A Polynomial Time Algorithm for the Braid Diffie-Hellman Conjugacy Problem

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


We propose the first polynomial time algorithm for the braid Diffie-Hellman conjugacy problem (DHCP) on which the braid key exchange scheme and the braid encryption scheme are based [9]. We show the proposed method solves the DHCP for the image of braids under the Lawrence-Krammer representation and the solutions play the equivalent role of the original key for the DHCP of braids. Given a braid index n and a canonical length l, the complexity is about O(n 14.4 l 3.2) or O(n 4τ + 2ε l 2ε ) bit operations for τ = log2 7 ≈ 2.8 and ε> log2 3 ≈ 1.57.


Braid group Non-abelian group Conjugacy Problem 


  1. 1.
    Anshel, I., Anshel, M., Fisher, B., Goldfeld, D.: New Key Agreement Protocols in Braid Group Cryptography. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 13–27. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Anshel, I., Anshel, M., Goldfeld, D.: An Algebraic Method for Public-Key Cryptography. Math. Res. Lett. 6(3-4), 287–291 (1999)zbMATHMathSciNetGoogle Scholar
  3. 3.
    Birman, J., Ko, K., Lee, S.: A New Approach to the Word and Conjugacy Problem in the Braid Groups. Advances in Mathematics 139, 322–353 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Cha, J., Koh, K., Lee, S., Han, J., Cheon, J.: An Efficient Implementations of Braid Groups. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 144–156. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Gennaro, R., Micciancio, D.: Cryptanalysis of a Pseudorandom Generator Based on Braid Groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 1–13. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Hofheinz, D., Steinwandt, R.: A Practical Attack on Some Braid Group Based Cryptography Primitives. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 187–198. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Hardy, G.H., Wright, E.M.: An introduction to the Theory of Numbers. Oxford Univ. Press, Oxford (1978)Google Scholar
  8. 8.
    K. Koh et. al New Signature Scheme Using Conjugacy Problem (2002) (Preprint)Google Scholar
  9. 9.
    Ko, K., Lee, S., Cheon, J., Han, J., Kang, J., Park, C.: New Pulic-key Cryptosystem using Braid Groups. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 166–183. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Krammer, D.: The Braid group B4 is Linear. Inventiones Mathematics 142, 451–486 (2002)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Krammer, D.: Braid groups are Linear. Annals of Mathematics 155, 131–156 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Lee, S.: The Trapdoor Oneway Functions in Braid Groups. In: Workshop on Algbraic Methods in Cryptography, Slides are available in
  13. 13.
    Lee, S., Lee, E.: Potential Weaknesses of the Commutator Key Agreement Protocol Based on Braid Groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 14–28. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Lee, E., Park, J.: Cryptanalysis of the Public-key Encryption based on Braid Groups. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 477–490. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Lee, E., Lee, S.J., Hahn, S.G.: Pseudorandomness from Braid Groups. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 486–502. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Menezes, A., Oorschot, P., Vanston, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  17. 17.
    Strang, G.: Linear Algebra and its Applications. Harcourt, New York (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  1. 1.School of Mathematical SciencesSeoul National UniversityRepublic of Korea
  2. 2.Korea Institute for Advanced StudyRepublic of Korea

Personalised recommendations