Paper 2023/1425

Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}

Fernando Virdia
Abstract

A recent series of works (Hecht, IACR ePrint, 2020–2021) propose to build post-quantum public-key encapsulation, digital signatures, group key agreement and oblivious transfer from "R-propped" variants of the Symmetrical Decomposition and Discrete Logarithm problems for matrix groups over $\mathbb{F}_{2^8}$. We break all four proposals by presenting a linearisation attack on the Symmetrical Decomposition platform, a forgery attack on the signature scheme, and a demonstration of the insecurity of the instances of the Discrete Logarithm Problem used for signatures, group key agreement and oblivious transfer, showing that none of the schemes provides adequate security.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Mathematical Cryptology
Keywords
non-commutative cryptographyR-propping
Contact author(s)
f virdia @ gmx com
History
2023-09-24: approved
2023-09-20: received
See all versions
Short URL
https://ia.cr/2023/1425
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX

@misc{cryptoeprint:2023/1425,
      author = {Fernando Virdia},
      title = {Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1425},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1425}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.