Vladimir Shpilrain

Vladimir Shpilrain
City College of New York | CCNY · Department of Mathematics

About

206
Publications
20,716
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,413
Citations
Introduction
Vladimir Shpilrain currently works at the Department of Mathematics, City College of New York. Vladimir does research in Information Security and in Algebra.
Additional affiliations
September 1998 - present
City College of New York
February 1993 - February 1995
Ruhr-Universität Bochum

Publications

Publications (206)
Article
The worst-case complexity of group-theoretic algorithms has been studied for a long time. Generic-case complexity, or complexity on random inputs, was introduced and studied relatively recently. In this paper, we address the average-case complexity (i.e., the expected runtime) of algorithms that solve a well-known problem, the Whitehead problem in...
Preprint
Full-text available
The worst-case complexity of group-theoretic algorithms has been studied for a long time. Generic-case complexity, or complexity on random inputs, was introduced and studied relatively recently. In this paper, we address the average-case time complexity of the word problem in several classes of groups and show that it is often the case that the ave...
Article
Full-text available
We offer a public key exchange protocol based on a semidirect product of two cyclic (semi)groups of matrices over Z p {{\mathbb{Z}}}_{p}. One of the (semi)groups is additive, and the other one is multiplicative. This allows us to take advantage of both operations on matrices to diffuse information. We note that in our protocol, no power of any matr...
Article
The purpose of this short paper is to explain the difference between encrypting real-life data and encrypting elements with a ring structure in the context of fully homomorphic encryption (FHE). Specifically, our encryption of real-life data is in two stages. First, we use a private-key embedding of real-life data in a ring; this embedding does not...
Article
Full-text available
We reflect on how to define the complexity of a matrix and how to sample a random invertible matrix. We also discuss a related issue of complexity of algorithms in matrix groups.
Preprint
Full-text available
We use matrices over bit strings as platforms for Diffie-Hellman-like public key exchange protocols. When multiplying matrices like that, we use Boolean OR operation on bit strings in place of addition and Boolean AND operation in place of multiplication. As a result, (1) computations with these matrices are very efficient; (2) standard methods of...
Preprint
Full-text available
The worst-case complexity of group-theoretic algorithms has been studied for a long time. Generic-case complexity, or complexity on random inputs, was introduced and studied relatively recently. In this paper, we address the average-case complexity of algorithms that solve a well-known problem, the Whitehead problem in a free group, which is: given...
Chapter
Full-text available
Delegation of pairings from a computationally weaker client to a computationally stronger server has been advocated to expand the applicability of pairing-based cryptographic protocols to computation paradigms with resource-constrained devices. Important requirements for such delegation protocols include privacy of the client’s inputs and security...
Article
In this short note, we address a common misconception at the interface of probability theory and public-key cryptography.
Article
Full-text available
A blockchain is redactable if a private key holder (e.g. a central authority) can change any single block without violating integrity of the whole blockchain, but no other party can do that. In this paper, we offer a simple method of constructing redactable blockchains inspired by the ideas underlying the well-known RSA encryption scheme. Notably,...
Article
Full-text available
Many public-key cryptosystems and, more generally, cryptographic protocols, use group exponentiations as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client (i.e., capable of performing a relatively small number of modular multip...
Article
Full-text available
Group exponentiation is an important and relatively expensive operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is delegated from a computationally weaker client to a computationally...
Preprint
Full-text available
We offer a public key exchange protocol based on a semidirect product of two cyclic (semi)groups of matrices over Z_p. One of the (semi)groups is additive, the other one multiplicative. This allows us to take advantage of both operations on matrices to diffuse information. We note that in our protocol, no power of any matrix or of any element of Z_...
Chapter
Full-text available
Many public-key cryptosystems and, more generally, cryptographic protocols, use pairings as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client delegates such primitive operations to a computationally stronger server. Important r...
Book
This book shows new directions in group theory motivated by computer science. It reflects the transition from geometric group theory to group theory of the 21st century that has strong connections to computer science. Now that geometric group theory is drifting further and further away from group theory to geometry, it is natural to look for new to...
Preprint
Full-text available
In this short note, we address a common misconception at the interface of probability theory and public-key cryptography.
Chapter
Full-text available
We offer a probabilistic solution of Yao’s millionaires’ problem that gives correct answer with probability (slightly) less than 1 but on the positive side, this solution does not use any one-way functions.
Preprint
Full-text available
A blockchain is redactable if a private key holder (e.g. a central authority) can change any single block without violating integrity of the whole blockchain, but no other party can do that. In this paper, we offer a simple method of constructing redactable blockchains inspired by the ideas underlying the well-known RSA encryption scheme. Notably,...
Article
Full-text available
Many public-key cryptosystems and, more generally, cryp- tographic protocols, use pairings as important primitive operations. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that a computationally weaker client del- egates such primitive operations to a computationally stronger server. Importa...
Chapter
We utilize a type of encryption scheme known as a Fully Homomorphic Encryption (FHE) scheme which allows for computation over encrypted data. Our encryption scheme is more efficient than other publicly available FHE schemes, making it more feasible. We conduct simulations based on common scenarios in which this ability is useful. In the first simul...
Article
Full-text available
We use extensions of tropical algebras as platforms for very efficient public key exchange protocols.
Article
Full-text available
Clinicians would benefit from access to predictive models for diagnosis, such as classification of tumors as malignant or benign, without compromising patients’ privacy. In addition, the medical institutions and companies who own these medical information systems wish to keep their models private when in use by outside parties. Fully homomorphic en...
Preprint
Full-text available
We use extensions of tropical algebras as platforms for very efficient public key exchange protocols.
Chapter
Full-text available
We offer a public-key encryption protocol where decryption of a single bit by a legitimate party is correct with probability p that is greater than 1/2 but less than 1. At the same time, a computationally unbounded (passive) adversary correctly recovers the transmitted bit with probability exactly 1/2.
Chapter
Full-text available
Group exponentiation is an important and expensive operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is delegated from a computationally weaker client to a computationally stronger s...
Chapter
Full-text available
Fully homomophic encryption enables private computation over sensitive data, such as medical data, via potentially quantum-safe primitives. In this extended abstract we provide an overview of an implementation of a private-key fully homomorphic encryption scheme in a protocol for private Naive Bayes classification. This protocol allows a data owner...
Article
We describe a practical fully homomorphic encryption (FHE) scheme based on homomorphisms between rings and show that it enables very efficient computation on encrypted data. Our encryption though is private-key; public information is only used to operate on encrypted data without decrypting it. Still, we show that our method allows for a third part...
Article
Full-text available
This is a survey of algorithmic problems in group theory, old and new, motivated by applications to cryptography.
Article
Full-text available
We offer a probabilistic solution of Yao's millionaires' problem that gives correct answer with probability (slightly) less than 1 but on the positive side, this solution does not use any one-way functions.
Conference Paper
Full-text available
Group exponentiation is an important operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is outsourced from a computationally weaker client to a computationally stronger server, possib...
Article
Full-text available
We offer efficient and practical solutions of Yao’s millionaires’ problem without using any one-way functions. Some of the solutions involve physical principles, while others are purely mathematical. One of our solutions (based on physical principles) yields a public-key encryption protocol secure against (passive) computationally unbounded adversa...
Article
Full-text available
We consider what some authors call “parabolic Möbius subgroups” of matrices over Z, Q, and R and focus on the membership problem in these subgroups and complexity of relevant algorithms.
Conference Paper
In this survey, we describe a general key exchange protocol based on semidirect product of (semi)groups (more specifically, on extensions of (semi)groups by automorphisms), and then focus on practical instances of this general idea. This protocol can be based on any group or semigroup, in particular on any non-commutative group. One of its special...
Article
Full-text available
We consider what some authors call 'parabolic M\"obius subgroups' of matrices over Z, Q, and R and focus on the membership problem in these subgroups and complexity of relevant algorithms.
Article
Full-text available
Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with linear functions of one variable over 𝔽p. The correspon...
Article
Full-text available
In this survey, we describe a general key exchange protocol based on semidirect product of (semi)groups (more specifically, on extensions of (semi)groups by automorphisms), and then focus on practical instances of this general idea. This protocol can be based on any group or semigroup, in particular on any non-commutative group. One of its special...
Research
Full-text available
Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, $A$ and $B$, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with linear functions of one variable over $F_p$. The co...
Article
Full-text available
Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with \(2 \times 2\) matrices over \(\mathbb {F}_p\). Since t...
Conference Paper
Full-text available
We consider the problem of delegating computation of group operations from a computationally weaker client holding an input and a description of a function, to a single computationally stronger server holding a description of the same function. Solutions need to satisfy natural correctness, security, privacy and efficiency requirements. We obtain d...
Article
Full-text available
In this survey, we discuss an emerging concept of decoy-based information security, or security without computational assumptions. In particular, we show how this concept can be implemented to provide security against (passive) computationally unbounded adversary in some public-key encryption protocols. In the world of symmetric cryptography, decoy...
Article
Full-text available
Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, $A$ and $B$, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with $2 \times 2$ matrices over $F_p$. Since there are m...
Article
We propose a cryptosystem based on matrices over group rings and claim that it is secure against adaptive chosen ciphertext attack.
Article
Full-text available
We employ tropical algebras as platforms for several cryptographic schemes that would be vulnerable to linear algebra attacks were they based on "usual" algebras as platforms.
Article
Full-text available
We use various laws of classical physics to offer several solutions of Yao's millionaires' problem without using any one-way functions. We also describe several informationally secure public key encryption protocols, i.e., protocols secure against passive computationally unbounded adversary. This introduces a new paradigm of decoy-based cryptograph...
Conference Paper
Full-text available
We employ physical properties of the real world to design a protocol for secure information transmission where one of the parties is able to transmit secret information to another party over an insecure channel, without any prior secret arrangements between the parties. The distinctive feature of this protocol, compared to all known public-key cryp...
Conference Paper
Full-text available
In this paper, we describe a brand new key exchange protocol based on a semidirect product of (semi)groups (more specifically, on extension of a (semi)group by automorphisms), and then focus on practical instances of this general idea. Our protocol can be based on any group, in particular on any non-commutative group. One of its special cases is th...
Article
Full-text available
We offer a public key exchange protocol in the spirit of Diffie-Hellman, but we use (small) matrices over a group ring of a (small) symmetric group as the platform. This "nested structure" of the platform makes computation very efficient for legitimate parties. We discuss security of this scheme by addressing the Decision Diffie-Hellman (DDH) and C...
Article
Full-text available
We show that some problems in information security can be solved without using one-way functions. The latter are usually regarded as a central concept of cryptography, but the very existence of one-way functions depends on difficult conjectures in complexity theory, most notably on the notorious "$P \ne NP$" conjecture. In this paper, we suggest pr...
Article
Full-text available
We employ tropical algebras as platforms for several cryptographic schemes that would be vulnerable to linear algebra attacks were they based on "usual" algebras as platforms.
Article
Full-text available
We employ physical properties of the real world to design a protocol for secure information transmission where one of the parties is able to transmit secret information to another party over an insecure channel, without any prior secret arrangements between the parties. The distinctive feature of this protocol, compared to all known public-key cryp...
Article
Full-text available
We show that some problems in information security can be solved with-out using one-way functions. The latter are usually regarded as a central concept of cryptography, but the very existence of one-way functions depends on difficult con-jectures in complexity theory, most notably on the notorious "P = N P " conjecture. This is why cryptographic pr...
Article
Full-text available
A (t,n)-threshold secret sharing scheme is a method to distribute a secret among n participants in such a way that any t participants can recover the secret, but no t-1 participants can. In this paper, we propose two secret sharing schemes using non-abelian groups. One scheme is the special case where all the participants must get together to recov...
Article
Full-text available
We propose a class of authentication schemes that are literally zero- knowledge, as compared to what is formally deflned as \zero-knowledge" in crypto- graphic literature. The principal idea behind our schemes is: the verifler challenges the prover with a question that has only a small number of possible answers (say, just 2), and such that the ver...
Article
Full-text available
We propose a class of authentication schemes that are literally zero-knowledge, as compared to what is formally defined as "zero-knowledge" in crypto-graphic literature. We call this "no-leak" authentication to distinguish from an estab-lished "zero-knowledge" concept. The "no-leak" condition implies "zero-knowledge" (even "perfect zero-knowledge")...
Article
Full-text available
We show that some problems in cryptography can be solved without using one-way functions. The latter are usually regarded as a central concept of cryptography, but the very existence of one-way functions depends on difficult conjectures in complexity theory, most notably on the notorious “P ̸ = NP ” conjecture. This is why cryptographic primitives...
Conference Paper
Full-text available
We propose a generalization of the learning parity with noise (LPN) and learning with errors (LWE) problems to an abstract class of group-theoretic learning problems that we term learning homomorphisms with noise (LHN). This class of problems contains LPN and LWE as special cases, but is much more general. It allows, for example, instantiations bas...
Article
Full-text available
Sublinear time algorithms represent a new paradigm in computing, where an algorithm must give some sort of an answer after inspecting only a small portion of the input. The most typical situation where sublinear time algorithms are considered is property testing. There are several interesting contexts where one can test properties in sublinear time...
Article
Full-text available
Some time ago, Shpilrain and Yu reported an algorithm for deciding whether or not a polynomial p 2 K(x;y) is a coordinate, or, equivalently, whether or not a plane curve p(x;y) = 0 is isomorphic to a line. Here K is any constructible fleld of characteristic 0. In this paper, we show that their algorithm requires O(n2 log2 n) fleld operations, where...
Article
Full-text available
We propose a couple of general ways of constructing authentication schemes from actions of a semigroup on a set, without exploiting any specific algebraic properties of the set acted upon. Then we give several concrete realizations of this general idea, and in particular, we describe several authentication schemes with long-term private keys where...
Article
Full-text available
We propose an authentication scheme where forgery (a.k.a. impersonation) seems infeasible without finding the prover's long-term private key. The latter would follow from solving the conjugacy search problem in the platform (noncommutative) semigroup, i.e., to recovering X from X^{-1}AX and A. The platform semigroup that we suggest here is the semi...
Article
Full-text available
Decision problems are problems of the following nature: given a property P and an object O, find out whether or not the object O has the property P. On the other hand, witness problems are: given a property P and an object O with the property P, find a proof of the fact that O indeed has the property P. On the third hand(?!), search problems are of...