Polynomial-Time Solutions of Computational Problems in Noncommutative-Algebraic Cryptography

Research output: Contribution to journalArticlepeer-review

46 Scopus citations


We introduce the linear centralizer method, and use it to devise a provable polynomial-time solution of the Commutator Key Exchange Problem, the computational problem on which, in the passive adversary model, the security of the Anshel–Anshel–Goldfeld (Anshel et al., Math. Res. Lett. 6:287–291, 1999) Commutator key exchange protocol is based. We also apply this method to solve, in polynomial time, the computational problem underlying the Centralizer key exchange protocol, introduced by Shpilrain and Ushakov in (Contemp. Math. 418:161–167, 2006). This is the first provable polynomial-time cryptanalysis of the Commutator key exchange protocol, hitherto the most important key exchange protocol in the realm of noncommutative algebraic cryptography, and the first cryptanalysis (of any kind) of the Centralizer key exchange protocol. Unlike earlier cryptanalyses of the Commutator key exchange protocol, our cryptanalyses cannot be foiled by changing the distributions used in the protocol.

Original languageEnglish
Pages (from-to)601-622
Number of pages22
JournalJournal of Cryptology
Issue number3
StatePublished - 12 Jul 2015

Bibliographical note

Publisher Copyright:
© 2013, International Association for Cryptologic Research.


  • Algebraic cryptanalysis
  • Braid Diffie–Hellman key exchange
  • Braid infinimum reduction
  • Braid-based cryptography
  • Centralizer key exchange
  • Commutator key exchange
  • Group theory-based cryptography
  • Invertibility lemma
  • Linear centralizer method
  • Linear cryptanalysis
  • Noncommutative-algebraic cryptography
  • Schwartz–Zippel lemma


Dive into the research topics of 'Polynomial-Time Solutions of Computational Problems in Noncommutative-Algebraic Cryptography'. Together they form a unique fingerprint.

Cite this