Let al,...,an and s be a set of integers. The knapsack (or subset sum) problem is to find a 0–1 vector (εl,...,εn) such that Σ εiai = s or to show that such a vector does not exist. The integers al,...,an are sometimes referred to as weights. The general knapsack problem is known to be NP complete [5,6]. Several cryptosystems based on the knapsack problem have been designed [9,12,16]. In April, 1982, Adi Shamir  announced a method for breaking the Merkle-Hellman cryptosystem. Since that time there has been a flurry of activity to extend his results to include all of the proposed knapsack based cryptosystems [1,2,3,7,13].
Unable to display preview. Download preview PDF.
- 1.L. M. Adleman, “On Breaking the Generalized Knapsack Public Key Cryptosystems,” Proceedings of the 15th Annual Symposium on Theory of Computing (1983), 402–412.Google Scholar
- 2.E. F. Brickell, “Are Most Low Density Knapsacks Solvable in Polynomial Time?,” to appear in Congressus Numerantium (1983).Google Scholar
- 3.E. F. Brickell and G. J. Simmons, “A Status Report on Knapsack Based Public Key Cryptosystems,” Congressus Numerantium, Vol. 37 (1983), 3–72.Google Scholar
- 5.M. R. Garey and D. S. Johnson, Computers and Intractability, A Guide to the Theory of NP-Completeness, W. H. Freeman and Company, San Francisco (1979).Google Scholar
- 6.R. M. Karp, “Reducibility Among Combinatorial Problems,” in Complexity of Computer Computations, R. E. Miller and J. W. Thatcher (Eds.), Plenum Press, New York (1972), 85–104.Google Scholar
- 7.J. C. Lagarias, “Knapsack Public Key Cryptosystems and Diophantine Approximation,” to appear Advances in Cryptography (1983).Google Scholar
- 8.J. C. Lagarias and A. M. Odlyzko, “Solving ‘Low-Density’ Subset Sum Problems,” to appear.Google Scholar
- 10.H. W. Lenstra, Jr., “Integer Programming with a Fixed Number of Variables,” Univ. of Amsterdam Tech. Report 81–03 (April 1981); to appear, Math. of Operations Research.Google Scholar
- 13.A. M. Odlyzko, “Cryptanalytic Attacks on the Multiplicative Knapsack Cryptosystem and on Shamir’s Fast Signature System,” to appear.Google Scholar
- 14.L. A. Santalo, Integral Geometry and Geometric Probability, Addison-Wesley Publishing Company (1976).Google Scholar
- 15.A. Shamir, “A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem,” Proc. 23rd Annual Symposium on Foundations of Computer Science (1982), 145–152.Google Scholar
- 16.A. Shamir, “The Strongest Knapsack-Based Cyrptosystem?,” (extended abstract) paper presented at Crypto’82, Santa Barbara, CA (August 1982).Google Scholar