Solving Low Density Knapsacks

  • Ernest F. Brickell


Let al,...,an and s be a set of integers. The knapsack (or subset sum) problem is to find a 0–1 vector (εl,...,εn) such that Σ εiai = s or to show that such a vector does not exist. The integers al,...,an are sometimes referred to as weights. The general knapsack problem is known to be NP complete [5,6]. Several cryptosystems based on the knapsack problem have been designed [9,12,16]. In April, 1982, Adi Shamir [14] announced a method for breaking the Merkle-Hellman cryptosystem. Since that time there has been a flurry of activity to extend his results to include all of the proposed knapsack based cryptosystems [1,2,3,7,13].


Knapsack Problem Modular Mapping Sandia National Laboratory Basis Reduction Short Basis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    L. M. Adleman, “On Breaking the Generalized Knapsack Public Key Cryptosystems,” Proceedings of the 15th Annual Symposium on Theory of Computing (1983), 402–412.Google Scholar
  2. 2.
    E. F. Brickell, “Are Most Low Density Knapsacks Solvable in Polynomial Time?,” to appear in Congressus Numerantium (1983).Google Scholar
  3. 3.
    E. F. Brickell and G. J. Simmons, “A Status Report on Knapsack Based Public Key Cryptosystems,” Congressus Numerantium, Vol. 37 (1983), 3–72.Google Scholar
  4. 4.
    W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Trans. Inform. Theory IT-22, 6 (Nov. 1976), 644–654.CrossRefGoogle Scholar
  5. 5.
    M. R. Garey and D. S. Johnson, Computers and Intractability, A Guide to the Theory of NP-Completeness, W. H. Freeman and Company, San Francisco (1979).Google Scholar
  6. 6.
    R. M. Karp, “Reducibility Among Combinatorial Problems,” in Complexity of Computer Computations, R. E. Miller and J. W. Thatcher (Eds.), Plenum Press, New York (1972), 85–104.Google Scholar
  7. 7.
    J. C. Lagarias, “Knapsack Public Key Cryptosystems and Diophantine Approximation,” to appear Advances in Cryptography (1983).Google Scholar
  8. 8.
    J. C. Lagarias and A. M. Odlyzko, “Solving ‘Low-Density’ Subset Sum Problems,” to appear.Google Scholar
  9. 9.
    A. Lempel, “Cryptology in Transition: A Survey,” Comput. Surv. 11, 4 (Dec. 1979), 285–304.CrossRefGoogle Scholar
  10. 10.
    H. W. Lenstra, Jr., “Integer Programming with a Fixed Number of Variables,” Univ. of Amsterdam Tech. Report 81–03 (April 1981); to appear, Math. of Operations Research.Google Scholar
  11. 11.
    A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovasz, “Factoring Polynomials with Rational Coefficients,” Mathematische Annalen, Vol. 261, No. 4 (1982), 515–534.CrossRefGoogle Scholar
  12. 12.
    R. C. Markle and M. Hellman, “Hiding Information and Signatures in Trapdoor Knapsacks,” IEEE Trans. Inform. Theory IT-24, 5 (Sept. 1978), 525–530.CrossRefGoogle Scholar
  13. 13.
    A. M. Odlyzko, “Cryptanalytic Attacks on the Multiplicative Knapsack Cryptosystem and on Shamir’s Fast Signature System,” to appear.Google Scholar
  14. 14.
    L. A. Santalo, Integral Geometry and Geometric Probability, Addison-Wesley Publishing Company (1976).Google Scholar
  15. 15.
    A. Shamir, “A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem,” Proc. 23rd Annual Symposium on Foundations of Computer Science (1982), 145–152.Google Scholar
  16. 16.
    A. Shamir, “The Strongest Knapsack-Based Cyrptosystem?,” (extended abstract) paper presented at Crypto’82, Santa Barbara, CA (August 1982).Google Scholar

Copyright information

© Plenum Press, New York 1984

Authors and Affiliations

  • Ernest F. Brickell
    • 1
  1. 1.Sandia National LaboratoriesAlbuquerqueUSA

Personalised recommendations