Mean-Set Attack: Cryptanalysis of Sibert et al. Authentication Protocol

We analyze the Sibert et al. group-based (Feige-Fiat-Shamir type) authentication protocol and show that the protocol is not computationally zero-knowledge. In addition, we provide experimental evidence that our approach is practical and can succeed even for groups with no efficiently computable length function such as braid groups. The novelty of this work is that we are not attacking the protocol by trying to solve an underlying complex algebraic problem, namely, the conjugacy search problem, but use a probabilistic approach, instead.