Two notes on low-density subset sum algorithm

Extended abstract
  • Li Daxing
  • Ma Shaohan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 834)


In this short extended abstract, we give two notes on low-density subset sum algorithm. One is, by extending the variables range from {0, 1}to {− 1,0,1} and allowing the weight be negative, to prove that almost all extended subset sum problems of density <0.488... would be solved in polynomial time with a single call to a lattice oracle. Another is, by only allowing the weights be negative, to point out that almost all corresponding subset sum problems whose density is smaller than the same density bound 0.9408... as [CLOS] would be solved in polynomial time by calling lattice oracle. These two extened subset sum problems have clear significance in cryptanalysis, since breaking some cryptosystems can be reduced to solving one of them. As a example, we give a application of our notes in cryptanalysis of Idempotent Element cryptosystem proposed by Pieprzyk and Rutkowski [PR].


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [B]
    Brickell, E.F., Solving Low Density Knapsacks, Advances in Cryptology Proc. of Crypto' 83, Plenum Press, New York (1984), pp.25–37.Google Scholar
  2. [BO]
    Brickell, E.F. and A.M. Odlyzko, Cryptanalysis: a Survey of Recent Results, Proc. IEEE, 76 (1988) 10, pp.578–593.CrossRefGoogle Scholar
  3. [CLOS]
    Coster, M.J., B.A. LaMacchia, A.M. Odlyzko and C.P. Schnorr, An Improved low-Density Subset Sum Algorithm, Advances in Cryptology — Eurocrypt' 91, LNCS 547, Springer-Verlag, pp.54–67.Google Scholar
  4. [F]
    Frieze, A.M., On the Lagarias-Odlyzko Algorithm for the Subset Sum Problem, SIAM J. Comput., 15 (1986) 2.CrossRefGoogle Scholar
  5. [J]
    Joux, S. and J. Stern, Improveing the Critical Density of the Lagarias-Odlyzko Attack Against Subset Sum Problem, Proc. of Fundamentals of Computation Theory ' 91.Google Scholar
  6. [L]
    Li Daxing, The Cryptanalysis of a New Type Multiplication Knapsack Scheme, J. of China Institute of Communications, 12 (1991) 4, pp.59–63 (in Chinese).Google Scholar
  7. [LLL]
    Lenstra, A.K., H.W. Lenstra, and L. Lovasz, Factoring Polynomials with Rational Coefficients, Math. Ann., 261 (1982), pp.515–534.CrossRefGoogle Scholar
  8. [LO]
    Lagarias J.C. and A.M. Odlyzko, Solving Low-Density Subset Sum Problems, J. ACM, 31 (1985) 1, pp.229–246.CrossRefGoogle Scholar
  9. [P]
    Pieprzyk, J., Algebraical Structrures of Cryptographic Transformations, Proc. Eurocrypt' 84.Google Scholar
  10. [PR]
    Pieprzyk, J. and D. Rutkowski, Design of Public Key Cryptosystem Using Idempotent Elements, Computers & Security, 4 (1985), pp.297–308.Google Scholar
  11. [SP]
    Seberry, J. and J. Pieprzyk, Cryptography, Prentice Hall, New York, 1989, pp.105–106.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Li Daxing
    • 1
    • 2
  • Ma Shaohan
    • 3
  1. 1.Dept. of MathematicsShandong UniversityJinanChina
  2. 2.State Key Lab. of Information SecurityGraduate School of University of Science and Technlogy of ChinaBeijingChina
  3. 3.Dept. of Computer ScienceShandong UniversityJinanChina

Personalised recommendations