Random Subgroups of Braid Groups: An Approach to Cryptanalysis of a Braid Group Based Cryptographic Protocol
Motivated by cryptographic applications, we study subgroups of braid groups Bn generated by a small number of random elements of relatively small lengths compared to n. Our experiments show that “most” of these subgroups are equal to the whole Bn, and “almost all” of these subgroups are generated by positive braid words. We discuss the impact of these experimental results on the security of the Anshel-Anshel-Goldfeld key exchange protocol  with originally suggested parameters as well as with recently updated ones.
- 3.Birman, J.S.: Braids, links and mapping class groups. Ann. Math. Studies 82 (1974)Google Scholar
- 6.Garber, D., Kaplan, S., Teicher, M., Tsaban, B., Vishne, U.: Probabilistic solutions of equations in the braid group, preprint., http://arxiv.org/abs/math.GR/0404076
- 10.Hughes, J., Tannenbaum, A.: Length-based attacks for certain group based encryption rewriting systems. In: Workshop SECI 2002 Securité de la Communication sur Intenet, Tunis, Tunisia (September 2002), http://www.network.com/~hughes/
- 13.Myasnikov, A., Shpilrain, V., Ushakov, A.: A practical attack on some braid group based cryptographic protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 86–96. Springer, Heidelberg (2005)Google Scholar
- 15.Shpilrain, V., Ushakov, A.: The conjugacy search problem in public key cryptography: unnecessary and insufficient. Applicable Algebra in Engineering, Communication and Computing (to appear), http://eprint.iacr.org/2004/321/