A game on groups and information security. Liljana Babinkostova and Marion Scheepers * Abstract We introduce a game on finite groups. This game encapsulates an adaptive chosen ciphertext attack against some cryptosystems, including El-Gamal style cryptosystems over any finite group and RSA style cryp- tosystems over any finite Abelian group. We give an initial analysis of the game and introduce two problems from computational group theory: the Coset Enumeration Problem (CEP) and the Isomorphism Class Problem (ICP). We give some simple comlexity lowerbounds for CEP and ICP. 1 Several commercial public key crypto-systems have a natural description in terms of groups. Considering crypto-systems in such generality helps to better distinguish which aspects of specific groups make them better suited to achieve a high level of security while maintaining acceptable computational efficiency and a consumer-friendly protocol. Successful business practices necessitate that security requirements be bal- anced against customer satisfaction. For example: Account holders at a bank can access their accounts remotely using a computer to perform a variety of banking functions online - like checking on account balances or transferring money from a savings account to a checking account. Some banks permit only a limited number of successive failed login attempts before the online access to the account is disabled. Some clients may not like this because it makes them vulnerable to a simple denial of service attack: An attacker who correctly guesses the login name of an account holder can disable the online access to the account by intentionally making a number of failed login attempts. The in- convenience that could be caused in this way may convince the account holder to choose another bank where this denial of service attack is not possible. A second feature which clients may want in their online banking service is that when a failed login attempt occurs, the server responds with some user friendly message indicating the reason for the failure. It might be that the submitted username does not match any username in the bank’s records, or the username matches, but the password not. And though this is not common, one may write the software to respond with more detailed messages when there is a password failure - such as that passwords are required to be only six characters long, or are * Supported by NSF grant DMS 99 - 71282 1 Key words: adaptive chosen ciphertext attack, coset, coset enumeration problem, El- Gamal, game, group, isomorphism class problem, public key cryptography, RSA, winning strategy 1