Combinatorial and Geometric Group Theory pp 149-169 | Cite as

# Solving Random Equations in Garside Groups Using Length Functions

## Abstract

We give a systematic exposition of memory-length algorithms for solving equations in noncommutative groups. This exposition clarifies some points untouched in earlier expositions. We then focus on the main ingredient in these attacks: Length functions.

After a self-contained introduction to Garside groups, we describe length functions induced by the greedy normal form and by the rational normal form in these groups, and compare their worst-case performances.

Our main concern is Artin’s braid groups, with their two known Garside presentations, due to Artin and due to Birman-Ko-Lee (BKL). We show that in *B* _{3} equipped with the BKL presentation, the (efficiently computable) rational normal form of each element is a geodesic, i.e., is a representative of minimal length for that element. (For Artin’s presentation of *B* _{3}, Berger supplied in 1994 a method to obtain geodesic representatives in *B* _{3}.)

For arbitrary *B* _{ N }, finding the geodesic length of an element is NP-hard, by a 1991 result of by Paterson and Razborov. We show that a good estimation of the geodesic length of an element of *B* _{ N } in Artin’s presentation is measuring the length of its rational form in the *BKL* presentation. This is proved theoretically for the worst case, and experimental evidence is provided for the generic case.

## Mathematics Subject Classification (2000)

05E15 94A60## Keywords

Random equations Garside groups length functions braid group Artin presentation Birman-Ko-Lee presentation minimal length geodesics## Preview

Unable to display preview. Download preview PDF.

## References

- [1]I. Anshel, M. Anshel and D. Goldfeld,
*An algebraic method for public-key cryptography*, Math. Res. Lett.**6**(1999), 287–291.zbMATHMathSciNetGoogle Scholar - [2]M. Berger,
*Minimum crossing numbers for 3-braids*, Journal of Physics A: Mathematical and General**27**(1994), 6205–6213.zbMATHCrossRefMathSciNetGoogle Scholar - [3]J. Birman, K.H. Ko, J.S. Lee,
*A new approach to the word and conjugacy problems in the braid groups*, Advances in Mathematics**139**(1998), 322–353.zbMATHCrossRefMathSciNetGoogle Scholar - [4]R. Charney,
*Geodesic automation and growth functions for Artin groups of finite type*, Mathematische Annalen**301**(1995), 307–324.zbMATHCrossRefMathSciNetGoogle Scholar - [5]P. Dehornoy,
*Groupes de Garside*, Annales Scientifiques de l’École Normale Supérieure**35**(2002), 267–306.zbMATHCrossRefMathSciNetGoogle Scholar - [6]P. Dehornoy and L. Paris,
*Gaussian groups and Garside groups, two generalisations of Artin groups*, Proceedings of the London Mathematical Society**79**(1999), 569–604.zbMATHCrossRefMathSciNetGoogle Scholar - [7]D. Epstein, J. Cannon, D. Holt, S. Levy, M. Paterson, and W. Thurston,
**Word Processing in Groups**, Jones and Bartlett Publishers, Boston: 1992.zbMATHGoogle Scholar - [8]D. Garber,
*Braid group cryptography*, www.ims.nus.edu.sg/Programs/braids/files/david.pdfGoogle Scholar - [9]D. Garber, S. Kaplan, M. Teicher, B. Tsaban, and U. Vishne,
*Length-based conjugacy search in the Braid group*, Contemporary Mathematics**418**(2006), 75–87.MathSciNetGoogle Scholar - [10]D. Garber, S. Kaplan, M. Teicher, B. Tsaban, and U. Vishne,
*Probabilistic solutions of equations in the braid group*, Advances in Applied Mathematics**35**(2005), 323–334.zbMATHCrossRefMathSciNetGoogle Scholar - [11]J. Hughes and A. Tannenbaum,
*Length-based attacks for certain group based encryption rewriting systems*, Workshop SECI02 Sécuritée de la Communication sur Internet, September 2002.Google Scholar - [12]K.H. Ko, S.J. Lee, J.H. Cheon, J.W. Han, S.J. Kang and C.S. Park,
*New Publickey Cryptosystem using Braid Groups*, CRYPTO 2000, Lecture Notes in Computer Science**1880**(2000), 166–183.CrossRefMathSciNetGoogle Scholar - [13]A. Myasnikov, V. Shpilrain, and A. Ushakov,
*A practical attack on some braid group based cryptographic protocols*, in: CRYPTO 2005, Lecture Notes in Computer Science**3621**(2005), 86–96.CrossRefMathSciNetGoogle Scholar - [14]A. Myasnikov, V. Shpilrain, and A. Ushakov,
**Group-based cryptography**, Advanced Courses in Mathematics — CRM Barcelona, Birkhäuser, 2008.Google Scholar - [15]M. Paterson and A. Razborov,
*The set of minimal braids is co-NP-complete*, Journal of Algorithms**12**(1991), 393–408.zbMATHCrossRefMathSciNetGoogle Scholar - [16]D. Ruinskiy, A. Shamir, and B. Tsaban,
*Length-based cryptanalysis: The case of Thompson’s Group*, Journal of Mathematical Cryptology**1**(2007), 359–372.zbMATHCrossRefMathSciNetGoogle Scholar