Cryptanalysis of a Lattice-Knapsack Mixed Public Key Cryptosystem

  • Jun Xu
  • Lei Hu
  • Siwei Sun
  • Ping Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7712)


Recently, a lattice based public key cryptosystem mixed with a knapsack was presented in the CANS 2011 conference. In this paper, we propose two message recovery attacks on this cryptosystem. The first one is a broadcast attack: a single message of m bits can be recovered if it is encrypted for \(\lceil\frac{m+1}{2}\rceil\) recipients. The second attack is a multiple transmission attack in which a message can be recovered with a probability of (1 − 2− l ) m if it is encrypted under a same public key for l = ⌈log2 m + 2⌉ times using different random numbers. The multiple transmission attack can be further improved with a linearization technique to that only \(\lceil\frac{\log_2m+1}{2}\rceil\) times of encryptions are required to recover the message. An open problem related to the message recovery attack using only one cipehertext is discussed.


Public Key Cryptosystem Lattice Knapsack Linearization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: Proceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, pp. 284–293 (1997)Google Scholar
  2. 2.
    Arora, S., Ge, R.: New Algorithms for Learning in Presence of Errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 403–415. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Babai, L.: On Lovász lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Bard, G.V.: Algebraic Cryptanalysis. Springer, Heidelberg (2001) ISBN 978-0-387-88756-2Google Scholar
  5. 5.
    Bosma, W., Cannon, J., Playoust, C.: The Magma Algebra System I: The user language. Journal of Symbolic Computation 24, 235–265 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Cai, J.-Y., Cusick, T.W.: A Lattice-Based Public-Key Cryptosystem. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 219–233. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Coppersmith, D., Winograd, S.: Matrix multiplication via arithmetic progression. Journal of Symbolic Computation 9, 251–280 (1990)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Courtois, N.T., Bard, G.V.: Algebraic Cryptanalysis of the Data Encryption Standard. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 152–169. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.T., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Ding, J., Hu, L., Nie, X., Li, J., Wagner, J.: High Order Linearization Equation (HOLE) Attack on Multivariate Public Key Cryptosystems. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 233–248. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, pp. 197–206. ACM Press (2008) ISBN 978-1-60558-047-0Google Scholar
  12. 12.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. J. Computer and System Sciences 28, 270–299 (1983)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Håstad, J.: Solving simultaneous modular equations of low degree. SIAM J. Comput. 17, 336–341 (1988)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Howgrave-Graham, N.: A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Howgrave-Graham, N., Silverman, J.H.: A Meet-In-The-Meddle Attack on an NTRU Private Key. Technical report,
  17. 17.
    Howgrave-Graham, N., Silverman, J.H.: Implementation Notes for NTRU PKCS Multiple Transmissions. Technical report,
  18. 18.
    Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    May, A., Silverman, J.H.: Dimension Reduction Methods for Convolution Modular Lattices. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 110–125. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Nguyên, P.Q., Stern, J.: Cryptanalysis of the Ajtai-Dwork Cryptosystem. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 223–242. Springer, Heidelberg (1998)Google Scholar
  21. 21.
    Odlyzko, A.M.: The rise and fall of knapsack cryptosystems. Cryptology and Computational Number Theory 42, 75–88 (1990)MathSciNetGoogle Scholar
  22. 22.
    Plantard, T., Susilo, W.: Broadcast Attacks against Lattice-Based Cryptosystems. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 456–472. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Pan, Y., Deng, Y.: A Ciphertext-Only Attack Against the Cai-Cusick Lattice-Based Public-Key Cryptosystem. IEEE Transactions on Information Theory 57, 1780–1785 (2011)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Pan, Y., Deng, Y., Jiang, Y., Tu, Z.: A New Lattice-Based Public-Key Cryptosystem Mixed with a Knapsack. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 126–137. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  25. 25.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: The 37th Annual ACM Symposium on Theory of Computing, pp. 84–93. ACM Press (2004) ISBN 1-58113-960-8Google Scholar
  26. 26.
    Shor, P.: Algorithms for Quantum Computation: Discrete Logrithms and Factoring. In: The 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Science Press, Santa Fe (1994)CrossRefGoogle Scholar
  27. 27.
    Stehlé, D., Steinfeld, R.: Making NTRU as Secure as Worst-Case Problems over Ideal Lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27–47. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jun Xu
    • 1
    • 2
    • 3
  • Lei Hu
    • 1
  • Siwei Sun
    • 1
  • Ping Wang
    • 4
    • 5
    • 6
  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.University of Chinese Academy of SciencesBeijingChina
  3. 3.School of Mathematical ScienceAnhui UniversityHefeiChina
  4. 4.Tian Jin Zhong Wei Aerospace Data System Technology Co., LtdChina
  5. 5.Space Star Technology Co., LtdChina
  6. 6.Institute No.503 of the fifth Research AcademyChina Aerospace Science and Technology CorporationBeijingChina

Personalised recommendations