Abstract
The security of many cryptographic protocols relies on the hardness of some computational problems. Besides discrete logarithm or integer factorization, other problems are regularly proposed as potential hard problems. The factorization problem in finite groups is one of them. Given a finite group G, a set of generators generators for this group and an element \({g\in G}\), the factorization problem asks for a “short” representation of g as a product of the generators. The problem is related to a famous conjecture of Babai on the diameter of Cayley graphs. It is also motivated by the preimage security of Cayley hash functions, a particular kind of cryptographic hash functions. The problem has been solved for a few particular generator sets, but essentially nothing is known for generic generator sets. In this paper, we make significant steps towards a solution of the factorization problem in the group \({G:=\,SL(2,\,\mathbb{F}_{2^n})}\), a particularly interesting group for cryptographic applications. To avoid considering all generator sets separately, we first give a new reduction tool that allows focusing on some generator sets with a “nice” special structure. We then identify classes of trapdoor matrices for these special generator sets, such that the factorization of a single one of these matrices would allow efficiently factoring any element in the group. Finally, we provide a heuristic subexponential time algorithm that can compute subexponential length factorizations of any element for any pair of generators of \({SL(2,\,\mathbb{F}_{2^n})}\). Our results do not yet completely remove the factorization problem in \({SL(2,\,\mathbb{F}_{2^n})}\) from the list of potential hard problems useful for cryptography. However, we believe that each one of our individual results is a significant step towards a polynomial time algorithm for factoring in \({SL(2,\,\mathbb{F}_{2^n})}\).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdukhalikov K.S., Kim C.: On the security of the hashing scheme based on SL2. In: FSE ’98: Proceedings of the 5th International Workshop on Fast Software Encryption, pp. 93–102. Springer, London (1998).
Adleman L.M.: The function field sieve. In: Adleman L.M., Huang M.-D.A. (eds.) ANTS. Lecture Notes in Computer Science, vol. 877, pp. 108–121. Springer, Berlin (1994).
Babai L.: On the diameter of Eulerian orientations of graphs. In: SODA, pp. 822–831. ACM Press, New York (2006).
Babai L., Seress Á.: On the diameter of permutation groups. Eur. J. Comb. 13(4), 231–243 (1992)
Babai L., Hetyei G., Kantor W.M., Lubotzky A., Seress Á.: On the diameter of finite groups. In: FOCS, vol. II, pp. 857–865. IEEE, Los Alamitos (1990).
Breuillard E., Green B., Tao T.: Approximate subgroups of linear groups. Geom. Funct. Anal. 21(4), 774–819 (2011)
Cathalo J., Petit C.: One-time trapdoor one-way functions. In: Burmester M., Tsudik G., Magliveras S.S., Ilic I. (eds.) ISC. Lecture Notes in Computer Science, vol. 6531, pp. 283–298. Springer, Berlin (2010).
Celler F., Leedham-Green C.: A non-constructive recognition algorithm for the special linear and other classical groups. In: Groups and Computation II, pp. 61–67. American Mathematical Society, Providence (1997).
Charles D.X., Lauter K.E., Goren E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93–113 (2009)
Charnes C., Pieprzyk J.: Attacking the SL 2 hashing scheme. In: ASIACRYPT ’94: Proceedings of the 4th International Conference on the Theory and Applications of Cryptology, pp. 322–330. Springer, London (1995).
Coppersmith D.: Fast evaluation of logarithms in fields of characteristic two. IEEE. T. Inform. Theory. 30(4), 587–593 (1984)
Geiselmann W.: A note on the hash function of Tillich and Zémor. In: Gollmann D. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 1039, pp. 51–52. Springer, Cambridge (1996).
Grassl M., Ilic I., Magliveras S.S., Steinwandt R.: Cryptanalysis of the Tillich–Zémor hash function. J. Cryptol. 24(1), 148–156 (2011)
Helfgott H.A.: Growth and generation in sl 2(z/pz). Ann. Math. (2) 167(2), 601–623 (2008).
Helfgott H.A.: Growth and generation in SL 3(Z/pZ). J. Eur. Math. Soc. 13(3), 761–851 (2011).
Hoory S., Linial N., Wigderson A.: Expander graphs and their applications. Bull. Am. Math. Soc. 43, 439–561 (2006)
Joux, A., Lercier,R.: Discrete logarithms in GF(2607) and GF(2613). Email on the NMBRTHRY mailing list (2005)
Joux A., Stern, J.: Lattice reduction: a toolbox for the cryptanalyst. J. Cryptol. 11(3), 161–185 (1998).
Kantor W.M.: Some large trivalent graphs having small diameters. Discret. Appl. Math. 37/38, 353–357 (1992).
Kassabov M., Riley T.R.: Diameters of Cayley graphs of Chevalley groups. Eur. J. Comb. 28(3), 791–800 (2007).
Larsen M.: Navigating the Cayley graph of \({SL_2(\mathbb{F}_p)}\). Int. Math. Res. Not. 27, 1465–1471 (2003).
Lauder A.: Continued fractions of Laurent series with partial quotients from a given set. Acta Arith. XC 3, 252–271 (1999)
Lenstra A.K., Lenstra Jr H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(5), 515–534 (1982).
Liebeck M.W., Shalev A.: The probability of generating a finite simple group. Geom. Dedicata 56, 103–113 (1995)
Lubotzky A.: Discrete groups, expanding graphs and invariant measures. Birkhaüser Verlag, Basel (1994).
Lynch N.A.: Straight-line program length as a parameter for complexity analysis. J. Comput. Syst. Sci. 21(3), 251–280 (1980)
McEliece R.J.: A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report, DSN PR 42-44, Jan and Feb, Pasadena, CA, pp. 114–116 (1978).
Menezes A.J., van Oorschot P.C., Vanstone S.A.: Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton (1996).
Mesirov J.P., Sweet M.M.: Continued fraction expansions of rational expressions with irreducible denominators in characteristic 2. J. Number Theory 27, 144–148 (1987).
Odlyzko A.M.: The rise and fall of knapsack cryptosystems. In: Cryptology and Computational Number Theory, pp. 75–88. American Mathematical Society, Providence (1990).
Patarin J.: Hidden fields equations (hfe) and isomorphisms of polynomials (ip): two new families of asymmetric algorithms. In: Maurer U.M. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 1070, pp. 33–48. Springer, Heidelberg (1996),
Petit C., Lauter K.E., Quisquater J.-J.: Cayley hashes: a class of efficient graph-based hash functions. http://perso.uclouvain.be/christophe.petit/files/Cayley.pdf (2007). Accessed 28 Aug 2012.
Petit C., Lauter K. Quisquater J.-J.: Full cryptanalysis of LPS and Morgenstern hash functions. In: Ostrovsky R., Prisco R.D., Visconti I. (eds.) SCN. Lecture Notes in Computer Science, vol. 5229, pp. 263–277. Springer, Heidelberg (2008).
Petit C.: On graph-based cryptographic hash functions. PhD Thesis, Université catholique de Louvain. http://perso.uclouvain.be/christophe.petit/files/thesis.pdf (2009). Accessed 28 Aug 2012.
Petit C., Quisquater J.-J.: Preimages for the Tillich–Zémor hash function. In: Biryukov A., Gong G., Stinson D.R. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 6544, pp. 282–301. Springer, Berlin (2010a).
Petit C., Quisquater J.-J.: Rubik’s for cryptographers. http://eprint.iacr.org/2011/638.pdf (2010b). Accessed 28 Aug 2012.
Petit C., Quisquater J.-J., Tillich J.-P., Zémor G.: Hard and easy components of collision search in the Zémor–Tillich hash function: new attacks and reduced variants with equivalent security. In: Fischlin M. (ed.) CT-RSA. Lecture Notes in Computer Science, vol. 5473, pp. 182–194. Springer, Berlin (2009).
Pyber L., Szabó E.: Growth in finite simple groups of Lie type. http://arxiv.org/abs/1001.4556 (Jan 2010).
Quisquater J.-J., Delescaille J.-P.: How easy is collision search? application to DES (extended summary). In: EUROCRYPT, pp. 429–434 (1989).
Regev O.: Lattice-based cryptography. In: Dwork C. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 4117, pp. 131–141. Springer, Heidelberg (2006).
Riley T.R.: Navigating in the Cayley graphs of \({SL_N(\mathbb{Z})}\) and \({SL_N(\mathbb{F}_p)}\). Geom. Dedicata 113/1, 215–229 (2005).
Rivest R.L., Shamir A., Adleman L.M.: A method for obtaining digital signatures and public-key cryptosystems (reprint). Commun. ACM 26(1), 96–99 (1983).
Steinwandt R., Grassl M., Geiselmann W., Beth T.: Weaknesses in the \({SL_2(\mathbb{F}_{2^n})}\) hashing scheme. In: Bellare M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 1880, pp. 287–299. Springer, Berlin (2000).
Thomé E.: Computation of discrete logarithms in \({\mathbb{F}_2^{607}}\). In: Boyd C. (ed.) ASIACRYPT. Lecture Notes in Computer Science, vol. 2248, pp. 107–124. Springer, Berlin (2001).
Tillich J.-P., Zémor G.: Hashing with SL 2. In: Desmedt Y. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 839, pp. 40–49. Springer, Berlin (1994).
Tillich J.-P., Zémor G.: Collisions for the LPS expander graph hash function. In: Smart N.P. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 4965, pp. 254–269. Springer, Heidelberg (2008).
Wagner D.: A generalized birthday problem. In: Yung M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2442, pp. 288–303. Springer, Berlin (2002).
Zémor G.: Hash functions and graphs with large girths. In: Davies D.W. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 547, pp. 508–511. Springer, Berlin (1991).
Zémor G.: Hash functions and Cayley graphs. Des. Codes Cryptogr., 4(4), 381–394 (1994)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by I. Shparlinski.
Christophe Petit is a Postdoctoral Research Fellow of the Belgian Fund for Scientific Research (F.R.S.-FNRS) at Université catholique de Louvain (UCL), crypto group.
Rights and permissions
About this article
Cite this article
Petit, C. Towards factoring in \({SL(2,\,\mathbb{F}_{2^n})}\) . Des. Codes Cryptogr. 71, 409–431 (2014). https://doi.org/10.1007/s10623-012-9743-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-012-9743-x