Length-based conjugacy search in the Braid group

Anshel, et. al., introduced a new cryptographic protocol, the Commutator key agreement protocol, whose strength lies heavily on the difficulty of the generalized conjugacy problem in subgroups of the Braid group. A natural approach to this problem is by using a length-based method, with the length of the Garside normal form as a length function. Experiments show that this approach is far from being satisfactory, as the suggested length functions do not grow nicely with the increase of the number of generators of the subgroup which are multiplied to obtain its input word. We define a new length function on the Braid group, which is much closer to being monotonic than the previously suggested function, and observe a dramatic improvement in the success probability of the length-based conjugacy search algorithm. We also show that the success probability is increased significantly (at the cost of more computational power) when we search for a longer prefix of the conjugator.