Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

  • C. P. Schnorr
  • H. H. Hörner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 921)


We introduce algorithms for lattice basis reduction that are improvements of the famous L3-algorithm. If a random L3-reduced lat- tice basis b 1, ..., b n is given such that the vector of reduced Gram- Schmidt coefficients ({μ i,j} 1 ≤ j < in) is uniformly distributed in \( [0,1)^{(_2^n )} \) , then the pruned enumeration finds with positive probability a shortest lattice vector. We demonstrate the power of these algorithms by solving random subset sum problems of arbitrary density with 74 and 82 many weights, by breaking the Chor-Rivest cryptoscheme in dimen- sions 103 and 151 and by breaking Damgård’s hash function.


  1. [CJLOSS92]
    M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.P. Schnorr and J. Stern: Improved Low-Density Subset Sum Algorithms; comput. complexity 2, Birkhäuser-Verlag Basel (1992), 111–128.Google Scholar
  2. [CR88]
    B. Chor and R.L. Rivest: A knapsack-type public key cryptosystem based on arithmetic in finite fields; IEEE Trans. Inform. Theory, vol IT-34 (1988), 901–909.CrossRefMathSciNetGoogle Scholar
  3. [DA89]
    I. B. Damgård: A Design Principle for Hash Functions; Advances in Cryptology, Proc. Crypto 89, Springer LNCS 435 (1990), 416–427.CrossRefGoogle Scholar
  4. [H94]
    H.H. Hörner: Verbesserte Gitterbasenreduktion; getestet am Chor-Rivest Kryp-tosystem und an allgemeinen Rucksack-Problemen. Diplomarbeit, Universität Frankfurt (August 1994).Google Scholar
  5. [JG94]
    A. Joux and L. Granboulan: A Practical Attack against Knapsack based Hash Functions; Proceedings EUROCRYPT’94, Springer LNCS (1994).Google Scholar
  6. [JS94]
    A. Joux and J. Stern: Lattice Reduction: a Toolbox for the Cryptanalyst, TR DGA/CELAR, ENS (1994).Google Scholar
  7. [KA87]
    R. Kannan: Minkowski’s convex body theorem and integer programming; Math. Oper. Res. 12 (1987), 415–440.zbMATHMathSciNetGoogle Scholar
  8. [KR94]
    M. Kaib and H. Ritter: Block Reduction with Respect to Arbitrary Norms; TR U. Frankfurt (1994).Google Scholar
  9. [LO85]
    J.C. Lagarias and A.M. Odlyzko: Solving low-density subset sum problems; J. Assoc. Comp. Mach. 32(1) (1985), 229–246.zbMATHMathSciNetGoogle Scholar
  10. [LLL82]
    A.K. Lenstra, H.W. Lenstra Jr. and L. Lovász: Factoring polynomials with rational coefficients; Math. Ann. 261 (1982), 515–534.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [MO90]
    J.E. Mazo and A.M. Odlyzko: Lattice Points in high-dimensional spheres; Monatsh. Math. 110 (1990), 47–61.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [RK88]
    S. Radziszowski and D. Kreher: Solving subset sum problems with the L3 algorithm; J. Combin. Math. Combin. Comput. 3 (1988), 49–63.zbMATHMathSciNetGoogle Scholar
  13. [S87]
    C.P. Schnorr: A hierarchy of polynomial time lattice basis reduction algorithms; Theoretical Computer Science 53 (1987), 201–224.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [S94]
    C.P. Schnorr: Block reduced lattice bases and successive minima; Combinatorics, Probability and Computing 3 (1994), 507–522.zbMATHCrossRefMathSciNetGoogle Scholar
  15. [SE94]
    C.P. Schnorr and M. Euchner: Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems; Mathematical Programming 66 (1994), 181–199.CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • C. P. Schnorr
    • 1
  • H. H. Hörner
    • 1
  1. 1.Fachbereich Mathematik/InformatikJohann Wolfgang Goethe-Universität FrankfurtFrankfurt a.M.Germany

Personalised recommendations