Cryptanalysis of the Knapsack Generator

  • Simon Knellwolf
  • Willi Meier
Conference paper

DOI: 10.1007/978-3-642-21702-9_11

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6733)
Cite this paper as:
Knellwolf S., Meier W. (2011) Cryptanalysis of the Knapsack Generator. In: Joux A. (eds) Fast Software Encryption. FSE 2011. Lecture Notes in Computer Science, vol 6733. Springer, Berlin, Heidelberg


The knapsack generator was introduced in 1985 by Rueppel and Massey as a novel LFSR-based stream cipher construction. Its output sequence attains close to maximum linear complexity and its relation to the knapsack problem suggests strong security. In this paper we analyze the security of practically relevant instances of this generator as they are recommended for the use in RFID systems, for example. We describe a surprisingly effective guess and determine strategy, which leads to practical attacks on small instances and shows that the security margin of larger instances is smaller than expected. We also briefly discuss a variant of the knapsack generator recently proposed by von zur Gathen and Shparlinski and show that this variant should not be used for cryptographic applications.


knapsack stream cipher pseudorandom generator 

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Simon Knellwolf
    • 1
  • Willi Meier
    • 1
  1. 1.FHNWSwitzerland

Personalised recommendations