Cryptanalysis via Algebraic Spans

  • Adi Ben-Zvi
  • Arkadius Kalka
  • Boaz TsabanEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10991)


We introduce a method for obtaining provable polynomial time solutions of problems in nonabelian algebraic cryptography. This method is widely applicable, easier to apply, and more efficient than earlier methods. After demonstrating its applicability to the major classic nonabelian protocols, we use this method to cryptanalyze the Triple Decomposition key exchange protocol, the only classic group theory based key exchange protocol that could not be cryptanalyzed by earlier methods.



We thank Avraham (Rami) Eizenbud and Craig Gentry for intriguing discussions. A part of this work was carried out while the third named author was on Sabbatical at the Weizmann Institute of Science. This author thanks his hosts for their kind hospitality. The research of the first and third named authors was partially supported by the European Research Council under the ERC starting grant n. 757731 (LightCrypt), and by the BIU Center for Research in Applied Cryptography and Cyber Security, in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office.


  1. 1.
    Andrecut, M.: A matrix public key cryptosystem, arXiv eprint 1506.00277 (2015)Google Scholar
  2. 2.
    Anshel, I., Anshel, M., Goldfeld, D.: An algebraic method for public-key cryptography. Math. Res. Lett. 6, 287–291 (1999)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Ben-Zvi, A., Blackburn, S.R., Tsaban, B.: A practical cryptanalysis of the algebraic eraser. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 179–189. Springer, Heidelberg (2016). Scholar
  4. 4.
    Bigelow, S.: Braid groups are linear. J. Am. Math. Soc. 14, 471–486 (2001)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Mullan, C.: Cryptanalysing variants of Stickel’s key agreement scheme. J. Math. Cryptol. 4, 365–373 (2011)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24, 235–265 (1997)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Cha, J.C., Ko, K.H., Lee, S.J., Han, J.W., Cheon, J.H.: An efficient implementation of braid groups. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 144–156. Springer, Heidelberg (2001). Scholar
  8. 8.
    Cheon, J.H., Jun, B.: A polynomial time algorithm for the braid Diffie-Hellman conjugacy problem. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 212–225. Springer, Heidelberg (2003). Scholar
  9. 9.
    Gilman, R., Myasnikov, A., Myasnikov, A., Ushakov, A.: New developments in commutator key exchange. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography, Beijing, pp. 146–150 (2008).
  10. 10.
    González-Vasco, M., Steinwandt, R.: Group Theoretic Cryptography. Cryptography and Network Security Series. Chapman and Hall/CRC Press, Boca Raton (2015)CrossRefGoogle Scholar
  11. 11.
    Holt, D.: Answer to MathOverflow question.
  12. 12.
    Ko, K.H., Lee, S.J., Cheon, J.H., Han, J.W., Kang, J., Park, C.: New public-key cryptosystem using braid groups. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 166–183. Springer, Heidelberg (2000). Scholar
  13. 13.
    Krammer, D.: Braid groups are linear. Ann. Math. 155, 131–156 (2002)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Kurt, Y.: A new key exchange primitive based on the triple decomposition problem, IACR eprint 2006/378Google Scholar
  15. 15.
    Peker, Y.K.: A new key agreement scheme based on the triple decomposition problem. Int. J. Netw. Secur. 16, 340–350 (2014)Google Scholar
  16. 16.
    Myasnikov, A., Shpilrain, V., Ushakov, A.: Group-Based Cryptography. Birkhäuser, Basel (2008). Scholar
  17. 17.
    Myasnikov, A., Shpilrain, V., Ushakov, A.: Non-commutative Cryptography and Complexity of Group-Theoretic Problems, vol. 177. American Mathematical Society Surveys and Monographs, Providence (2011)zbMATHGoogle Scholar
  18. 18.
    Myasnikov, A., Roman’kov, V.: A linear decomposition attack. Groups Complex. Cryptol. 7, 81–94 (2015)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Roman’kov, V.: Algebraic Cryptography. Omsk State Dostoevsky University, Omsk (2013). (In Russian)Google Scholar
  20. 20.
    Roman’kov, V.: Cryptanalysis of some schemes applying automorphisms. Prikladnaya Discretnaya Matematika 3, 35–51 (2013). (In Russian)Google Scholar
  21. 21.
    Roman’kov, V.: A nonlinear decomposition attack. Groups Complex. Cryptol. 8, 197–207 (2016)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Roman’kov, V., Obzor, A.: A general encryption scheme using multiplications with cryptanalysis. Prikladnaya Discretnaya Matematika 37, 52–61 (2017). (In Russian)CrossRefGoogle Scholar
  23. 23.
    Shpilrain, V.: Cryptanalysis of Stickel’s key exchange scheme. In: Hirsch, E.A., Razborov, A.A., Semenov, A., Slissenko, A. (eds.) CSR 2008. LNCS, vol. 5010, pp. 283–288. Springer, Heidelberg (2008). Scholar
  24. 24.
    Shpilrain, V., Ushakov, A.: Thompson’s group and public key cryptography. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 151–163. Springer, Heidelberg (2005). Scholar
  25. 25.
    Shpilrain, V., Ushakov, A.: A new key exchange protocol based on the decomposition problem. In: Gerritzen, L., Goldfeld, D., Kreuzer, M., Rosenberger, G., Shpilrain, V. (eds.) Algebraic Methods in Cryptography. Contemporary Mathematics, vol. 418, pp. 161–167 (2006)Google Scholar
  26. 26.
    Stickel, E.: A new method for exchanging secret keys. In: Proceedings of the Third International Conference on Information Technology and Applications (ICITA 2005), pp. 426–430 (2005)Google Scholar
  27. 27.
    Tsaban, B.: The Conjugacy Problem: cryptoanalytic approaches to a problem of Dehn. minicourse, Düsseldorf University, Germany, July–August 2012.
  28. 28.
    Tsaban, B.: Polynomial-time solutions of computational problems in noncommutative-algebraic cryptography. J. Cryptol. 28, 601–622 (2015)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Department of MathematicsBar-Ilan UniversityRamat GanIsrael

Personalised recommendations