The conjugacy search problem in public key cryptography: unnecessary and insufficient

TL;DR

This paper critically examines the conjugacy search problem in group-based cryptography, showing it is both unnecessary and insufficient for breaking certain public key protocols, thus questioning its assumed security role.

Contribution

It reveals that solving the conjugacy search problem is neither necessary nor sufficient to compromise specific cryptographic protocols, challenging prior security assumptions.

Findings

Conjugacy search problem is not necessary to break Ko-Lee protocol.

Solving conjugacy search problem is not sufficient to break Anshel-Anshel-Goldfeld protocol.

Identifies simpler problems that can compromise protocols without solving conjugacy search.

Abstract

The conjugacy search problem in a group G is the problem of recovering an x in G from given g in G and h=x^{-1}gx. This problem is in the core of several recently suggested public key exchange protocols, most notably the one due to Anshel, Anshel, and Goldfeld, and the one due to Ko, Lee at al. In this note, we make two observations that seem to have eluded most people's attention. The first observation is that solving the conjugacy search problem is not necessary for an adversary to get the common secret key in the Ko-Lee protocol. It is sufficient to solve an apparently easier problem of finding x, y in G such that h=ygx for given g, h in G. Another observation is that solving the conjugacy search problem is not sufficient for an adversary to get the common secret key in the Anshel-Anshel-Goldfeld protocol.