Public Key Cryptography - PKC 2006

Volume 3958 of the series Lecture Notes in Computer Science pp 302-314

Random Subgroups of Braid Groups: An Approach to Cryptanalysis of a Braid Group Based Cryptographic Protocol

  • Alexei MyasnikovAffiliated withDepartment of Mathematics, McGill University
  • , Vladimir ShpilrainAffiliated withDepartment of Mathematics, The City College of New York
  • , Alexander UshakovAffiliated withDepartment of Mathematics, Stevens Institute of Technology


Motivated by cryptographic applications, we study subgroups of braid groups B n generated by a small number of random elements of relatively small lengths compared to n. Our experiments show that “most” of these subgroups are equal to the whole B n , and “almost all” of these subgroups are generated by positive braid words. We discuss the impact of these experimental results on the security of the Anshel-Anshel-Goldfeld key exchange protocol [2] with originally suggested parameters as well as with recently updated ones.