Analysis and Applications of Two Group-Theoretic Problems in Post-Quantum Cryptography

This thesis makes significant contributions to the analysis of two computational problems arising from a cryptosystem in group-based, post-quantum cryptography, and proposes a novel application of the underlying mathematical structure.

After an introductory Chapter 1 setting the historical context in which our research appears, Chapter 2 begins by introducing Semidirect Product Key Exchange (SDPKE), a generalisation of the famous Diffie-Hellman Key Exchange. Various cryptosystems are discussed in this framework and their respective cryptanalyses are systematised and interpreted as analysis of the complexity of a computational problem called the Semidirect Computational Diffie-Hellman problem. We also augment some of this analysis with our own results, and fill out technical gaps implicit in the literature.

SDPKE also naturally gives rise to an analogue of the Discrete Logarithm Problem, called the Semidirect Discrete Logarithm Problem (SDLP). Almost nothing was known about this problem - partially because of a misunderstanding of its importance in the literature - but in Chapter 3 we classify its quantum complexity by proving that the structure of SDPKE occurs as an example of a so-called cryptographic group action. Doing so requires the development of a bespoke quantum algorithm to get around certain technical difficulties; this is the first example of a quantum algorithm constructed for use in the cryptanalysis of group-based cryptography.

The structure of a cryptographic group action gives us access to a surprisingly rich variety of work, including an idea for an efficient Digital Signature Scheme based on the structure of cryptographic group actions. In Chapter 4 we define this scheme, christened SPDH-Sign; we prove its security, and show that the SDPKE-type group action offers advantages with respect to efficient sampling compared to other group actions. We also propose a particular group for use with SPDH-Sign, taking into account the cryptanalytic work discussed throughout the rest of the thesis.