{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T05:00:04Z","timestamp":1764997204437,"version":"3.37.3"},"reference-count":18,"publisher":"Springer Science and Business Media LLC","issue":"10","license":[{"start":{"date-parts":[[2019,2,8]],"date-time":"2019-02-08T00:00:00Z","timestamp":1549584000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100006769","name":"Russian Science Foundation","doi-asserted-by":"publisher","award":["N16-11-10002"],"award-info":[{"award-number":["N16-11-10002"]}],"id":[{"id":"10.13039\/501100006769","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2019,10]]},"DOI":"10.1007\/s10623-019-00615-y","type":"journal-article","created":{"date-parts":[[2019,2,8]],"date-time":"2019-02-08T11:53:50Z","timestamp":1549626830000},"page":"2231-2250","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["An attack on the Walnut digital signature algorithm"],"prefix":"10.1007","volume":"87","author":[{"given":"Matvei","family":"Kotov","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7981-7352","authenticated-orcid":false,"given":"Anton","family":"Menshov","sequence":"additional","affiliation":[]},{"given":"Alexander","family":"Ushakov","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,2,8]]},"reference":[{"key":"615_CR1","unstructured":"Anshel I., Atkins D., Goldfeld P., Gunnels D.: The Walnut digital signature algorithm(TM) specification. Submitted to NIST PQC project (2017). Available at \n                    https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions\n                    \n                  , accessed 4 April 2018."},{"key":"615_CR2","unstructured":"Anshel I., Atkins D., Goldfeld P., Gunnels D.: Kayawood, a key agreement protocol. Preprint. Available at \n                    https:\/\/eprint.iacr.org\/2017\/1162\n                    \n                   (version: 30-Nov-2017) (2017)."},{"key":"615_CR3","unstructured":"Anshel I., Atkins D., Goldfeld P., Gunnels D.: WalnutDSA(TM): a quantum-resistant digital signature algorithm. Preprint. Available at \n                    https:\/\/eprint.iacr.org\/2017\/058\n                    \n                   (version: 30-Nov-2017) (2017)."},{"key":"615_CR4","unstructured":"Beullens W., Blackburn S.R.: Practical attacks against the Walnut digital signature scheme. Preprint. Available at \n                    https:\/\/eprint.iacr.org\/2018\/318\/20180404:153741\n                    \n                   (2018)."},{"key":"615_CR5","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1006\/aima.1998.1761","volume":"139","author":"JS Birman","year":"1998","unstructured":"Birman J.S., Ko K.H., Lee S.J.: A new approach to the word and conjugacy problems in the braid groups. Adv. Math. 139, 322\u2013353 (1998).","journal-title":"Adv. Math."},{"key":"615_CR6","unstructured":"CRyptography And Groups (CRAG) C++ Library. Available at \n                    https:\/\/github.com\/stevens-crag\/crag\n                    \n                  ."},{"key":"615_CR7","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1006\/aima.1997.1605","volume":"125","author":"P Dehornoy","year":"1997","unstructured":"Dehornoy P.: A fast method for comparing braids. Adv. Math. 125, 200\u2013235 (1997).","journal-title":"Adv. Math."},{"key":"615_CR8","doi-asserted-by":"publisher","DOI":"10.1201\/9781439865699","volume-title":"Word Processing in Groups","author":"DBA Epstein","year":"1992","unstructured":"Epstein D.B.A., Cannon J.W., Holt D.F., Levy S.V.F., Paterson M.S., Thurston W.P.: Word Processing in Groups. Jones and Bartlett Publishers, Burlington (1992)."},{"key":"615_CR9","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1016\/j.jalgebra.2005.02.002","volume":"292","author":"V Gebhardt","year":"2005","unstructured":"Gebhardt V.: A new approach to the conjugacy problem in garside groups. J. Algebra 292, 282\u2013302 (2005).","journal-title":"J. Algebra"},{"key":"615_CR10","unstructured":"Hart D., Kim D., Micheli G., Perez G.P., Petit C., Quek Y.: A practical cryptanalysis of WalnutDSA. In: Public-key cryptography\u2014PKC 2018, pp. 381\u2013406. Springer, New York (2018)."},{"key":"615_CR11","doi-asserted-by":"publisher","first-page":"665","DOI":"10.1016\/S0021-8693(03)00167-4","volume":"264","author":"IE Kapovich","year":"2003","unstructured":"Kapovich I.E., Miasnikov A.G., Schupp P.E., Shpilrain V.E.: Generic-case complexity, decision problems in group theory and random walks. J. Algebra 264, 665\u2013694 (2003).","journal-title":"J. Algebra"},{"key":"615_CR12","unstructured":"Kotov M.V., Menshov A.V., Ushakov A.V.: Attack on Kayawood protocol: uncloaking private keys. Preprint. Available at \n                    https:\/\/eprint.iacr.org\/2018\/604\n                    \n                   (version: 18-Jun-2018) (2018)."},{"key":"615_CR13","unstructured":"NIST PQC forum. Available at \n                    https:\/\/groups.google.com\/a\/list.nist.gov\/forum\/#!forum\/pqc-forum\n                    \n                  , accessed April 4 2018 (2018)."},{"key":"615_CR14","unstructured":"Miasnikov A.G., Shpilrain V.E., Ushakov A.V.: A practical attack on some braid group based cryptographic protocols. In: Advances in Cryptology\u2014CRYPTO 2005, volume 3621 of Lecture Notes on Computer Science, pp. 86\u201396. Springer, Berlin (2005)."},{"key":"615_CR15","unstructured":"Miasnikov A.G., Shpilrain V.E., Ushakov A.V.: Random subgroups of braid groups: an approach to cryptanalysis of a braid group based cryptographic protocol. In: Advances in Cryptology\u2014PKC 2006, volume 3958 of Lecture Notes on Computer Science, pp. 302\u2013314. Springer, Berlin (2006)."},{"key":"615_CR16","volume-title":"Non-commutative Cryptography and Complexity of Group-Theoretic Problems. Mathematical Surveys and Monographs","author":"AG Miasnikov","year":"2011","unstructured":"Miasnikov A.G., Shpilrain V.E., Ushakov A.V.: Non-commutative Cryptography and Complexity of Group-Theoretic Problems. Mathematical Surveys and Monographs. AMS, Providence (2011)."},{"key":"615_CR17","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1016\/0196-6774(91)90011-M","volume":"12","author":"MS Paterson","year":"1991","unstructured":"Paterson M.S., Razborov A.A.: The set of minimal braids is co-NP-complete. J. Algorithms 12, 393\u2013408 (1991).","journal-title":"J. Algorithms"},{"key":"615_CR18","unstructured":"Wang, J.: Average-case completeness of a word problem for groups. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, STOC \u201995, pp. 325\u2013334. ACM (1995)."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10623-019-00615-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00615-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00615-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,7]],"date-time":"2020-02-07T19:16:00Z","timestamp":1581102960000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10623-019-00615-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,8]]},"references-count":18,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2019,10]]}},"alternative-id":["615"],"URL":"https:\/\/doi.org\/10.1007\/s10623-019-00615-y","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"type":"print","value":"0925-1022"},{"type":"electronic","value":"1573-7586"}],"subject":[],"published":{"date-parts":[[2019,2,8]]},"assertion":[{"value":"5 May 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 January 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 January 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 February 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}