Exploring Naccache-Stern Knapsack Encryption

  • Éric Brier
  • Rémi Géraud
  • David Naccache
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10543)


The Naccache-Stern public-key cryptosystem (NS) relies on the conjectured hardness of the modular multiplicative knapsack problem: Given \(p,\{v_i\},\prod v_i^{m_i} \bmod p\), find the \(\{m_i\}\).

Given this scheme’s algebraic structure it is interesting to systematically explore its variants and generalizations. In particular it might be useful to enhance NS with features such as semantic security, re-randomizability or an extension to higher-residues.

This paper addresses these questions and proposes several such variants.


  1. 1.
    Adleman, L.M.: On breaking the iterated Merkle-Hellman public-key cryptosystem. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology - CRYPTO 1982, pp. 303–308. Plenum Press, New York (1982)Google Scholar
  2. 2.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30576-7_18 CrossRefGoogle Scholar
  3. 3.
    Brickell, E.F.: Breaking iterated Knapsacks. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 342–358. Springer, Heidelberg (1985). doi: 10.1007/3-540-39568-7_27 CrossRefGoogle Scholar
  4. 4.
    Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_33 CrossRefGoogle Scholar
  5. 5.
    Chee, Y.M., Joux, A., Stern, J.: The cryptanalysis of a new public-key cryptosystem based on modular Knapsacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 204–212. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_15 Google Scholar
  6. 6.
    Chevallier-Mames, B., Naccache, D., Stern, J.: Linear bandwidth Naccache-Stern encryption. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 327–339. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85855-3_22 CrossRefGoogle Scholar
  7. 7.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). doi: 10.1007/BFb0055717 Google Scholar
  8. 8.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. J. Cryptology 17(2), 81–104 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: Lewis, H.R., Simons, B.B., Burkhard, W.A., Landweber, L.H. (eds.) Proceedings of the 14th Annual ACM Symposium on Theory of Computing, 5–7 May 1982, San Francisco, California, USA, pp. 365–377. ACM (1982)Google Scholar
  10. 10.
    Groth, J.: Rerandomizable and replayable adaptive chosen ciphertext attack secure cryptosystems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 152–170. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24638-1_9 CrossRefGoogle Scholar
  11. 11.
    Herold, G., Meurer, A.: New attacks for Knapsack based cryptosystems. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 326–342. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32928-9_18 CrossRefGoogle Scholar
  12. 12.
    Joux, A., Stern, J.: Cryptanalysis of another Knapsack cryptosystem. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 470–476. Springer, Heidelberg (1993). doi: 10.1007/3-540-57332-1_40 Google Scholar
  13. 13.
    Lenstra, H.W.: On the Chor-Rivest Knapsack cryptosystem. J. Cryptology 3(3), 149–155 (1991)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Monier, L.: Evaluation and comparison of two efficient probabilistic primality testing algorithms. Theoret. Comput. Sci. 12(1), 97–108 (1980)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Naccache, D., Stern, J.: A new public-key cryptosystem. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 27–36. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_3 Google Scholar
  16. 16.
    Prabhakaran, M., Rosulek, M.: Rerandomizable RCCA encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 517–534. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74143-5_29 CrossRefGoogle Scholar
  17. 17.
    Rabin, M.O.: Probabilistic algorithm for testing primality. J. Number Theory 12(1), 128–138 (1980)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Ingenico TerminalsAlixanFrance
  2. 2.École Normale SupérieureParis Cedex 05France

Personalised recommendations