A Practical Attack on a Braid Group Based Cryptographic Protocol

  • Alexei Myasnikov
  • Vladimir Shpilrain
  • Alexander Ushakov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3621)


In this paper we present a practical heuristic attack on the Ko, Lee et al. key exchange protocol introduced at Crypto 2000 [11]. Using this attack, we were able to break the protocol in about 150 minutes with over 95% success rate for typical parameters. One of the ideas behind our attack is using Dehornoy’s handle reduction method as a counter measure to diffusion provided by the Garside normal form, and as a tool for simplifying braid words. Another idea employed in our attack is solving the decomposition problem in a braid group rather than the conjugacy search problem.


  1. 1.
    Anshel, I., Anshel, M., Goldfeld, D.: An algebraic method for public-key cryptography. Math. Res. Lett. 6, 287–291 (1999)MATHMathSciNetGoogle Scholar
  2. 2.
    Birman, J.S.: Braids, links and mapping class groups. In: Ann. Math. Studies, vol. 82. Princeton Univ. Press, Princeton (1974)Google Scholar
  3. 3.
    Cheon, J.H., Jun, B.: A polynomial time algorithm for the braid diffie-hellman conjugacy problem. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 212–225. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Dehornoy, P.: A fast method for comparing braids. Adv. Math. 125, 200–235 (1997)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Dehornoy, P.: Braid-based cryptography. Contemp. Math., Amer. Math. Soc. 360, 5–33 (2004)MathSciNetGoogle Scholar
  6. 6.
    Epstein, D.B.A., Cannon, J.W., Holt, D.F., Levy, S.V.F., Paterson, M.S., Thurston, W.P.: Word processing in groups. Jones and Bartlett Publishers, Boston (1992)MATHGoogle Scholar
  7. 7.
    Garber, D., Kaplan, S., Teicher, M., Tsaban, B., Vishne, U.: Probabilistic solutions of equations in the braid group, preprint, http://arxiv.org/abs/math.GR/0404076
  8. 8.
    Hofheinz, D., Steinwandt, R.: A practical attack on some braid group based cryptographic primitives. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 187–198. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Hughes, J., Tannenbaum, A.: Length-based attacks for certain group based encryption rewriting systems. In: Workshop SECI 2002 Securitè de la Communication sur Intenet, Tunis, Tunisia (September 2002), http://www.storagetek.com/hughes/
  10. 10.
    Kapovich, I., Myasnikov, A., Schupp, P., Shpilrain, V.: Average-case complexity for the word and membership problems in group theory. Advances in Math. 190, 343–359 (2005)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Ko, K.H., Lee, S.J., Cheon, J.H., Han, J.W., Kang, J., Park, C.: New public-key cryptosystem using braid groups. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 166–183. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Paterson, M.S., Razborov, A.A.: The set of minimal braids is co-NP-complete. J. Algorithms 12, 393–408 (1991)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Shpilrain, V., Ushakov, A.: The conjugacy search problem in public key cryptography: unnecessary and insufficient. Applicable Algebra in Engineering, Communication and Computing, http://eprint.iacr.org/2004/321/ (to appear)
  14. 14.
    Shpilrain, V., Zapata, G.: Combinatorial group theory and public key cryptography. Applicable Algebra in Engineering, Communication and Computing, http://eprint.iacr.org/2004/242 (to appear)
  15. 15.
    Wang, J.: Average-case computational complexity theory. In: Complexity Theory Retrospective, II, pp. 295–334. Springer, New York (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Alexei Myasnikov
    • 1
  • Vladimir Shpilrain
    • 2
  • Alexander Ushakov
    • 3
  1. 1.Department of MathematicsMcGill UniversityMontreal
  2. 2.Department of MathematicsThe City College of New YorkNew YorkUSA
  3. 3.Department of MathematicsCUNY Graduate CenterNew YorkUSA

Personalised recommendations