A Practical Attack on a Braid Group Based Cryptographic Protocol
In this paper we present a practical heuristic attack on the Ko, Lee et al. key exchange protocol introduced at Crypto 2000 . Using this attack, we were able to break the protocol in about 150 minutes with over 95% success rate for typical parameters. One of the ideas behind our attack is using Dehornoy’s handle reduction method as a counter measure to diffusion provided by the Garside normal form, and as a tool for simplifying braid words. Another idea employed in our attack is solving the decomposition problem in a braid group rather than the conjugacy search problem.
- 2.Birman, J.S.: Braids, links and mapping class groups. In: Ann. Math. Studies, vol. 82. Princeton Univ. Press, Princeton (1974)Google Scholar
- 7.Garber, D., Kaplan, S., Teicher, M., Tsaban, B., Vishne, U.: Probabilistic solutions of equations in the braid group, preprint, http://arxiv.org/abs/math.GR/0404076
- 9.Hughes, J., Tannenbaum, A.: Length-based attacks for certain group based encryption rewriting systems. In: Workshop SECI 2002 Securitè de la Communication sur Intenet, Tunis, Tunisia (September 2002), http://www.storagetek.com/hughes/
- 13.Shpilrain, V., Ushakov, A.: The conjugacy search problem in public key cryptography: unnecessary and insufficient. Applicable Algebra in Engineering, Communication and Computing, http://eprint.iacr.org/2004/321/ (to appear)
- 14.Shpilrain, V., Zapata, G.: Combinatorial group theory and public key cryptography. Applicable Algebra in Engineering, Communication and Computing, http://eprint.iacr.org/2004/242 (to appear)
- 15.Wang, J.: Average-case computational complexity theory. In: Complexity Theory Retrospective, II, pp. 295–334. Springer, New York (1997)Google Scholar