Advertisement

Performance analysis of Shamir's attack on the basic Merkle-Hellman knapsack cryptosystem

Extended abstract
  • J. C. Lagarias
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 172)

Abstract

This paper gives a performance analysis of one variant of Shamir's attack on the basic Merkle-Hellman knapsack cryptosystem, which we call Algorithm S. Let \(R = \frac{{\# plain text bits}}{{maximum \# cipher text bits}}\) denote the rate at which a knapsack cryptosystem transmits information, and let n denote the number of items in a knapsack, i.e. the block size of plaintext. We show that for any fixed R Algorithm S runs to completion in time polynomial in n on all knapsacks with rate Ro>-R. We show that it successfully breaks at least the fraction \(1 - \frac{{c_R }}{n}\) of such knapsack cryptosystems as n → ∞, where cR is a constant depending on R.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    L. Adleman, On Breaking Generalized Knapsack Cryptosystems, Proc. 15th Annual ACM Symposium on Theory of Computing, 1983, pp. 402–412.Google Scholar
  2. [2]
    E. Brickell, Solving Low Density Knapsacks, in: Advances in Cryptology, Proceedings of Crypto-83 (D. Chaum, Ed.), Plenum Publ. Co., New York 1984.Google Scholar
  3. [3]
    E. Brickell, J. C. Lagarias and A. M. Odlyzko, Evaluation of Adleman's Attack on Multiply Iterated Knapsacks (Abstract), Advances in Cryptology Proceeding of Crypto-83 (D. Chaum, Ed.), Plenum Publ. Co., New York 1984.Google Scholar
  4. [4]
    Y. Desmedt, J. Vandewalle, R. Govaerts, A Critical Analysis of the Security of Knapsack Public Key Cryptosystems, preprint.Google Scholar
  5. [5]
    R. Kannan, Improved Algorithms for Integer Programming and Related Lattice Problems, Proc. 15th Annual ACM Symposium on theory of Computing, 1983, pp. 193–206.Google Scholar
  6. [6]
    J. C. Lagarias, Knapsack Public Key Cryptosystems and Diophantine Approximation (Extend Abstract), Advances in Cryptology, Proceedings of Crypto-83 (D. Chaum, Ed.), Plenum Publ. Co., New York, 1984, pp. 3–24.Google Scholar
  7. [7]
    J. C. Lagarias, Simultaneous Diophantine Approximation of Rationals by Rationals, preprint.Google Scholar
  8. [8]
    J. C. Lagarias and A. M. Odlyzko, Solving Low Density Subset Sum Problems, Proc. 24th IEEE Symposium on Foundations of Computer Science, 1983, pp. 1–10.Google Scholar
  9. [9]
    A. K. Lenstra, H. W. Lenstra, Jr. and L. Lovasz, Factoring polynomials with rational coefficients, Math. Annalen. 261 (1982), pp. 515–534.Google Scholar
  10. [10]
    H. W. Lenstra, Jr., Integer programming with a fixed number of variables, Math. of Operations Research, to appear.Google Scholar
  11. [11]
    R. Merkle and M. Hellman, Hiding Information and Signatures in Trapdoor Knapsacks, IEEE Trans. Information Theory IT-24 (1978), pp. 525–530.Google Scholar
  12. [12]
    A. M. Odlyzko, Cryptanalytic attacks on the multiplicative knapsack cryptosystem and on Shamir's fast signature scheme, IEEE Trans. Information Theory, to appear.Google Scholar
  13. [13]
    A. Shamir, A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem, Proc. 23rd Annual Symposium on Foundations of Computer Science, 1982, pp. 145–152.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1984

Authors and Affiliations

  • J. C. Lagarias
    • 1
  1. 1.AT&T Bell LaboratoriesMurray Hill

Personalised recommendations