Length-based conjugacy search in the Braid group

TL;DR

This paper introduces improved length functions and realizations for the length-based conjugacy search in braid groups, showing that the method requires substantial computational power to succeed in existing protocol parameters.

Contribution

It presents new length functions and realizations that enhance the length-based approach for conjugacy search in braid groups, with experimental validation.

Findings

New length function on B_N with better properties

Experimental results indicate high computational difficulty for success

Length-based method unlikely to break protocols with current parameters

Abstract

Several key agreement protocols are based on the following "Generalized Conjugacy Search Problem": Find, given elements b_1,...,b_n and xb_1x^{-1},...,xb_nx^{-1} in a nonabelian group G, the conjugator x. In the case of subgroups of the braid group B_N, Hughes and Tannenbaum suggested a length-based approach to finding x. Since the introduction of this approach, its effectiveness and successfulness were debated. We introduce several effective realizations of this approach. In particular, a new length function is defined on B_N which possesses significantly better properties than the natural length associated to the Garside normal form. We give experimental results concerning the success probability of this approach, which suggest that very large computational power is required for this method to successfully solve the Generalized Conjugacy Search Problem when its parameters are as in existing protocols.