3

I've only just started research on cryptography so I apologize if this is a basic question or I'm getting terms confused.

I'm researching braid group cryptography and currently looking at the Anshel-Anshel-Goldfeld key exchange protocol applied to braid groups via the colored Burau representation. Both parties have a shared secret commutator, an element in the braid group $B_n$, and then calculate it's colored Burau representation which is a pair (M, $\pi$) where $\pi$ is a permutation and M is a matrix with entries in $\mathbb{Z}[t_1,t_1^{-1},...,t_n,t_n^{-1}]$. We then apparently reduce M modulo some prime $p$, and "plug in the result to a key hash function". I have a few questions about this last statement:

  1. What is the point in reducing the matrix M?

  2. Is using a hash function the standard way to convert an abstract group element into a usable key? If so, is there as standard hash function for each particular type of group?

  3. Is the hash function a 'key derivation function' or a 'key extractor'?

Patriot
  • 3,162
  • 3
  • 20
  • 66
MattBurrows
  • 153
  • 3

1 Answers1

2
  1. I don't know the protocol, so I'm not sure.
  2. It is a standard way of converting group elements (e.g. the shared value $g^{ab}$ you get after Diffie-Hellman) to keys. You don't need to worry about the specifics of the group when choosing a hash function, just use a cryptographic hash like SHA256.
  3. It's hard to know what the difference between those two is without more context. You are certainly using the hash function to derive a key, but not all hash functions are also key derivation functions. Usually you talk about 'extractors' in the context of extracting entropy from a value, so in a sense the hash function is also an 'extractor' in that the hash is (probably) shorter than the value being hashed but contains (roughly) the same amount of entropy.
pg1989
  • 4,736
  • 25
  • 43