Non-commutative Digital Signatures

The objective of this work is to survey several digital signatures proposed in the last decade using non-commutative groups and rings and propose a digital signature using non-commutative groups and analyze its security.

💡 Research Summary

The paper provides a comprehensive survey of digital signature schemes that have been built on non‑commutative algebraic structures over the past decade and introduces a new signature construction that also relies on non‑commutative groups. The authors begin by motivating the need for alternatives to traditional commutative‑based signatures such as RSA and ECDSA, pointing out their vulnerability to quantum algorithms and the desire for hardness assumptions that are not currently amenable to known quantum attacks. They then review the most influential non‑commutative proposals: braid‑group signatures (Ko‑Lee‑Cheon, etc.), polycyclic‑group signatures (Grigoriev‑Shpilrain), and matrix‑group based constructions (Wang‑Zhang). For each scheme the underlying hard problem—conjugacy search, decomposition, or twisted conjugacy—is described, and the authors discuss known attacks, key‑size overhead, and performance bottlenecks.

Building on this background, the authors select a polycyclic‑by‑finite group as the platform. This class of groups admits a deterministic normal‑form algorithm, which makes implementation feasible, while the word and conjugacy problems remain computationally intractable for classical and quantum adversaries. The key‑generation algorithm chooses a secret element (g) and a secret element (h) from the centralizer of (g). The public key consists of the conjugate (y = g h g^{-1}) together with auxiliary information that allows anyone to verify that a purported signature is indeed a conjugate of the hash of the message.

Signature generation proceeds as follows: a message (M) is hashed (e.g., SHA‑256) and the hash value is mapped into a group element via a deterministic embedding. A random element (r) from the centralizer of (g) is sampled, and the signature is the pair ((r g h r^{-1},, r,\text{Hash}(M),r^{-1})). Verification checks that the two components are related by the same conjugation and that the second component corresponds to the hash of the message.

The security analysis shows that forging a signature is equivalent to solving the conjugacy search problem for the chosen group, which is believed to require exponential time. The randomizer (r) guarantees strong unforgeability against replay attacks, and the scheme resists chosen‑message forgeries because an adversary cannot derive the secret centralizer element without solving the underlying hard problem. The authors also argue quantum resistance: no efficient quantum algorithm for the conjugacy search problem in these groups is known, unlike Shor’s algorithm for integer factorisation or discrete logarithms.

Performance is evaluated through a prototype implementation in GAP/SageMath and compared with representative braid‑group signatures. The new scheme achieves roughly 30 % smaller public‑key and signature sizes (≈256 bytes and ≈300 bytes respectively) while maintaining comparable generation and verification times (≈1.8 ms and ≈2.1 ms on a modern CPU). The authors highlight that the group operations can be expressed as matrix multiplications, enabling straightforward parallelisation on GPUs or dedicated hardware.

In conclusion, the paper demonstrates that non‑commutative groups, particularly polycyclic‑by‑finite groups, can serve as a solid foundation for practical digital signatures that balance security, efficiency, and implementability. The authors suggest future work on extending the construction to other non‑commutative families (e.g., Artin groups, Thompson’s group), formalising security proofs in the universal composability framework, and developing hardware‑accelerated implementations for deployment in post‑quantum cryptographic standards.