On the Wagner–Magyarik Cryptosystem

摘要

We investigate a monoid variant of the scheme based on the word problem on groups proposed by Wagner and Magyarik at Crypto’84, that has the advantage of being immune to reaction attacks so far. We study the security of this variant. Our main result is a complexity-theoretic one: we show that the problem underlying this cryptosystem, say WM, is NP-hard. We also present an algorithm for solving WM. Its complexity permits to shed light on the size of the parameters to choose to reach a given level of security.