Cryptanalysis of the Algebraic Eraser and short expressions of permutations as products

On March 2004, Anshel, Anshel, Goldfeld, and Lemieux introduced the "Algebraic Eraser" scheme for key agreement over an insecure channel, using a novel hybrid of infinite and finite noncommutative groups. They also introduced the "Colored Burau Key Agreement Protocol (CBKAP)", a concrete realization of this scheme. CBKAP resisted cryptanalysis for four years. We present general, efficient algorithms, which extract the shared key out of the public information provided by CBKAP. These algorithms are successful for all sizes of the security parameters, assuming that the keys are chosen with standard distributions. Our methods come from probabilistic group theory, and have not been used before in cryptanalysis. In particular, we provide a simple and very efficient heuristic algorithm for finding short expressions of permutations as products of given random permutations. Our algorithm gives expressions of length O(n^2\log n), in time O(n^4\log n) and space O(n^2\log n), and is the first practical one for n greater than or equal to 256.