Advertisement

Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

  • C. P. Schnorr
  • H. H. Hörner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 921)

Abstract

We introduce algorithms for lattice basis reduction that are improvements of the famous L3-algorithm. If a random L3-reduced lat- tice basis b 1, ..., b n is given such that the vector of reduced Gram- Schmidt coefficients ({μ i,j} 1 ≤ j < in) is uniformly distributed in \( [0,1)^{(_2^n )} \) , then the pruned enumeration finds with positive probability a shortest lattice vector. We demonstrate the power of these algorithms by solving random subset sum problems of arbitrary density with 74 and 82 many weights, by breaking the Chor-Rivest cryptoscheme in dimen- sions 103 and 151 and by breaking Damgård’s hash function.

References

  1. [CJLOSS92]
    M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.P. Schnorr and J. Stern: Improved Low-Density Subset Sum Algorithms; comput. complexity 2, Birkhäuser-Verlag Basel (1992), 111–128.Google Scholar
  2. [CR88]
    B. Chor and R.L. Rivest: A knapsack-type public key cryptosystem based on arithmetic in finite fields; IEEE Trans. Inform. Theory, vol IT-34 (1988), 901–909.CrossRefMathSciNetGoogle Scholar
  3. [DA89]
    I. B. Damgård: A Design Principle for Hash Functions; Advances in Cryptology, Proc. Crypto 89, Springer LNCS 435 (1990), 416–427.CrossRefGoogle Scholar
  4. [H94]
    H.H. Hörner: Verbesserte Gitterbasenreduktion; getestet am Chor-Rivest Kryp-tosystem und an allgemeinen Rucksack-Problemen. Diplomarbeit, Universität Frankfurt (August 1994).Google Scholar
  5. [JG94]
    A. Joux and L. Granboulan: A Practical Attack against Knapsack based Hash Functions; Proceedings EUROCRYPT’94, Springer LNCS (1994).Google Scholar
  6. [JS94]
    A. Joux and J. Stern: Lattice Reduction: a Toolbox for the Cryptanalyst, TR DGA/CELAR, ENS (1994).Google Scholar
  7. [KA87]
    R. Kannan: Minkowski’s convex body theorem and integer programming; Math. Oper. Res. 12 (1987), 415–440.zbMATHMathSciNetGoogle Scholar
  8. [KR94]
    M. Kaib and H. Ritter: Block Reduction with Respect to Arbitrary Norms; TR U. Frankfurt (1994).Google Scholar
  9. [LO85]
    J.C. Lagarias and A.M. Odlyzko: Solving low-density subset sum problems; J. Assoc. Comp. Mach. 32(1) (1985), 229–246.zbMATHMathSciNetGoogle Scholar
  10. [LLL82]
    A.K. Lenstra, H.W. Lenstra Jr. and L. Lovász: Factoring polynomials with rational coefficients; Math. Ann. 261 (1982), 515–534.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [MO90]
    J.E. Mazo and A.M. Odlyzko: Lattice Points in high-dimensional spheres; Monatsh. Math. 110 (1990), 47–61.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [RK88]
    S. Radziszowski and D. Kreher: Solving subset sum problems with the L3 algorithm; J. Combin. Math. Combin. Comput. 3 (1988), 49–63.zbMATHMathSciNetGoogle Scholar
  13. [S87]
    C.P. Schnorr: A hierarchy of polynomial time lattice basis reduction algorithms; Theoretical Computer Science 53 (1987), 201–224.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [S94]
    C.P. Schnorr: Block reduced lattice bases and successive minima; Combinatorics, Probability and Computing 3 (1994), 507–522.zbMATHCrossRefMathSciNetGoogle Scholar
  15. [SE94]
    C.P. Schnorr and M. Euchner: Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems; Mathematical Programming 66 (1994), 181–199.CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • C. P. Schnorr
    • 1
  • H. H. Hörner
    • 1
  1. 1.Fachbereich Mathematik/InformatikJohann Wolfgang Goethe-Universität FrankfurtFrankfurt a.M.Germany

Personalised recommendations