# Learn more about SecureRF’s quantum-resistant cryptography methods.

Marketing materials and press releases can be found in the News section.

### SecureRF’s White Papers

**WalnutDSA: A Quantum-Resistant Digital Signature Algorithm**

Iris Anshel, Derek Atkins, Dorian Goldfeld, and Paul E. Gunnells (September 2017)

Abstract: This paper introduces WalnutDSA, a new E-Multiplication-based public-key method which provides efficient verification, allowing low-power and constrained devices to quickly and inexpensively validate digital signatures (e.g., a certificate or authentication). It presents an in-depth discussion of the construction of the digital signature algorithm, analyzes the security of the scheme, provides a proof of security under EUF-CMA, and discusses the practical results from implementations on several constrained devices.

View PDF

**An Introduction to Cryptographic Security Methods and Their Role in Securing Low Resource Computing Devices**

An Overview of Public-key Cryptosystems based on RSA, Diffie-Hellman and Group Theoretic Cryptography – The Next Generation of Public Key Cryptographic Security for Low-resource Computing Devices (Updated March 2017)

View PDF

**An Introduction to the Mathematics of Braids**

Braids are abstract mathematical objects. The connection between the braid group, which is infinite, and the collections of permutations, which is finite, facilitates the development of cryptographic applications of the braid group including the Algebraic Eraser.

Iris Anshel (Summer 2015)

View PDF

**Colored Burau Matrices, E-multiplication, and the Algebraic Eraser Key Agreement Protocol**

An introduction to the Algebraic Eraser

Iris Anshel (Summer 2015)

View PDF

**Security in Low Resource Environments**

A business paper that focuses on the difficulty current public key protocols have in addressing security issues in low resource environments. (January 2006)

View PDF

### Technical Papers by SecureRF and Others

**Key Agreement, The Algebraic Eraser, and Lightweight Cryptography**

Iris Anshel, Michael Anshel, Dorian Goldfeld and Stephane Lemieux

View PDF

A version of this paper was published in December 2006 by The American Mathematical Society in their Contemporary Mathematics series journal called Algebraic Methods in Cryptography.

**Cryptanalysis of Anshel-Anshel-Goldfeld-Lemieux key agreement protocol**

Alex D. Myasnikov, Alexander Ushakov

(Submitted on 30 Jan 2008)

http://arxiv.org/abs/0801.4786

**Short expressions of permutations as products and cryptanalysis of the Algebraic Eraser**

Arkadius Kalka, Mina Teicher, Boaz Tsaban

(Submitted on 3 Apr 2008, last revised 6 Mar 2012)

http://arxiv.org/abs/0804.0629

Also published in Advances in Applied Mathematics, Volume 49, Issue 1, July 2012, Pages 57-76

**On the cryptanalysis of the generalized simultaneous conjugacy search problem and the security of the Algebraic Eraser**

Paul E. Gunnells

(Submitted on 5 May 2011)

http://arxiv.org/abs/1105.1141

**Defeating the Kalka–Teicher–Tsaban linear algebra attack on the Algebraic Eraser**

Dorian Goldfeld, Paul E. Gunnells

(Submitted on 3 Feb 2012)

http://arxiv.org/abs/1202.0598

**Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser**

Iris Anshel, Derek Atkins, Dorian Goldfeld, Paul E. Gunnells

(Submitted on 18 Jan, 2016)

PDF or http://arxiv.org/abs/1601.04780.

SecureRF also responded to the claims of this Algebraic Eraser analysis in our blog.

**A class of hash functions based on the algebraic eraser**

Iris Anshel, Derek Atkins, Dorian Goldfeld, Paul E. Gunnells

*Groups Complexity Cryptology*, Volume 8, Issue 1 (May 2016)

Managing Editor: Shpilrain, Vladimir / Weil, Pascal

View this peer-reviewed article.

**Post Quantum Group Theoretic Cryptography**

Iris Anshel, Derek Atkins, Dorian Goldfeld and Paul E. Gunnells (November 2016)

Abstract: Thanks to Shor’s quantum factoring algorithm, the most prevalent asymmetric cryptographic systems (RSA, ECC) are now known to be vulnerable to attack by sufficiently powerful quantum computers. In this paper we discuss three Group Theoretic cryptographic protocols known as WalnutDSA (a digital signature algorithm), Hickory (a cryptographic hash function), and IronwoodKAP (a key agreement protocol), in the context of post-quantum cryptography. Unlike the classical public key protocols, the algebra underlying Walnut, Hickory, and Ironwood is non-abelian. We present evidence that these protocols are not susceptible to the quantum attacks known to be effective on RSA and ECC, and conclude that Group Theoretic Cryptography is a viable candidate for post-quantum cryptography.

View PDF

**Hickory Hash: Implementing an Instance of an Algebraic Eraser Hash Function on an MSP430 Microcontroller**

Iris Anshel, Derek Atkins, Dorian Goldfeld, and Paul E. Gunnells (November 2016)

Abstract: Recently a novel family of braid based cryptographic hash function candidates was published, claiming to be suitable for use in low resource environments. It was shown that the new hash function family performed extremely well on a range of cryptographic test suites. In this paper we instantiate an instance of the hash family, called Hickory Hash, fix a set of parameters, implement it on a Texas Instruments MSP430 16-bit microcontroller, and compare its performance characteristics to SHA2. We show that the Hickory Hash can be a viable tool for low-power, constrained devices like those associated with the Internet of Things.

View PDF

**Ironwood Meta Key Agreement and Authentication Protocol**

Iris Anshel, Derek Atkins, Dorian Goldfeld, and Paul E. Gunnells (July 2017)

Abstract: Number theoretic public-key solutions are subject to various quantum attacks making them less attractive for longer-term use. Certain group theoretic constructs show promise in providing quantum-resistant cryptographic primitives. We introduce a new protocol called a Meta Key Agreement and Authentication Protocol (MKAAP) that has some characteristics of a public-key solution and some of a shared-key solution. Then we describe the Ironwood MKAAP, analyze its security, and show how it resists quantum attacks. We also show Ironwood implemented on several IoT devices, measure its performance, and show how it performs better than existing key agreement schemes.

View PDF

### SecureRF’s Technical Presentations

**5th RISC-V Workshop** – November 29-30, 2016 at Google

Learn how to address the challenges of adding public-key security to small processors in this presentation “The Challenges of Securing and Authenticating Embedded Devices and a Suggested Approach for RISC-V.”

Derek Atkins, CTO

Request the presentation.

**NIST Lightweight Cryptography Workshop 2016** – October 18, 2016

Walnut Digital Signature Algorithm: A lightweight, quantum-resistant signature scheme for use in passive, low-power, and IoT devices

Derek Atkins, CTO

Request the presentation.

**CRYPTO 2015, the 35th International Cryptology Conference** – August 18, 2015

A Lightweight, Highly Performant Public Key Exchange

Derek Atkins at Crypto 2015 Rump session

http://crypto.2015.rump.cr.yp.to/5e6032d34ef6f253d4053a820412373e.pdf.

**NIST Lightweight Cryptography Workshop 2015** – July 20-21, 2015

Derek Atkins, Paul E. Gunnells

Algebraic Eraser: A lightweight, efficient asymmetric key agreement protocol for use in no-power, low-power, and IoT devices

http://csrc.nist.gov/groups/ST/lwc-workshop2015/presentations/session8-atkins-gunnell.pdf

**IETF-92 CFRG: The Internet Engineering Task Force Crypto Forum Research Group** – March 25, 2015

Derek Atkins

The Algebraic Eraser: a linear asymmetric protocol for low-resource environments

https://www.ietf.org/proceedings/92/slides/slides-92-cfrg-2.pdf

**Presentation to Center for Communications Research (CCR)** – November 7, 2014.

Dr. Dorian Goldfeld, a co-founder of SecureRF and professor of mathematics at Columbia University, gave a talk to CCR, a division of The Institute for Defense Analyses (IDA), a not-for-profit corporation that operates three Federally Funded Research and Development Centers in the public interest. IDA’s Center for Communications and Computing and its CCR division perform applied mathematical and computational research in cryptology and related disciplines in support of the National Security Agency’s mission in cryptology.

The talk, titled The Artin Feistel-Symmetric Cipher, presented the joint work of Dr. Dorian Goldfeld and Dr. Iris Anshel which introduces a new cipher. This cipher combines the well-known Feistel cipher with the concept of Braid Groups, a geometric braid that was introduced by E. Artin.

The classical Feistel cipher/network lies at the heart of many important block ciphers, notably the Data Encryption Standard, and has been studied extensively for some time. The Feistel structure involves multiple rounds of processing of the plaintext, consisting of a substitution step followed by a permutation step. Internal to the classical Fiestel cipher, Lucifer, sits a braid on two strands. When viewed from this perspective, it is natural to introduce the Artin-Fiestel cipher, which is based on a positive N-stranded braid. The positive braids which yield secure ciphers satisfy a displacement property which can be analyzed via a braid signature, which is introduced. The size of the key space is demonstrated to be very large even in preliminary cases.

The introduced cipher requires a rapidly computable one-way function at every braid crossing. The Algebraic Eraser serves as a natural candidate and was described in detail. The Algebraic Eraser Key Agreement protocol was reviewed in the course of this discussion.

### Patents

**Communication system **

United States Patent 9,071,408

Anshel, et al.

June 30, 2015

Abstract: A system effective to communicate a message between two devices. A first device may include a plaintext to monoid element module effective to receive a plaintext message and apply a first function to the plaintext message to produce a first monoid element. A monoid element evaluator module may be effective to receive and insert submonoid generators into a monoid expression to produce a second monoid element in response. An encryption device module may be effective to apply a second function to the first monoid element, the second monoid element, the monoid expression, and a third monoid element to produce an encrypted plaintext message. Decryption may be performed on the encrypted plaintext message knowing the private key which includes the first function, the second function, the third monoid element and the submonoid generators list.

Inventors: Anshel; Iris (Tenafly, NJ), Goldfeld; Dorian (Tenafly, NJ)

**Method and apparatus for establishing a key agreement protocol **

United States Patent 9,071,427

Anshel, et al.

June 30, 2015

Abstract: A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user’s private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user’s private key may be iteratively multiplied by the other user’s public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key.

Inventors: Anshel; Iris (Tenafly, NJ), Anshel; Michael (New York, NY), Goldfeld; Dorian (Tenafly, NJ)

**Cryptographic hash function **

United States Patent 8,972,715

Anshel, et al.

March 3, 2015

Abstract: A first module divides a string into blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements. A third module applies a first function to an initial monoid element and a first of the second monoid elements producing a first calculated monoid element and evaluates an action of the initial monoid element on the first function producing a second function. A fourth module applies the second function to the first calculated monoid element and to a second of the second monoid elements producing a second calculated monoid element and evaluates the action of the first calculated monoid element on the first function producing a third function. Further modules iteratively, corresponding to the number of blocks, apply the produced function to calculated monoid elements and the second monoid elements to produce a hash of the string

Inventors: Anshel; Iris (Tenafly, NJ), Goldfeld; Dorian (Tenafly, NJ)

**Method and apparatus for establishing a key agreement protocol **

United States Patent 7,649,999

Anshel, et al.

January 19, 2010

Abstract: A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user’s private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user’s private key may be iteratively multiplied by the other user’s public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key.

Inventors: Anshel; Iris (Tenafly, NJ), Anshel; Michael (New York, NY), Goldfeld; Dorian (Tenafly, NJ)