# Vladimir ShpilrainCity College of New York | CCNY · Department of Mathematics

Vladimir Shpilrain

## About

206

Publications

20,716

Reads

**How we measure 'reads'**

A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more

2,413

Citations

Introduction

Vladimir Shpilrain currently works at the Department of Mathematics, City College of New York. Vladimir does research in Information Security and in Algebra.

**Skills and Expertise**

Additional affiliations

September 1998 - present

February 1993 - February 1995

**Ruhr-Universität Bochum**

## Publications

Publications (206)

The worst-case complexity of group-theoretic algorithms has been studied for a long time. Generic-case complexity, or complexity on random inputs, was introduced and studied relatively recently. In this paper, we address the average-case complexity (i.e., the expected runtime) of algorithms that solve a well-known problem, the Whitehead problem in...

The worst-case complexity of group-theoretic algorithms has been studied for a long time. Generic-case complexity, or complexity on random inputs, was introduced and studied relatively recently. In this paper, we address the average-case time complexity of the word problem in several classes of groups and show that it is often the case that the ave...

We offer a public key exchange protocol based on a semidirect product of two cyclic (semi)groups of matrices over Z p {{\mathbb{Z}}}_{p}. One of the (semi)groups is additive, and the other one is multiplicative. This allows us to take advantage of both operations on matrices to diffuse information. We note that in our protocol, no power of any matr...

The purpose of this short paper is to explain the difference between encrypting real-life data and encrypting elements with a ring structure in the context of fully homomorphic encryption (FHE). Specifically, our encryption of real-life data is in two stages. First, we use a private-key embedding of real-life data in a ring; this embedding does not...

We reflect on how to define the complexity of a matrix and how to sample a random invertible matrix. We also discuss a related issue of complexity of algorithms in matrix groups.

We use matrices over bit strings as platforms for Diffie-Hellman-like public key exchange protocols. When multiplying matrices like that, we use Boolean OR operation on bit strings in place of addition and Boolean AND operation in place of multiplication. As a result, (1) computations with these matrices are very efficient; (2) standard methods of...

The worst-case complexity of group-theoretic algorithms has been studied for a long time. Generic-case complexity, or complexity on random inputs, was introduced and studied relatively recently. In this paper, we address the average-case complexity of algorithms that solve a well-known problem, the Whitehead problem in a free group, which is: given...

Delegation of pairings from a computationally weaker client to a computationally stronger server has been advocated to expand the applicability of pairing-based cryptographic protocols to computation paradigms with resource-constrained devices. Important requirements for such delegation protocols include privacy of the client’s inputs and security...

In this short note, we address a common misconception at the interface of probability theory and public-key cryptography.

A blockchain is redactable if a private key holder (e.g. a central authority) can change any single block without violating integrity of the whole blockchain, but no other party can do that. In this paper, we offer a simple method of constructing redactable blockchains inspired by the ideas underlying the well-known RSA encryption scheme. Notably,...

Many public-key cryptosystems and, more generally, cryptographic protocols, use group exponentiations as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client (i.e., capable of performing a relatively small number of modular multip...

Group exponentiation is an important and relatively expensive operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is delegated from a computationally weaker client to a computationally...

We offer a public key exchange protocol based on a semidirect product of two cyclic (semi)groups of matrices over Z_p. One of the (semi)groups is additive, the other one multiplicative. This allows us to take advantage of both operations on matrices to diffuse information. We note that in our protocol, no power of any matrix or of any element of Z_...

Many public-key cryptosystems and, more generally, cryptographic protocols, use pairings as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client delegates such primitive operations to a computationally stronger server. Important r...

This book shows new directions in group theory motivated by computer science. It reflects the transition from geometric group theory to group theory of the 21st century that has strong connections to computer science. Now that geometric group theory is drifting further and further away from group theory to geometry, it is natural to look for new to...

In this short note, we address a common misconception at the interface of probability theory and public-key cryptography.

We offer a probabilistic solution of Yao’s millionaires’ problem that gives correct answer with probability (slightly) less than 1 but on the positive side, this solution does not use any one-way functions.

A blockchain is redactable if a private key holder (e.g. a central authority) can change any single block without violating integrity of the whole blockchain, but no other party can do that. In this paper, we offer a simple method of constructing redactable blockchains inspired by the ideas underlying the well-known RSA encryption scheme. Notably,...

Many public-key cryptosystems and, more generally, cryp- tographic protocols, use pairings as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client del- egates such primitive operations to a computationally stronger server. Importa...

We utilize a type of encryption scheme known as a Fully Homomorphic Encryption (FHE) scheme which allows for computation over encrypted data. Our encryption scheme is more efficient than other publicly available FHE schemes, making it more feasible. We conduct simulations based on common scenarios in which this ability is useful. In the first simul...

We use extensions of tropical algebras as platforms for very efficient public key exchange protocols.

Clinicians would benefit from access to predictive models for diagnosis, such as classification of tumors as malignant or benign, without compromising patients’ privacy. In addition, the medical institutions and companies who own these medical information systems wish to keep their models private when in use by outside parties. Fully homomorphic en...

We use extensions of tropical algebras as platforms for very efficient public key exchange protocols.

We offer a public-key encryption protocol where decryption of a single bit by a legitimate party is correct with probability p that is greater than 1/2 but less than 1. At the same time, a computationally unbounded (passive) adversary correctly recovers the transmitted bit with probability exactly 1/2.

Group exponentiation is an important and expensive operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is delegated from a computationally weaker client to a computationally stronger s...

Fully homomophic encryption enables private computation over sensitive data, such as medical data, via potentially quantum-safe primitives. In this extended abstract we provide an overview of an implementation of a private-key fully homomorphic encryption scheme in a protocol for private Naive Bayes classification. This protocol allows a data owner...

We describe a practical fully homomorphic encryption (FHE) scheme based on homomorphisms between rings and show that it enables very efficient computation on encrypted data. Our encryption though is private-key; public information is only used to operate on encrypted data without decrypting it. Still, we show that our method allows for a third part...

This is a survey of algorithmic problems in group theory, old and new, motivated by applications to cryptography.

We offer a probabilistic solution of Yao's millionaires' problem that gives correct answer with probability (slightly) less than 1 but on the positive side, this solution does not use any one-way functions.

Group exponentiation is an important operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is outsourced from a computationally weaker client to a computationally stronger server, possib...

We offer efficient and practical solutions of Yao’s millionaires’ problem without using any one-way functions. Some of the solutions involve physical principles, while others are purely mathematical. One of our solutions (based on physical principles) yields a public-key encryption protocol secure against (passive) computationally unbounded adversa...

We consider what some authors call “parabolic Möbius subgroups” of matrices over Z, Q, and R and focus on the membership problem in these subgroups and complexity of relevant algorithms.

In this survey, we describe a general key exchange protocol based on semidirect product of (semi)groups (more specifically, on extensions of (semi)groups by automorphisms), and then focus on practical instances of this general idea. This protocol can be based on any group or semigroup, in particular on any non-commutative group. One of its special...

We consider what some authors call 'parabolic M\"obius subgroups' of matrices over Z, Q, and R and focus on the membership problem in these subgroups and complexity of relevant algorithms.

Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with linear functions of one variable over 𝔽p. The correspon...

In this survey, we describe a general key exchange protocol based on semidirect product of (semi)groups (more specifically, on extensions of (semi)groups by automorphisms), and then focus on practical instances of this general idea. This protocol can be based on any group or semigroup, in particular on any non-commutative group. One of its special...

Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, $A$ and $B$, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with linear functions of one variable over $F_p$. The co...

Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with \(2 \times 2\) matrices over \(\mathbb {F}_p\). Since t...

We consider the problem of delegating computation of group operations from a computationally weaker client holding an input and a description of a function, to a single computationally stronger server holding a description of the same function. Solutions need to satisfy natural correctness, security, privacy and efficiency requirements. We obtain d...

In this survey, we discuss an emerging concept of decoy-based information security, or security without computational assumptions. In particular, we show how this concept can be implemented to provide security against (passive) computationally unbounded adversary in some public-key encryption protocols. In the world of symmetric cryptography, decoy...

Cayley hash functions are based on a simple idea of using a pair of
(semi)group elements, $A$ and $B$, to hash the 0 and 1 bit, respectively, and
then to hash an arbitrary bit string in the natural way, by using
multiplication of elements in the (semi)group. In this paper, we focus on
hashing with $2 \times 2$ matrices over $F_p$. Since there are m...

We propose a cryptosystem based on matrices over group rings and claim that
it is secure against adaptive chosen ciphertext attack.

We employ tropical algebras as platforms for several cryptographic schemes that would be vulnerable to linear algebra attacks were they based on "usual" algebras as platforms.

We use various laws of classical physics to offer several solutions of Yao's
millionaires' problem without using any one-way functions. We also describe
several informationally secure public key encryption protocols, i.e., protocols
secure against passive computationally unbounded adversary. This introduces a
new paradigm of decoy-based cryptograph...

We employ physical properties of the real world to design a protocol for secure information transmission where one of the parties is able to transmit secret information to another party over an insecure channel, without any prior secret arrangements between the parties. The distinctive feature of this protocol, compared to all known public-key cryp...

In this paper, we describe a brand new key exchange protocol based on a
semidirect product of (semi)groups (more specifically, on extension of a
(semi)group by automorphisms), and then focus on practical instances of this
general idea. Our protocol can be based on any group, in particular on any
non-commutative group. One of its special cases is th...

We offer a public key exchange protocol in the spirit of Diffie-Hellman, but
we use (small) matrices over a group ring of a (small) symmetric group as the
platform. This "nested structure" of the platform makes computation very
efficient for legitimate parties. We discuss security of this scheme by
addressing the Decision Diffie-Hellman (DDH) and C...

We show that some problems in information security can be solved without
using one-way functions. The latter are usually regarded as a central concept
of cryptography, but the very existence of one-way functions depends on
difficult conjectures in complexity theory, most notably on the notorious "$P
\ne NP$" conjecture.
In this paper, we suggest pr...

We employ tropical algebras as platforms for several cryptographic schemes that would be vulnerable to linear algebra attacks were they based on "usual" algebras as platforms.

We employ physical properties of the real world to design a protocol for secure information transmission where one of the parties is able to transmit secret information to another party over an insecure channel, without any prior secret arrangements between the parties. The distinctive feature of this protocol, compared to all known public-key cryp...

We show that some problems in information security can be solved with-out using one-way functions. The latter are usually regarded as a central concept of cryptography, but the very existence of one-way functions depends on difficult con-jectures in complexity theory, most notably on the notorious "P = N P " conjecture. This is why cryptographic pr...

A (t,n)-threshold secret sharing scheme is a method to distribute a secret
among n participants in such a way that any t participants can recover the
secret, but no t-1 participants can. In this paper, we propose two secret
sharing schemes using non-abelian groups. One scheme is the special case where
all the participants must get together to recov...

We propose a class of authentication schemes that are literally zero- knowledge, as compared to what is formally deflned as \zero-knowledge" in crypto- graphic literature. The principal idea behind our schemes is: the verifler challenges the prover with a question that has only a small number of possible answers (say, just 2), and such that the ver...

We propose a class of authentication schemes that are literally zero-knowledge, as compared to what is formally defined as "zero-knowledge" in crypto-graphic literature. We call this "no-leak" authentication to distinguish from an estab-lished "zero-knowledge" concept. The "no-leak" condition implies "zero-knowledge" (even "perfect zero-knowledge")...

We show that some problems in cryptography can be solved without using one-way functions. The latter are usually regarded as a central concept of cryptography, but the very existence of one-way functions depends on difficult conjectures in complexity theory, most notably on the notorious “P ̸ = NP ” conjecture. This is why cryptographic primitives...

We propose a generalization of the learning parity with noise (LPN) and learning with errors (LWE) problems to an abstract class of group-theoretic learning problems that we term learning homomorphisms with noise (LHN). This class of problems contains LPN and LWE as special cases, but is much more general. It allows, for example, instantiations
bas...

Sublinear time algorithms represent a new paradigm in computing, where an
algorithm must give some sort of an answer after inspecting only a small
portion of the input. The most typical situation where sublinear time
algorithms are considered is property testing. There are several interesting
contexts where one can test properties in sublinear time...

Some time ago, Shpilrain and Yu reported an algorithm for deciding whether or not a polynomial p 2 K(x;y) is a coordinate, or, equivalently, whether or not a plane curve p(x;y) = 0 is isomorphic to a line. Here K is any constructible fleld of characteristic 0. In this paper, we show that their algorithm requires O(n2 log2 n) fleld operations, where...

We propose a couple of general ways of constructing authentication schemes from actions of a semigroup on a set, without exploiting any specific algebraic properties of the set acted upon. Then we give several concrete realizations of this general idea, and in particular, we describe several authentication schemes with long-term private keys where...

We propose an authentication scheme where forgery (a.k.a. impersonation) seems infeasible without finding the prover's long-term private key. The latter would follow from solving the conjugacy search problem in the platform (noncommutative) semigroup, i.e., to recovering X from X^{-1}AX and A. The platform semigroup that we suggest here is the semi...

Decision problems are problems of the following nature: given a property P and an object O, find out whether or not the object O has the property P. On the other hand, witness problems are: given a property P and an object O with the property P, find a proof of the fact that O indeed has the property P. On the third hand(?!), search problems are of...