Random Subgroups of Braid Groups: An Approach to Cryptanalysis of a Braid Group Based Cryptographic Protocol

  • Alexei Myasnikov
  • Vladimir Shpilrain
  • Alexander Ushakov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)


Motivated by cryptographic applications, we study subgroups of braid groups Bn generated by a small number of random elements of relatively small lengths compared to n. Our experiments show that “most” of these subgroups are equal to the whole Bn, and “almost all” of these subgroups are generated by positive braid words. We discuss the impact of these experimental results on the security of the Anshel-Anshel-Goldfeld key exchange protocol [2] with originally suggested parameters as well as with recently updated ones.


  1. 1.
    Anshel, I., Anshel, M., Fisher, B., Goldfeld, D.: New Key Agreement Protocols in Braid Group Cryptography. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 13–27. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Anshel, I., Anshel, M., Goldfeld, D.: An algebraic method for public-key cryptography. Math. Res. Lett. 6, 287–291 (1999)MATHMathSciNetGoogle Scholar
  3. 3.
    Birman, J.S.: Braids, links and mapping class groups. Ann. Math. Studies 82 (1974)Google Scholar
  4. 4.
    Dehornoy, P.: A fast method for comparing braids. Adv. Math. 125, 200–235 (1997)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Epstein, D.B.A., Cannon, J.W., Holt, D.F., Levy, S.V.F., Paterson, M.S., Thurston, W.P.: Word processing in groups. Jones and Bartlett Publishers, Boston (1992)MATHGoogle Scholar
  6. 6.
    Garber, D., Kaplan, S., Teicher, M., Tsaban, B., Vishne, U.: Probabilistic solutions of equations in the braid group, preprint., http://arxiv.org/abs/math.GR/0404076
  7. 7.
    Gonzalez-Meneses, J.: Improving an algorithm to solve Multiple Simultaneous Conjugacy Problems in braid groups. Contemp. Math., Amer. Math. Soc. 372, 35–42 (2005)MathSciNetGoogle Scholar
  8. 8.
    Gonzalez-Meneses, J., Wiest, B.: On the structure of the centraliser of a braid. Ann. Sci. École Norm. Sup. 37(5), 729–757 (2004)MATHMathSciNetGoogle Scholar
  9. 9.
    Hofheinz, D., Steinwandt, R.: A practical attack on some braid group based cryptographic primitives. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 187–198. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Hughes, J., Tannenbaum, A.: Length-based attacks for certain group based encryption rewriting systems. In: Workshop SECI 2002 Securité de la Communication sur Intenet, Tunis, Tunisia (September 2002), http://www.network.com/~hughes/
  11. 11.
    Ko, K.H., Lee, S.J., Cheon, J.H., Han, J.W., Kang, J., Park, C.: New public-key cryptosystem using braid groups. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 166–183. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Lee, S.J., Lee, E.: Potential Weaknesses of the Commutator Key Agreement Protocol Based on Braid Groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 14–28. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Myasnikov, A., Shpilrain, V., Ushakov, A.: A practical attack on some braid group based cryptographic protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 86–96. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Paterson, M., Razborov, A.: The set of minimal braids is co-NP-complete. J. Algorithms 12, 393–408 (1991)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Shpilrain, V., Ushakov, A.: The conjugacy search problem in public key cryptography: unnecessary and insufficient. Applicable Algebra in Engineering, Communication and Computing (to appear), http://eprint.iacr.org/2004/321/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Alexei Myasnikov
    • 1
  • Vladimir Shpilrain
    • 2
  • Alexander Ushakov
    • 3
  1. 1.Department of MathematicsMcGill UniversityQuebec
  2. 2.Department of MathematicsThe City College of New YorkNew York
  3. 3.Department of MathematicsStevens Institute of TechnologyHoboken

Personalised recommendations