[Retracted] A New Key Exchange Protocol Based on Infinite Non-Abelian Groups

Zhang, Jing; Yang, Ya-Juan; Li, Yi-Peng

doi:https://doi.org/10.1155/2022/7942353

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Semantic Technologies for Security and Communication Networks

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 7942353 | https://doi.org/10.1155/2022/7942353

[Retracted] A New Key Exchange Protocol Based on Infinite Non-Abelian Groups

Jing Zhang,¹Ya-Juan Yang,²and Yi-Peng Li³

Academic Editor: Xingsi Xue

Received01 Jan 2022

Accepted15 Feb 2022

Published24 Mar 2022

Abstract

In order to resist quantum attacks, a key exchange protocol based on infinite non-abelian groups is proposed in this paper. For the purpose, by the composition of twice the operation of a semidirect product, we construct a shared secret key which contains two hard problems of equivalent decomposition problem (EDP) and discrete logarithm problem (DLP). Then, two methods，algebra attack and brute force attack, were employed to verify the antiattack for the proposed protocol. By a sound mathematical inference, it demonstrates that the proposed protocol possesses security positively. Finally, we analyzed the computational complexity and bit complexity when the protocol being implemented on braid groups, and furthermore, the complexity data confirm the feasibility of establishing the key exchange protocol there. Thus, in any case, security or complexity, the actual use of the proposed protocol means achievable in practice.

1. Introduction

In 1993, Sidelnikov et al. proposed a new idea that infinite non-abelian group and semigroup can be used in public key cryptography [1]. The main problem of key exchange protocol on infinite non-abelian (semi) group is to hide some factors by hard problems, such as conjugacy search problem (CSP), decomposition problem (DP), subgroup membership search problem (MSP), discrete logarithm problem (DLP), and homomorphism search problem (HSP). Then since, many research studies have come up with some key protocols with a hard problem on the algebra structure. For example, in [2], the authors presented a key exchange protocol based on the DP for non-abelian groups. In [3], the authors presented a new cryptosystem with CSP on a braid group which is an infinite non-abelian group and has a good feature for cryptography. With the development of quantum algorithms and the improved factorization algorithms, we hold the opinion that only one hard problem is insufficient for the security of cryptosystem, especially only CSP is insufficient for the security of public key cryptography [4]. For enhancing security, it is a viable idea to carry out several hard problems simultaneously for a key exchange protocol.

In 2006, Sakalauskas et al. employed CSP and DLP to build a key agreement protocol in the group representation level and guaranteed there that it is sufficient to use two hard problems at the same time for the entire security of key exchange protocols [5]. In 2013, Habeeb et al. proposed a new kind of key exchange protocol which was the first time that a semidirect product of groups was applied to the cryptosystem [6]. In 2020, Skuratovskii built a key exchange protocol based on the metacyclic group of Miller’s Moreno type which is a minimal non-abelian group, and it improves the efficiency of the key exchange [7].

At the same time, Aleksejus et al. defined a key exchange protocol using the matrix power function (MPF) on a non-abelian group , modular group of order 16, whose security is based on the NP-complete LRMPF, left-to-right MPF, and decision problem [8], so researchers believe that the protocol is not vulnerable to quantum attack. And the cryptography on the non-abelian algebra structure has been an important research field to antiquantum attack [9–11].

In this paper, motivated by Habeeb’s method for constructing a protocol on non-abelian groups, we proposed a key exchange protocol with DLP and EDP by the operation of a semidirect product on the infinite non-abelian group. Since there is no effective quantum algorithm of hard problem on the non-abelian group, it is desirable to use two hard problems in the proposed key protocol at the same time. Certainly, our protocol constructed in this way is antiquantum attack. Also, the security analysis of the protocol is carried out by algebra attack and brute force attack, and as an application example, the key exchange protocol was implemented on a braid group.

The remaining of this paper are organized as follows: mathematical preliminaries are introduced in Section 2 that are needed in the proposed protocol. The main results of this paper and a key exchange protocol based on infinite non-abelian groups are proposed in Section 3, while the security analysis for the protocol are located in section 4. Section 5 deals with the application of the protocol being implemented on a braid group, and Section 6 presents some new research fields of cryptography as a concluding remark.

2. Preliminaries

Group theory is the basis of this research; as a preliminary, we give a brief introductory on groups which will be used later, and details of these results may be found in [12, 13].

Definition 1 (semidirect product). Let be the semigroups, be the group of automorphisms of with composition operation, and let be a homomorphism. Then, the semidirect product of is the set of pairswith the binary operationHere, , and denotes the image of g under the automorphism .
It is proved that is a group and an extending group of direct products. In addition, if are the infinite group, then is also an infinite non-abelian group.
It is easy to see the followings: if we let , , thenwith the group operationwhere denote a composition of automorphism and acting first.
Note 1
Let denote a set of all the bijection on . In our key exchange protocol, we only need that mapping is a bijection, that is . In the set , we still define the binary operation as above , and define where . If is a group, then for , let ; obviously, is a bijection, and . So, .

Definition 2 (Centralizer). Let be a group, ; the set is called the centralizer of .
In Fact, is a Subgroup of for
Decomposition problem (DP) : let be a platform group, for and two subgroups , to find satisfying . It is a hard problem. Here, we proposed an equivalent decomposition problem and proved that the hardness of the two problems is similar.

Definition 3 (equivalent decomposition problem (EDP)). Let be a platform group, for , to find satisfying ; here, .
Since , it is easy to see that finding is the same as finding . This is equivalent to find and , in the decomposition problem. So, the hardness of EDP is the same with the decomposition problem.

Definition 4 (discrete logarithm problem). Let be a platform group, for , to find satisfying .

3. Key Exchange Protocol

Suppose both parties of cryptography are Alice and Bob, they transmit messages by a public channel. Before describing our protocol, we first introduce Habeeb’s semidirect product method applied to the protocol construction.

3.1. Semidirect Product Method

Habeeb et al. proposed a new kind of key exchange protocol based on the semidirect product of group in [6]. Let be a p with automorphism and element . Suppose Alice and Bob agree on group , Alice chooses a private and Bob chooses a private . Habeeb’s key exchange protocol is constructed as follows: Public key: Private key: step 1. Alice computes , denoting , and sends to Bob step 2. Bob computes , denoting , and sends to Alice step 3. Alice computes ; her key now is step 4. Bob computes ; his key now is

Since , so , that is, the shared secret key.

For the security of the above protocol, the authors only addressed the security of a particular instantiation, which does not depend on any open hard problem. But, due to the security, it is necessary to build a key exchange protocol with open hard problems. That's the reason why we propose a key exchange protocol on non-abelian groups as follows.

3.2. A New Key Exchange Protocol

Now, we introduce the key exchange protocol on infinite non-abelian groups. Let be an infinite non-abelian multiplication group, mapping ; here, Alice and Bob can select a different parameter in the protocol for . Suppose Alice and Bob are agreed on group , element , a key exchange protocol is then be constructed as follows: Public key: Private keys: step 1. Alice selects private keys and satisfying ; then, she has a mapping . By computing the centralizer , and selecting a subgroup such that , here is a positive integer, and she computes the product and then, by letting , , she sends to Bob. step 2. Bob selects private keys and satisfying ; then, he has a mapping and computes the product and then, by letting , he sends to Alice. step 3. Alice computes In fact, Alice needs only to compute without having to calculate since she does not know the mapping , and her key is step 4. Bob computes

The same as Alice, Bob need not compute , and his key is

Since is a group, so t, we have the equation

That is, for , , so . Thus, the shared secret key will be

In computing , Alice need not figure out all the elements of ; she need to only calculate the elements that satisfy the safety requirements. In addition, when Alice sends subgroup to Bob, she needs just to send the generator set of , namely, .

Note 2

Although the proposed protocol employing the semidirect product of group which was being used by Habeeb’s in [6], ours have several differences with Habeeb’s, mainly in the following aspects:(1)In Habeeb’s protocol using the semidirect product of group, mapping is an automorphism of group. Our protocol only uses the operation rule of the semidirect product, and mapping is just a bijection on group .(2)Centralizer is applied in our protocol, which could guarantee the commutativity between Alice’s private key and Bob’s private key , but Habeeb’s protocol has no element commutativity on the group.(3)Obviously, our protocol contains two private keys for both parties, but Habeeb’s contains only one.(4)The security assumptions are different. The security of our protocol is based on both hard problems: EDP and DLP, but Habeeb’s protocol does not.

In our protocol, the security assumption is that it is difficult to solve EDP and DLP on the non-abelian group. Next, in order to verify the security of our protocol, we have to examine it.

4. Security Analysis

Security of key exchange protocol relies on both hard problems on the infinite non-abelian group: equivalent decomposition problem (EDP) and discrete logarithm problem (DLP). During the construction of the key, and are transferred. Since can be regarded as entirety, respectively, which are unknown for attacker, it is an EDP to find from equations and . And to find private keys and , the attacker must solve DLP.

Alice and Bob exchange messages by a public channel; an attacker can observe the transmission of the protocol. He can get triple , and his aim is to get the shared secret key . If he can figure out from , then can be captured by him. Similarly, if he can get from , then the shared secret key also can be captured. Let us consider one of the both situations.

4.1. Algebra Attack

Due to are unknown, hence cannot be figured out directly, and an attacker can choose an arbitrary element ; replacing with , he gets

It is a DLP to compute from the above equation, so there is nopolynomial time algorithm to find . Thus, letting replaced by , he has

Since is a non-abelian group, so .

On the contrary, an attacker also can choose an arbitrary integer ; replacing with and with , he gets

Let , since is a non-abelian group, so .

The algebra attack is the same for , and we omit the deductions here. These attacking results show that an attacker cannot get the shared key and so the protocol is safe for algebra attack.

4.2. Brute Force Attack

Brute force attack means that the attacker exhausts all possibilities to find a private message. Because comes from group , comes from group and ; therefore，it is more effective to attack the protocol from . That means an attacker tries to find out all the possible for satisfying .

Since , we have , and there are at least possibilities of . Assuming that the order of is , then the attacker needs to compute for times . Because is an infinite group, and could be large enough; this means that the complexity of the brute force attack is between and .

If is chosen as a proper group, such as a braid group, it is impossible to get a shared key by brute force attack.

5. Application to Braid Group

In the cryptosystem, braid groups have given rise to the attention of cryptographer for several years [16–22]. Because braid groups are infinite non-abelian groups with exponential growth respect to the braid index, there exist fast algorithms to perform on group operations in a normal way of elements for the braid group, and there are many hard problems based on topological or group-theoretical open problems on the braid group. Thus, it is suitable to implement our key exchange protocol on a braid group.

5.1. Braid Group

Given an integer the -braid group is defined by following group presentation: here, the integer is called the braid index, and each element of is called a braid.

There are several kinds of group representation for braid groups, such as Burau representation, Garsides representation, and Birman–Ko–Lee representation. Our protocol is based on the Elrifai–Morton representation for the braid group [16], where each braid has a unique left-canonical form.

Theorem 1 (see [16]). For any , there is a unique representation, called the left-canonical form:Here is the set of all permutation braids, is the fundamental braid, and is the left-weighted for .

Then, a braid could be described as a tuple , where permutation braids corresponding to the permutation , and is called the canonical length of denoted by len (). In [16], the authors also proposed the word algorithm for the representation of word in Artin generators.

5.2. Key Exchange Protocol on Braid Group

In our key exchange protocol, , let the public key be and the private key be . By the word algorithm, the braids are represented in the left-canonical form, and the public key is represented in advance. Centralizer could be obtained by the algorithm in [17].

5.3. Complexity Analysis

According the left-canonical form of braids, two parameters, the braid index and the canonical length, need be considered. For simplicity, we assume that the braid index is and the canonical length is for all the braids in our key exchange protocol.

5.3.1. Computational Complexity

In the key exchange protocol, for Alice, there exists one braid that needs be represented in the left-canonical form. She needs to compute , , , and , while and should be computed in advance. It has been proved that we compute in needing times , see [17]; here, is the number of elements in supersummit set of , which is bounded by a polynomial in . Since Alice needs only to calculate some elements of , it is appropriate to assume that the complexity is .

Lemma 1 (see [3]). (1)Let be a word on with a word length ; then, the left-canonical form of can be computed in time .(2)Let and be the left-canonical form of braids, then we compute the left-canonical forms of in time .(3)If be the left-canonical form of , then we compute the left-canonical form of in time .

By Lemma 1, the computational complexity is summarized in Table 1 for Alice and Table 2 for Bob.

5.3.2. Bit Complexity

While implementing our key exchange protocol algorithm, for Alice, a subgroup of , , , mapping , public key , and shared secret key needs be stored. For , generators of are less than (see [18]). If we let , it is necessary to store braids which is the worst case for storage space. For mapping , it is enough to store the braid .

A braid with canonical factors can be represented by a bit string of size , for braids , (see [3]). In the worst case, the bit complexity is summarized in Table 3 for Alice and Table 4 for Bob.

Therefore，the bit complexity is less than for Alice and less than for Bob.

6. Concluding Remarks

Nowadays, the main trend in cryptography theory locates still on constructing the cryptosystem based on a hard mathematical problem. However, quantum computer is no longer a dream in the near future; by then, many cryptosystems may be crumbled. So, it is urgent to design the cryptosystem against the quantum computing attacks. In our opinion, as a platform, a non-abelian algebra structure may be a good option.

In addition, developed in recent decades, bionic algorithms, such as evolutionary algorithm, neural network algorithm, genetic algorithm, meme algorithm, and DNA algorithm, have become an important way to transform traditional cryptography. In particular, the key evolution algorithm and meme algorithm have become the focus of research in recent years. The progress of evolutionary algorithms and the related problems in recent years refer to [23, 24], and the state for memetic algorithms can refer to [25–27]. In terms of methodology, it can be predicted that the bionic algorithms could be a promising research area of cryptography theory in the future. [14, 15].

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The authors gratefully acknowledge the financial support from the Office of Philosophy and Social Science Research Project of Guang Dong Province under grant no. GD17XYJ29.

References

V. Sidelnikov, M. Cherepnev, and V. Yaschenko, “Systems of open distribution of keys on the basis of noncommutative semigroup,” Russian Acad. Sci.Dokl. Math., vol. 48, no. 2, pp. 566-567, 1993.
View at: Google Scholar
V. Shpilrain and A. Ushakov, A New Key Exchange Protocol Based on the Decomposition Problem, Cryptology and Information Security Series, vol. 2005, pp. 447–453, 2005.
K. H. Ko, S. J. Lee, J. H. Cheon, J. W. Han, J.-s. Kang, and C. Park, “New public-key cryptosystem using braid groups,” in Proceedings of Annual International Cryptology Conference, vol. 1880, pp. 166–183, Springer, 2000.
View at: Publisher Site | Google Scholar
V. Shpilrain and A. Ushakov, “The conjugacy search problem in public key cryptography: unnecessary and insufficient,” Applicable Algebra in Engineering, Communication and Computing, vol. 17, no. 3-4, pp. 285–289, 2006.
View at: Publisher Site | Google Scholar
E. Sakalauskas, P. Tvarijonas, and A. Raulynaitis, “Key agreement protocol (kap) using conjugacy and discrete logarithm problems in group representation level,” Informatica, vol. 18, no. 1, pp. 115–124, 2006.
View at: Google Scholar
M. Habeeb, D. Kahrobaei, C. Koupparis, and V. Shpilrain, in International Conference on Applied Cryptography and Network Security, vol. 2013, pp. 226–237, Cryptology and Information Security Series, 2013.
R. Skuratovskii and A. Williams, “Some approach to key exchange protocol based on non-commutative groups,” International Journal of Mathematical Models and Methods in Applied Sciences, vol. 14, no. 2, pp. 5–7, 2020.
View at: Google Scholar
M. Aleksejus, S. Eligijus, and L. Kestutis, “Key exchange protocol defined over a non-commuting group based on an NP-complete decisional problem,” Symmetry, vol. 12, p. 1389, 2020.
View at: Google Scholar
A. D. Myasnikov and A. Ushakov, “Quantum algorithm for the discrete logarithm problem for matrices over finite group rings,” Groups Complexity Cryptology, vol. 6, no. 1, pp. 31–36, 2014.
View at: Publisher Site | Google Scholar
D. Kahrobaei, H. T. Lam, and V. Shpilrain, “Pubilc key exchange using extensions by endomorphisms and matrices over a Galois field,” Proceedings of the DIMACS Workshop on Multicore and Cryptography, Hoboken NJ USA, pp. 1–9, 2014.
View at: Google Scholar
V. Shpilrain and G. Zapata, “Combinatorial group theory and public key cryptography,” Applicable Algebra in Engineering, Communication and Computing, vol. 17, no. 3-4, pp. 291–302, 2006.
View at: Publisher Site | Google Scholar
J. S. Birman, Braids, Links and Mapping Class Groups, Princeton university press, Princeton New Jersey, 1976.
T. W. Hungerford, Algebra, Springer-Verlag press, New York, USA, pp. 59–63, 1974.
Y. Jun and L. Qing, “Group-based cryptanalysis of a key exchange protocol based on semidirect products,” Journal of Southwest University for Nationalities (Natural Science Edition), vol. 43, no. 2, pp. 157–160, 2017.
View at: Google Scholar
Z. Run-Zhi and W. Li-Bin, “An efficient certificateless authenticated key exchange protocol,” Journal of Cryptologic Research, vol. 7, no. 4, pp. 421–429, 2020.
View at: Google Scholar
E. A. Elrifai and H. R. Morton, “Algorithms for positive braids,” The Quarterly Journal of Mathematics, vol. 45, no. 4, pp. 479–497, 1994.
View at: Publisher Site | Google Scholar
N. Franco and J. González-Meneses, “Computation of centralizers in braid groups and garside groups,” Revista Matemática Iberoamericana, vol. 19, no. 2, pp. 367–384, 2007.
View at: Google Scholar
J. Gonzalezmeneses and B. Wiest, “On the structure of the centralizer of a braid,” Annales Scientifiques de l'Ecole Normale Superieure, vol. 37, no. 5, pp. 729–757, 2004.
View at: Publisher Site | Google Scholar
S. B. Gashkov and I. S. Sergeev, “Complexity of computation in finite fields,” Journal of Mathematical Sciences, vol. 191, no. 5, pp. 661–685, 2013.
View at: Publisher Site | Google Scholar
M. Kreuzer, A. D. Myasnikov, and A. Ushakov, “A linear algebra attack to group-ring-based key exchange protocols,” Applied Cryptography and Network Security, pp. 37–43, 2014.
View at: Publisher Site | Google Scholar
R. Gennaro and D. Micciancio, “Cryptanalysis of a pseudorandom generator based on braid groups,” Advances in Cryptology - EUROCRYPT 2002, pp. 1–13, 2002.
View at: Publisher Site | Google Scholar
J. Longrigg and A.. Ushakov, “A practical attack on a certain braid group based shifted conjugacy authentication protocol,” Groups Complexity Cryptology, vol. 1, no. 2, pp. 275–286, 2009.
View at: Publisher Site | Google Scholar
X. Xue and J.-S. Pan, “An overview on evolutionary algorithm based ontology matching,” Journal of Information Hiding and Multimedia Signal Processing, vol. 9, no. 1, pp. 75–88, 2018.
View at: Google Scholar
C. Dai, Y. Wang, M. Ye, X. Xue, and H. Liu, “An orthogonal evolutionary algorithm with learning automata for mo,” IEEE Transactions on Cybernetics, vol. 46, no. 12, pp. 3306–3319, 2016.
View at: Publisher Site | Google Scholar
X. Xue and Y. Wang, “Optimizing ontology alignments through a memetic algorithm using both MatchFmeasure and uir,” Artificial Intelligence, vol. 223, pp. 65–81, 2015.
View at: Publisher Site | Google Scholar
X. Xue and J. Chen, “Optimizing ontology alignment through hybrid population-based incremental learning algorithm,” Memetic Computing, vol. 11, no. 2, pp. 209–217, 2019.
View at: Publisher Site | Google Scholar
X. Xue and Y. Wang, “Using memetic algorithm for instance coreference resolution,” IEEE Transactions on Knowledge and Data Engineering, vol. 28, no. 2, pp. 580–591, 2016.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Jing Zhang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

296

Downloads

381

Citations