Advertisement

An Improved Low-Density Subset Sum Algorithm

  • M. J. Coster
  • B. A. LaMacchia
  • A. M. Odlyzko
  • C. P. Schnorr
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 547)

Abstract

The general subset sum problem is NP-complete. However, there are two algorithms, one due to Brickell and the other to Lagarias and Odlyzko, which in polynomial time solve almost all subset sum problems of sufficiently low density. Both methods rely on basis reduction algorithms to find short non-zero vectors in special lattices. The Lagarias-Odlyzko algorithm would solve almost all subset sum problems of density < 0.6463. . . in polynomial time if it could invoke a polynomial-time algorithm for finding the shortest non-zero vector in a lattice. This note shows that a simple modification of that algorithm would solve almost all problems of density < 0.9408. . . if it could find shortest non-zero vectors in lattices. This modification also yields dramatic improvements in practice when it is combined with known lattice basis reduction algorithms.

References

  1. [1]
    E. F. Brickell, Solving low density knapsacks. Advances in Cryptology, Proceedings of Crypto’ 83, Plenum Press, New York (1984), 25–37.Google Scholar
  2. [2]
    E. F. Brickell, The cryptanalysis of knapsack cryptosystems. Applications of Discrete Mathematics, R. D. Ringeisen and F. S. Roberts, eds., SIAM (1988), 3–23.Google Scholar
  3. [3]
    E. F. Brickell and A. M. Odlyzko, Cryptanalysis: a survey of recent results, Proc. IEEE 76 (1988), 578–593.CrossRefGoogle Scholar
  4. [4]
    B. Chor and R. Rivest, A knapsack-type public key cryptosystem based on arithmetic in finite fields, IEEE Trans. Information Theory IT-34 (1988), 901–909.CrossRefMathSciNetGoogle Scholar
  5. [5]
    Y. Desmedt, What happened with knapsack cryptographic schemes?, Performance Limits in Communication, Theory and Practice, J. K. Skwirzynski, ed., Kluwer (1988), 113–134.Google Scholar
  6. [6]
    P. van Emde Boas, Another NP-complete partition problem and the complexity of computing short vectors in a lattice, Rept. 81-04, Dept. of Mathematics, Univ. of Amsterdam, 1981.Google Scholar
  7. [7]
    A. M. Frieze, On the Lagarias-Odlyzko algorithm for the subset sum problem, SIAM J. Comput. 15(2) (May 1986), 536–539.zbMATHCrossRefMathSciNetGoogle Scholar
  8. [8]
    M. L. Furst and R. Kannan, Succinct certificates for almost all subset sum problems, SIAM J. Comput. 18 (1989), 550–558.zbMATHCrossRefMathSciNetGoogle Scholar
  9. [9]
    M. R. Garey and D. S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman and Company (1979).Google Scholar
  10. [10]
    J. Hastad, B. Just, J. C. Lagarias, and C. P. Schnorr, Polynomial time algorithms for finding integer relations among real numbers, SIAM J. Comput. 18(5) (October 1989), 859–881.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [11]
    A. Joux and J. Stern, Improving the critical density of the Lagarias-Odlyzko attack against subset sum problems, Proceedings of Fundamentals of Computation Theory’ 91, to be published.Google Scholar
  12. [12]
    J. C. Lagarias and A. M. Odlyzko, Solving low-density subset sum problems, J. Assoc. Comp. Mach. 32(1) (January 1985), 229–246.zbMATHMathSciNetGoogle Scholar
  13. [13]
    B. A. LaMacchia, Basis Reduction Algorithms and Subset Sum Problems, SM Thesis, Dept. of Elect. Eng. and Comp. Sci., Massachusetts Institute of Technology, Cambridge, MA (1991).Google Scholar
  14. [14]
    A. K. Lenstra, H. W. Lenstra, and L. Lovász, Factoring polynomials with rational coefficients, Math. Ann. 261 (1982), 515–534.zbMATHCrossRefMathSciNetGoogle Scholar
  15. [15]
    J. E. Mazo and A. M. Odlyzko, Lattice points in high-dimensional spheres, Monatsh. Math. 110 (1990), 47–61.zbMATHCrossRefMathSciNetGoogle Scholar
  16. [16]
    A. M. Odlyzko, The rise and fall of knapsack cryptosystems, Cryptology and Computational Number Theory, C. Pomerance, ed., Am. Math. Soc., Proc. Symp. Appl. Math. 42 (1990), 75–88.Google Scholar
  17. [17]
    A. Paz and C. P. Schnorr, Approximating integer lattices by lattices with cyclic factor groups, Automata, Languages, and Programming: 14th ICALP, Lecture Notes in Computer Science 267, Springer-Verlag, NY (1987), 386–393.Google Scholar
  18. [18]
    S. Radziszowski and D. Kreher, Solving subset sum problems with the L 3 algorithm, J. Combin. Math. Combin. Comput. 3 (1988), 49–63.zbMATHMathSciNetGoogle Scholar
  19. [19]
    C. P. Schnorr, A hierarchy of polynomial time lattice basis reduction algorithms, Theoretical Computer Science 53 (1987), 201–224.zbMATHCrossRefMathSciNetGoogle Scholar
  20. [20]
    C. P. Schnorr, A more efficient algorithm for lattice basis reduction, J. Algorithms 9 (1988), 47–62.zbMATHCrossRefMathSciNetGoogle Scholar
  21. [21]
    C. P. Schnorr and M. Euchner, Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems, Proceedings of Fundamentals of Computation Theory’ 91, to be published.Google Scholar
  22. [22]
    M. Seysen, Simultaneous reduction of a lattice basis and its reciprocal basis, Combinatorica, to appear.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • M. J. Coster
    • 1
  • B. A. LaMacchia
    • 1
  • A. M. Odlyzko
    • 1
  • C. P. Schnorr
    • 2
  1. 1.AT&T Bell LaboratoriesMurray Hill
  2. 2.Fachbereich Mathematik/InformatikUniversität FrankfurtFrankfurt am MainGermany

Personalised recommendations