We give a witness-finding cryptanalysis of Stickel-type key exchange schemes, which involve two-sided multiplication of $n \times n$ matrices over $\mathbb{F}_p$, where these matrices are drawn from public subspaces with a particular commuting structure. This analysis covers Stickel's original proposal , Shpilrain's polynomial extension of that scheme, Nager's algebraic extension of that scheme, and more generally all Stickel-type approaches using public subspaces over matrix algebra in finite fields: all such schemes can be broken in polynomial time. We also describe a new key establishment scheme using two-sided matrix multiplication in which the commuting subspaces used to form the key are hidden via conjugation by private terms, blocking this specific public-subspace analysis; the witness-finding problem in this new scheme has a direct reduction from a standard NP-hard problem (Edmonds' problem).

翻译：我们给出了一种针对Stickel型密钥交换方案的发现证据的密码分析，该方案涉及在$\mathbb{F}_p$上对$n \times n$矩阵进行双边乘法，其中这些矩阵取自具有特定交换结构的公共子空间。此分析覆盖了Stickel最初的提议、Shpilrain对该方案的多项式扩展、Nager对该方案的代数扩展，以及更一般地，所有使用有限域上矩阵代数中公共子空间的Stickel型方法：此类方案均可通过多项式时间攻破。我们还描述了一种新的密钥建立方案，该方案使用双边矩阵乘法，其中用于形成密钥的交换子空间通过私有项的共轭隐藏，从而阻断了这种特定的公共子空间分析；此新方案中的发现证据问题可直接归约到标准NP难问题（Edmonds问题）。