2020 M. Kotov et al., published by De Gruyter.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - We analyze security properties of a two-party key-agreement protocol recently proposed by I. Anshel, D. Atkins, D. Goldfeld, and P. Gunnels, called Kayawood protocol. At the core of the protocol is an action (called E-multiplication) of a braid group on some finite set. The protocol assigns a secret element of a braid group to each party (private key). To disguise those elements, the protocol uses a so-called cloaking method that multiplies private keys on the left and on the right by specially designed elements (stabilizers for E-multiplication). We present a heuristic algorithm that allows a passive eavesdropper to recover Alice’s private key by removing cloaking elements. Our attack has 100% success rate on randomly generated instances of the protocol for the originally proposed parameter values and for recent proposals that suggest to insert many cloaking elements at random positions of the private key. Implementation of the attack is available on GitHub.
AB - We analyze security properties of a two-party key-agreement protocol recently proposed by I. Anshel, D. Atkins, D. Goldfeld, and P. Gunnels, called Kayawood protocol. At the core of the protocol is an action (called E-multiplication) of a braid group on some finite set. The protocol assigns a secret element of a braid group to each party (private key). To disguise those elements, the protocol uses a so-called cloaking method that multiplies private keys on the left and on the right by specially designed elements (stabilizers for E-multiplication). We present a heuristic algorithm that allows a passive eavesdropper to recover Alice’s private key by removing cloaking elements. Our attack has 100% success rate on randomly generated instances of the protocol for the originally proposed parameter values and for recent proposals that suggest to insert many cloaking elements at random positions of the private key. Implementation of the attack is available on GitHub.
KW - Algebraic eraser
KW - Braid group
KW - Cloaking problem
KW - Colored Burau presentation
KW - E-multiplication
KW - Group-based cryptography
KW - Kayawood protocol
KW - Key agreement
UR - http://www.scopus.com/inward/record.url?scp=85097662325&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85097662325&partnerID=8YFLogxK
U2 - 10.1515/jmc-2019-0015
DO - 10.1515/jmc-2019-0015
M3 - Article
AN - SCOPUS:85097662325
SN - 1862-2976
VL - 15
SP - 237
EP - 249
JO - Journal of Mathematical Cryptology
JF - Journal of Mathematical Cryptology
IS - 1
ER -