Linear Bandwidth Naccache-Stern Encryption

  • Benoît Chevallier-Mames
  • David Naccache
  • Jacques Stern
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


The Naccache-Stern (ns) knapsack cryptosystem is an original yet little-known public-key encryption scheme. In this scheme, the ciphertext is obtained by multiplying public-keys indexed by the message bits modulo a prime p. The cleartext is recovered by factoring the ciphertext raised to a secret power modulo p.

ns encryption requires a multiplication per two plaintext bits on the average. Decryption is roughly as costly as an rsa decryption. However, ns features a bandwidth sublinear in log p, namely log p/ log log p. As an example, for a 2048-bit prime p, ns encryption features a 233-bit bandwidth for a 59-kilobyte public key size.

This paper presents new ns variants achieving bandwidths linear in log p. As linear bandwidth claims a public-key of size log3 p/ log log p, we recommend to combine our scheme with other bandwidth optimization techniques presented here.

For a 2048-bit prime p, we obtain figures such as 169-bit plaintext for a 10-kilobyte public key, 255-bit plaintext for a 20-kilobyte public key or a 781-bit plaintext for a 512-kilobyte public key. Encryption and decryption remain unaffected by our optimizations: As an example, the 781-bit variant requires 152 multiplications per encryption.


Public key cryptography ns cryptosystem multiplicative knapsack efficiency 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [FO99]
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)Google Scholar
  2. [FO00]
    Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. IEICE Transaction of Fundamentals of Electronic Communications and Computer Science E83-A(1), 24–32 (2000)Google Scholar
  3. [FSW02]
    Fouque, P.-A., Stern, J., Wackers, J.-G.: Cryptocomputing with rationals. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 136–146. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. [GM84]
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  5. [NS97]
    Naccache, D., Stern, J.: A new public-key cryptosystem. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 27–36. Springer, Heidelberg (1997)Google Scholar
  6. [SW86]
    Stanton, D., White, D.: Constructive combinatorics. Springer, New York (1986)zbMATHGoogle Scholar
  7. [Val91]
    Vallée, B.: Gauss’ algorithm revisited. Journal of Algorithms 12(4), 556–572 (1991)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Benoît Chevallier-Mames
    • 1
  • David Naccache
    • 2
  • Jacques Stern
    • 2
  1. 1.DCSSI, Laboratoire de cryptographieParisFrance
  2. 2.École normale supérieure, Équipe de cryptographieParis cedex 05France

Personalised recommendations