Solving Random Equations in Garside Groups Using Length Functions

  • Martin Hock
  • Boaz Tsaban
Part of the Trends in Mathematics book series (TM)


We give a systematic exposition of memory-length algorithms for solving equations in noncommutative groups. This exposition clarifies some points untouched in earlier expositions. We then focus on the main ingredient in these attacks: Length functions.

After a self-contained introduction to Garside groups, we describe length functions induced by the greedy normal form and by the rational normal form in these groups, and compare their worst-case performances.

Our main concern is Artin’s braid groups, with their two known Garside presentations, due to Artin and due to Birman-Ko-Lee (BKL). We show that in B 3 equipped with the BKL presentation, the (efficiently computable) rational normal form of each element is a geodesic, i.e., is a representative of minimal length for that element. (For Artin’s presentation of B 3, Berger supplied in 1994 a method to obtain geodesic representatives in B 3.)

For arbitrary B N , finding the geodesic length of an element is NP-hard, by a 1991 result of by Paterson and Razborov. We show that a good estimation of the geodesic length of an element of B N in Artin’s presentation is measuring the length of its rational form in the BKL presentation. This is proved theoretically for the worst case, and experimental evidence is provided for the generic case.

Mathematics Subject Classification (2000)

05E15 94A60 


Random equations Garside groups length functions braid group Artin presentation Birman-Ko-Lee presentation minimal length geodesics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    I. Anshel, M. Anshel and D. Goldfeld, An algebraic method for public-key cryptography, Math. Res. Lett. 6 (1999), 287–291.zbMATHMathSciNetGoogle Scholar
  2. [2]
    M. Berger, Minimum crossing numbers for 3-braids, Journal of Physics A: Mathematical and General 27 (1994), 6205–6213.zbMATHCrossRefMathSciNetGoogle Scholar
  3. [3]
    J. Birman, K.H. Ko, J.S. Lee, A new approach to the word and conjugacy problems in the braid groups, Advances in Mathematics 139 (1998), 322–353.zbMATHCrossRefMathSciNetGoogle Scholar
  4. [4]
    R. Charney, Geodesic automation and growth functions for Artin groups of finite type, Mathematische Annalen 301 (1995), 307–324.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [5]
    P. Dehornoy, Groupes de Garside, Annales Scientifiques de l’École Normale Supérieure 35 (2002), 267–306.zbMATHCrossRefMathSciNetGoogle Scholar
  6. [6]
    P. Dehornoy and L. Paris, Gaussian groups and Garside groups, two generalisations of Artin groups, Proceedings of the London Mathematical Society 79 (1999), 569–604.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [7]
    D. Epstein, J. Cannon, D. Holt, S. Levy, M. Paterson, and W. Thurston, Word Processing in Groups, Jones and Bartlett Publishers, Boston: 1992.zbMATHGoogle Scholar
  8. [8]
    D. Garber, Braid group cryptography, Scholar
  9. [9]
    D. Garber, S. Kaplan, M. Teicher, B. Tsaban, and U. Vishne, Length-based conjugacy search in the Braid group, Contemporary Mathematics 418 (2006), 75–87.MathSciNetGoogle Scholar
  10. [10]
    D. Garber, S. Kaplan, M. Teicher, B. Tsaban, and U. Vishne, Probabilistic solutions of equations in the braid group, Advances in Applied Mathematics 35 (2005), 323–334.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [11]
    J. Hughes and A. Tannenbaum, Length-based attacks for certain group based encryption rewriting systems, Workshop SECI02 Sécuritée de la Communication sur Internet, September 2002.Google Scholar
  12. [12]
    K.H. Ko, S.J. Lee, J.H. Cheon, J.W. Han, S.J. Kang and C.S. Park, New Publickey Cryptosystem using Braid Groups, CRYPTO 2000, Lecture Notes in Computer Science 1880 (2000), 166–183.CrossRefMathSciNetGoogle Scholar
  13. [13]
    A. Myasnikov, V. Shpilrain, and A. Ushakov, A practical attack on some braid group based cryptographic protocols, in: CRYPTO 2005, Lecture Notes in Computer Science 3621 (2005), 86–96.CrossRefMathSciNetGoogle Scholar
  14. [14]
    A. Myasnikov, V. Shpilrain, and A. Ushakov, Group-based cryptography, Advanced Courses in Mathematics — CRM Barcelona, Birkhäuser, 2008.Google Scholar
  15. [15]
    M. Paterson and A. Razborov, The set of minimal braids is co-NP-complete, Journal of Algorithms 12 (1991), 393–408.zbMATHCrossRefMathSciNetGoogle Scholar
  16. [16]
    D. Ruinskiy, A. Shamir, and B. Tsaban, Length-based cryptanalysis: The case of Thompson’s Group, Journal of Mathematical Cryptology 1 (2007), 359–372.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer Basel AG 2010

Authors and Affiliations

  • Martin Hock
    • 1
  • Boaz Tsaban
    • 2
    • 3
  1. 1.Department of Computer ScienceUniversity of WisconsinMadisonUSA
  2. 2.Department of MathematicsBar-Ilan UniversityRamat-GanIsrael
  3. 3.Department of MathematicsWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations