A practical attack against knapsack based hash functions

Extended abstract
  • Antoine Joux
  • Louis Granboulan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 950)


In this paper, we show that lattice reduction is a very powerful tool to find collision in knapsack based compression-functions and hash-functions. In particular, it can be used to break the knapsack based hash-function that was introduced by Damgard [3]


  1. 1.
    P. Camion and J. Patarin. The knapsack hash-function proposed at crypto'89 can be broken. In D. W. Davies, editor, Advances in Cryptology, Proceedings of Eurocrypt'91, volume 547 of Lecture Notes in Computer Science, pages 39–53, New York, 1991. Springer-Verlag.Google Scholar
  2. 2.
    M. J. Costerr, A. Joux, B. A. LaMacchia, A. M. Odlyzko, C.-P. Schnorr, and J. Stern. Subset sum algorithms. Comp. Complexity, 2:11–28, 1992.Google Scholar
  3. 3.
    I. Damgard. A design principle for hash functions. In Advances in Cryptology, Proceedings of Crypto'89, volume 435 of Lecture Notes in Computer Science, pages 25–37, New York, 1989. Springer-Verlag.Google Scholar
  4. 4.
    A. Joux and J. Stern. Lattice reduction: a toolbox for the cryptanalyst. submitted to the Journal of Cryptology, 1994.Google Scholar
  5. 5.
    J. C. Lagarias and A. M. Odlyzko. Solving low-density subset sum problems. J. Assoc. Comp. Mach., 32(1):229–246, 1985.MathSciNetGoogle Scholar
  6. 6.
    A. K. Lenstra, H. W. Lenstra, and L. Lovász. Factoring polynomials with rational coefficients. Math. Ann., 261:515–534, 1982.MathSciNetCrossRefGoogle Scholar
  7. 7.
    C.-P. Schnorr and M. Euchner. Lattice basis reduction: Improved practical algorithms and solving subset sum problems. In L. Budach, editor, Proceedings of Fundamentals of Computation Theory 91, volume 529 of Lecture Notes in Computer Science, pages 68–85, New York, 1991. Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Antoine Joux
    • 1
  • Louis Granboulan
    • 2
  1. 1.DGA/CELARFrance
  2. 2.ENS/LIENSFrance

Personalised recommendations