Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}

Fernando Virdia

Paper 2023/1425

Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}

Fernando Virdia

Abstract

A recent series of works (Hecht, IACR ePrint, 2020–2021) propose to build post-quantum public-key encapsulation, digital signatures, group key agreement and oblivious transfer from "R-propped" variants of the Symmetrical Decomposition and Discrete Logarithm problems for matrix groups over $\mathbb{F}_{2^8}$. We break all four proposals by presenting a linearisation attack on the Symmetrical Decomposition platform, a forgery attack on the signature scheme, and a demonstration of the insecurity of the instances of the Discrete Logarithm Problem used for signatures, group key agreement and oblivious transfer, showing that none of the schemes provides adequate security.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. Mathematical Cryptology
Keywords: non-commutative cryptography R-propping
Contact author(s): f virdia @ gmx com
History: 2023-09-24: approved; 2023-09-20: received; See all versions
Short URL: https://ia.cr/2023/1425
License: CC BY-SA

BibTeX

@misc{cryptoeprint:2023/1425,
      author = {Fernando Virdia},
      title = {Popping “R-propping”: breaking hardness assumptions for matrix groups over F_{2^8}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1425},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1425}
}