Download Advances in Cryptology — EUROCRYPT 2002: International by Rosario Gennaro, Daniele Micciancio (auth.), Lars R. Knudsen PDF

By Rosario Gennaro, Daniele Micciancio (auth.), Lars R. Knudsen (eds.)

This booklet constitutes the refereed complaints of the overseas convention at the thought and alertness of Cryptographic strategies, EUROCRYPT 2002, held in Amsterdam, The Netherlands, in April/May 2002.
The 33 revised complete papers offered have been rigorously reviewed and chosen from a complete of 122 submissions. The papers are geared up in topical sections on cryptanalysis, public-key encryption, info conception and new types, implementational research, circulation ciphers, electronic signatures, key alternate, modes of operation, traitor tracing and id-based encryption, multiparty and multicast, and symmetric cryptology.

3 Linear Algebraic Attack on the Key Extractor If the KAP [1] is restricted to pure braids, then its key extractor E becomes a group homomorphism. In this case, one can attack the key extractor by linear algebraic methods. To defeat this attack, [1] recommended to choose the private keys x and y such that their induced permutations are sufficiently complex. This section shows that a linear algebraic attack can also be mounted on the KAP even for such parameters. The (list-)MSCP is the following variant of the conjugacy problem.

Cr ) ∈ Gr be an instance of a −1 list-MSCP in G. If x1 and x2 are two solutions, then (x2 x−1 1 )ai = ai (x2 x1 ) for r each i. Hence x2 = x1 z for some z in ∩i=1 Cent(ai ), where Cent(ai ) = {g ∈ G | gai = ai g} is the centralizer of ai . So the number of the solutions is exactly the cardinality of the subgroup ∩ri=1 Cent(ai ). We don’t have the average cardinality of this subgroup when G is either Sn or GLn−1 (Fp ). But it does not seem large for generic ai ’s in Sn or in GLn−1 (Fp ) from the following observation.

