{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T04:59:21Z","timestamp":1764997161979,"version":"3.41.0"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319765778"},{"type":"electronic","value":"9783319765785"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-76578-5_13","type":"book-chapter","created":{"date-parts":[[2018,2,28]],"date-time":"2018-02-28T09:23:52Z","timestamp":1519809832000},"page":"381-406","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["A Practical Cryptanalysis of WalnutDSA$$^{\\text {TM}}$$"],"prefix":"10.1007","author":[{"given":"Daniel","family":"Hart","sequence":"first","affiliation":[]},{"given":"DoHoon","family":"Kim","sequence":"additional","affiliation":[]},{"given":"Giacomo","family":"Micheli","sequence":"additional","affiliation":[]},{"given":"Guillermo","family":"Pascual-Perez","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3482-6743","authenticated-orcid":false,"given":"Christophe","family":"Petit","sequence":"additional","affiliation":[]},{"given":"Yuxuan","family":"Quek","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,3,1]]},"reference":[{"key":"13_CR1","doi-asserted-by":"crossref","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 1994 Proceedings of 35th Annual Symposium on Foundations of Computer Science, pp. 124\u2013134. IEEE (1994)","DOI":"10.1109\/SFCS.1994.365700"},{"key":"13_CR2","first-page":"114","volume":"44","author":"RJ McEliece","year":"1978","unstructured":"McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Prog. Rep. 44, 114\u2013116 (1978)","journal-title":"Deep Space Netw. Prog. Rep."},{"key":"13_CR3","doi-asserted-by":"publisher","unstructured":"Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147\u2013191. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-540-88702-7_5","DOI":"10.1007\/978-3-540-88702-7_5"},{"key":"13_CR4","doi-asserted-by":"publisher","unstructured":"Ding, J., Yang, B.Y.: Multivariate public key cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 193\u2013241. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-540-88702-7_6","DOI":"10.1007\/978-3-540-88702-7_6"},{"key":"13_CR5","unstructured":"Garber, D.: Braid Group Cryptography. CoRR abs\/0711.3941 (2007). http:\/\/arxiv.org\/abs\/0711.3941"},{"key":"13_CR6","unstructured":"SecureRF. https:\/\/www.securerf.com\/"},{"key":"13_CR7","unstructured":"Anshel, I., Atkins, D., Goldfeld, D., Gunnells, P.E.: WalnutDSA$$^{\\rm TM}$$: a quantum-resistant digital signature algorithm. Cryptology ePrint Archive, Report 2017\/058 (2017). http:\/\/eprint.iacr.org\/2017\/058"},{"key":"13_CR8","unstructured":"SecureRF and Intel collaboration delivers future-proof FPGA security solutions. https:\/\/www.iot-now.com\/2017\/09\/28\/67603-securerf-intel-collaboration-delivers-future-proof-fpga-security-solutions\/"},{"key":"13_CR9","unstructured":"Ben-Zvi, A., Blackburn, S.R., Tsaban, B.: A practical cryptanalysis of the algebraic eraser. Cryptology ePrint Archive, Report 2015\/1102 (2015). http:\/\/eprint.iacr.org\/2015\/1102"},{"issue":"1","key":"13_CR10","first-page":"63","volume":"1","author":"AD Myasnikov","year":"2009","unstructured":"Myasnikov, A.D., Ushakov, A.: Cryptanalysis of Anshel-Anshel-Goldfeld-Lemieux key agreement protocol. Groups Complex. Cryptol. 1(1), 63\u201375 (2009)","journal-title":"Groups Complex. Cryptol."},{"issue":"1","key":"13_CR11","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1016\/j.aam.2012.03.001","volume":"49","author":"A Kalka","year":"2012","unstructured":"Kalka, A., Teicher, M., Tsaban, B.: Short expressions of permutations as products and cryptanalysis of the algebraic eraser. Adv. Appl. Math. 49(1), 57\u201376 (2012)","journal-title":"Adv. Appl. Math."},{"issue":"1","key":"13_CR12","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1093\/qmath\/20.1.235","volume":"20","author":"FA Garside","year":"1969","unstructured":"Garside, F.A.: The braid group and other groups. Q. J. Math. 20(1), 235\u2013254 (1969)","journal-title":"Q. J. Math."},{"key":"13_CR13","doi-asserted-by":"publisher","first-page":"221","DOI":"10.4171\/GGD\/12","volume":"1","author":"J Birman","year":"2007","unstructured":"Birman, J., Gebhardt, V., Gonz\u00e1ilez-Meneses, J.: Conjugacy in Garside groups I: cyclings, powers and rigidity. Groups. Geom. Dyn. 1, 221\u2013279 (2007)","journal-title":"Groups. Geom. Dyn."},{"issue":"2","key":"13_CR14","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1006\/aima.1997.1605","volume":"125","author":"P Dehornoy","year":"1997","unstructured":"Dehornoy, P.: A fast method for comparing braids. Adv. Math. 125(2), 200\u2013235 (1997)","journal-title":"Adv. Math."},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Tillich, J.P., Z\u00e9mor, G.: Hashing with $$SL_2$$. In: CRYPTO, pp. 40\u201349 (1994)","DOI":"10.1007\/3-540-48658-5_5"},{"key":"13_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/978-3-540-85855-3_18","volume-title":"Security and Cryptography for Networks","author":"C Petit","year":"2008","unstructured":"Petit, C., Lauter, K., Quisquater, J.-J.: Full cryptanalysis of LPS and morgenstern hash functions. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 263\u2013277. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85855-3_18"},{"key":"13_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-642-19574-7_20","volume-title":"Selected Areas in Cryptography","author":"C Petit","year":"2011","unstructured":"Petit, C., Quisquater, J.-J.: Preimages for the Tillich-Z\u00e9mor hash function. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 282\u2013301. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19574-7_20"},{"key":"13_CR18","unstructured":"Babai, L., Hayes, T.: Near-independence of permutations and an almost sure polynomial bound on the diameter of the symmetric group. In: SODA, pp. 1057\u20131066 (2005)"},{"key":"13_CR19","doi-asserted-by":"publisher","first-page":"733","DOI":"10.1090\/noti1001","volume":"60","author":"C Petit","year":"2013","unstructured":"Petit, C., Quisquater, J.J.: Rubik\u2019s for cryptographers. Not. Am. Math. Soc. 60, 733\u2013739 (2013)","journal-title":"Not. Am. Math. Soc."},{"key":"13_CR20","unstructured":"Katz, J., Lindell, Y.: Introduction to Modern Cryptography. 2nd edn. Chapman & Hall\/CRC Cryptography and Network Security Series. CRC Press\/Taylor & Francis Group, Boca Raton (2014)"},{"key":"13_CR21","doi-asserted-by":"crossref","DOI":"10.1201\/9781439865699","volume-title":"Word Processing in Groups","author":"DBA Epstein","year":"1992","unstructured":"Epstein, D.B.A., Paterson, M.S., Cannon, J.W., Holt, D.F., Levy, S.V., Thurston, W.P.: Word Processing in Groups. A. K. Peters Ltd., Natick (1992)"},{"issue":"4","key":"13_CR22","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1093\/qmath\/45.4.479","volume":"45","author":"EA Elrifai","year":"1994","unstructured":"Elrifai, E.A., Morton, H.: Algorithms for positive braids. Q. J. Math. 45(4), 479\u2013497 (1994)","journal-title":"Q. J. Math."},{"issue":"1","key":"13_CR23","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1016\/j.jalgebra.2005.02.002","volume":"292","author":"V Gebhardt","year":"2005","unstructured":"Gebhardt, V.: A new approach to the conjugacy problem in Garside groups. J. Algebra 292(1), 282\u2013302 (2005). Computational Algebra","journal-title":"J. Algebra"},{"key":"13_CR24","unstructured":"Hughes, J., Tannenbaum, A.: Length-Based Attacks for Certain Group Based Encryption Rewriting Systems. CoRR cs.CR\/0306032 (2003)"},{"issue":"3","key":"13_CR25","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1016\/j.aam.2005.03.002","volume":"35","author":"D Garber","year":"2005","unstructured":"Garber, D., Kaplan, S., Teicher, M., Tsaban, B., Vishne, U.: Probabilistic solutions of equations in the braid group. Adv. Appl. Math. 35(3), 323\u2013334 (2005)","journal-title":"Adv. Appl. Math."},{"key":"13_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1007\/978-3-540-71677-8_6","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"AD Myasnikov","year":"2007","unstructured":"Myasnikov, A.D., Ushakov, A.: Length based attack and braid groups: cryptanalysis of Anshel-Anshel-Goldfeld key exchange protocol. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 76\u201388. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-71677-8_6"},{"key":"13_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/3-540-45450-0_15","volume-title":"Information Security and Privacy","author":"J Hughes","year":"2002","unstructured":"Hughes, J.: A linear algebraic attack on the AAFG1 braid group cryptosystem. In: Batten, L., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 176\u2013189. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45450-0_15"},{"key":"13_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/3-540-46035-7_2","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"SJ Lee","year":"2002","unstructured":"Lee, S.J., Lee, E.: Potential weaknesses of the commutator key agreement protocol based on braid groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 14\u201328. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_2"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1007\/978-3-540-45146-4_13","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"JH Cheon","year":"2003","unstructured":"Cheon, J.H., Jun, B.: A polynomial time algorithm for the braid Diffie-Hellman conjugacy problem. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 212\u2013225. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_13"},{"issue":"4","key":"13_CR30","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1016\/S0195-6698(05)80029-0","volume":"13","author":"L Babai","year":"1992","unstructured":"Babai, L., Seress, \u00c1.: On the diameter of permutation groups. Eur. J. Comb. 13(4), 231\u2013243 (1992)","journal-title":"Eur. J. Comb."},{"issue":"2","key":"13_CR31","doi-asserted-by":"publisher","first-page":"601","DOI":"10.4007\/annals.2008.167.601","volume":"167","author":"HA Helfgott","year":"2008","unstructured":"Helfgott, H.A.: Growth and generation in $$SL_2(Z\/pZ)$$. Ann. Math. 167(2), 601\u2013623 (2008)","journal-title":"Ann. Math."},{"issue":"1","key":"13_CR32","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1090\/S0894-0347-2014-00821-3","volume":"29","author":"L Pyber","year":"2016","unstructured":"Pyber, L., Szab\u00f3, E.: Growth in finite simple groups of Lie type. J. Am. Math. Soc. 29(1), 95\u2013146 (2016)","journal-title":"J. Am. Math. Soc."},{"key":"13_CR33","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/978-1-4419-5906-5_126","volume-title":"Encyclopedia of Cryptography and Security","author":"C Petit","year":"2011","unstructured":"Petit, C., Quisquater, J.: Cayley hash functions. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, vol. 2, pp. 183\u2013184. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-1-4419-5906-5_126"},{"issue":"4","key":"13_CR34","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1007\/BF01388652","volume":"4","author":"G Z\u00e9mor","year":"1994","unstructured":"Z\u00e9mor, G.: Hash functions and Cayley graphs. Des. Codes Crypt. 4(4), 381\u2013394 (1994)","journal-title":"Des. Codes Crypt."},{"key":"13_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1007\/3-540-57843-9_12","volume-title":"Algebraic Coding","author":"J-P Tillich","year":"1994","unstructured":"Tillich, J.-P., Z\u00e9mor, G.: Group-theoretic hash functions. In: Cohen, G., Litsyn, S., Lobstein, A., Z\u00e9mor, G. (eds.) Algebraic Coding 1993. LNCS, vol. 781, pp. 90\u2013110. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-57843-9_12"},{"issue":"1","key":"13_CR36","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1007\/s00145-010-9063-0","volume":"24","author":"M Grassl","year":"2011","unstructured":"Grassl, M., Ilic, I., Magliveras, S.S., Steinwandt, R.: Cryptanalysis of the Tillich-Z\u00e9mor hash function. J. Cryptol. 24(1), 148\u2013156 (2011)","journal-title":"J. Cryptol."},{"issue":"1","key":"13_CR37","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/s00145-007-9002-x","volume":"22","author":"DX Charles","year":"2009","unstructured":"Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. Cryptol. 22(1), 93\u2013113 (2009)","journal-title":"J. Cryptol."},{"key":"13_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-540-78967-3_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"J-P Tillich","year":"2008","unstructured":"Tillich, J.-P., Z\u00e9mor, G.: Collisions for the LPS expander graph hash function. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 254\u2013269. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_15"},{"key":"13_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/3-540-69053-0_13","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1997","author":"M Bellare","year":"1997","unstructured":"Bellare, M., Micciancio, D.: A new paradigm for collision-free hashing: incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163\u2013192. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_13"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Anshel, I., Anshel, M., Goldfeld, D., Lemieux, S.: Key agreement, the algebraic eraser$$^{\\rm TM}$$, and lightweight cryptography. In: Algebraic Methods in Cryptography. Contemporary Mathematics, vol. 418, pp. 1\u201334. American Mathematical Society, Providence (2006)","DOI":"10.1090\/conm\/418\/07943"},{"key":"13_CR41","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols, pp. 62\u201373. ACM Press (1993)","DOI":"10.1145\/168588.168596"},{"key":"13_CR42","doi-asserted-by":"crossref","DOI":"10.1515\/9781400881420","volume-title":"Braids, Links, and Mapping Class Groups: Annals of Mathematics Studies","author":"JS Birman","year":"1975","unstructured":"Birman, J.S.: Braids, Links, and Mapping Class Groups: Annals of Mathematics Studies, vol. 82. Princeton University Press, Princeton (1975)"},{"issue":"4","key":"13_CR43","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1080\/03081088908817916","volume":"24","author":"WC Waterhouse","year":"1989","unstructured":"Waterhouse, W.C.: Two generators for the general linear groups over finite fields. Linear Multilinear Algebra 24(4), 227\u2013230 (1989)","journal-title":"Linear Multilinear Algebra"},{"key":"13_CR44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"PC van Oorschot","year":"1999","unstructured":"van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12, 1\u201328 (1999)","journal-title":"J. Cryptol."},{"key":"13_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/3-540-46885-4_43","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1989","author":"J-J Quisquater","year":"1990","unstructured":"Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search? Application to DES. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 429\u2013434. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/3-540-46885-4_43"},{"issue":"3\u20134","key":"13_CR46","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1006\/jsco.1996.0125","volume":"24","author":"W Bosma","year":"1997","unstructured":"Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24(3\u20134), 235\u2013265 (1997). Computational algebra and number theory (London, 1993)","journal-title":"J. Symb. Comput."}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2018"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-76578-5_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T03:18:28Z","timestamp":1751426308000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-76578-5_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319765778","9783319765785"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-76578-5_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"1 March 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PKC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IACR International Workshop on Public Key Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rio de Janeiro","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Brazil","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 March 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 March 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pkc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pkc.iacr.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}