Trapdoors in Knapsack Kryptosystems

Eier, R.; Lagger, H.

doi:10.1007/3-540-39466-4_23

Cited by 6 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Knapsack-type PKCs always follows a common design morphology [9], that is: In the knapsack public-key cryptography, several kinds of easy knapsack problems have been considered, e.g., super-increasing sequences [4], the cargo vectors used in the Graham-Shamir cryptosystem [40] and the knapsack sequences [41] used for attacking a knapsack-type cryptosystem [16] based on Diophantine equations. In this section, we propose several new easy knapsack problems, which can be viewed as the generalizations of those problems presented in [42,43].…”

Section: Easy Knapsack-type Problemsmentioning

confidence: 99%

See 1 more Smart Citation

PKCHD: Towards a Probabilistic Knapsack Public-Key Cryptosystem with High Density

et al. 2019

View full text Add to dashboard Cite

By introducing an easy knapsack-type problem, a probabilistic knapsack-type public key cryptosystem (PKCHD) is proposed. It uses a Chinese remainder theorem to disguise the easy knapsack sequence. Thence, to recover the trapdoor information, the implicit attacker has to solve at least two hard number-theoretic problems, namely integer factorization and simultaneous Diophantine approximation problems. In PKCHD, the encryption function is nonlinear about the message vector. Under the re-linearization attack model, PKCHD obtains a high density and is secure against the low-density subset sum attacks, and the success probability for an attacker to recover the message vector with a single call to a lattice oracle is negligible. The infeasibilities of other attacks on the proposed PKCHD are also investigated. Meanwhile, it can use the hardest knapsack vector as the public key if its density evaluates the hardness of a knapsack instance. Furthermore, PKCHD only performs quadratic bit operations which confirms the efficiency of encrypting a message and deciphering a given cipher-text.

show abstract

Section: Easy Knapsack-type Problemsmentioning

confidence: 99%

“…In fact, Refs. [42,43] have given a small example in which the message plaintext is not the shortest vector no matter what norms are used. Thus, the lattice reduction algorithms just find a random vector in the N(n, r) preimages.…”

Section: On the Number Of Plaintext Vectors That A Cipher-text Hasmentioning

confidence: 99%

PKCHD: Towards a Probabilistic Knapsack Public-Key Cryptosystem with High Density

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The original trapdoor corresponds to bki a k i , U k = (wk) -1 rn.od pt, and Vk = p/C, for k = 1 to r. To make these equations linear, V ~ is set to an arbitrary constant. Consequently, one is not likely to find the original trapdoor but alternate trapdoors can return an alternate superincreasing series according to the following Lemma due to Desmedt, Vanderwalle, and Govaerts [20] and independently Eier and Lagger [18]. The first stage of Brickell's attack is to find the h/k's of (8) by finding short vectors in a lattice containing the public weights a r, for i = 1 to n. Numerous other knapsack cryptosystems and cryptanalytical attacks are reviewed in [2]- [5].…”

Section: Cryptanalysis Of the Merkle And Heliman Trapdoormentioning

confidence: 99%

A multiple-iterated trapdoor for dense compact knapsacks

Orton

1995

Advances in Cryptology — EUROCRYPT'94

View full text Add to dashboard Cite

A modification to the multiple-iterated Merkle-Hellman trapdoor is described that permits a knapsack density exceeding the critical density 0.94 of the Lagarias-Odlyzko low-density attack. A high density level also permits fast signature generation. Compaction and common knapsack weights are used to reduce the public-key size. The security of the new trapdoor depends on a simultaneous diophantine approximation problem plus a residue recombination problem.

show abstract

“…Then, Shamir showed that knapsacks can be broken in certain circumstances [1415,1416]. There were other results- [1428,38,754,516,488]but no one could break the general Merkle-Hellman system. Finally, Shamir and Zippel [1418,1419,1421] found flaws in the transformation that allowed them to reconstruct the superincreasing knapsack from the normal knapsack.…”

Section: Security Of Knapsacksmentioning

confidence: 99%

Applied cryptography: Protocols, algorithms, and source code in C

1994

Computer Law & Security Review

771

View full text Add to dashboard Cite

Trapdoors in Knapsack Kryptosystems

Cited by 6 publications

References 0 publications

PKCHD: Towards a Probabilistic Knapsack Public-Key Cryptosystem with High Density

PKCHD: Towards a Probabilistic Knapsack Public-Key Cryptosystem with High Density

A multiple-iterated trapdoor for dense compact knapsacks

Applied cryptography: Protocols, algorithms, and source code in C

Contact Info

Product

Resources

About