Cryptanalysis of the Chor-Rivest cryptosystem

  • Serge Vaudenay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)


Knapsack-based cryptosystems used to be popular in the beginning of public key cryptography before being all broken, all but the Chor-Rivest cryptosystem. In this paper, we show how to break this one with its suggested parameters: GF(p 24) and GF(25625). We also give direction on possible extensions of our attack.


  1. 1.
    P. Camion, H. Chabanne. On the Powerline system. In Advances in Cryptology, ICICS'97, Beijing, China, Lectures Notes in Computer Science 1334, pp. 381–385, Springer-Verlag, 1997.Google Scholar
  2. 2.
    B. Chor, R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. In Advances in Cryptology CRYPTO'84, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science, pp. 54–65, Springer-Verlag, 1985.Google Scholar
  3. 3.
    B. Chor, R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Transactions on Information Theory, vol. IT-34, pp. 901–909, 1988.MathSciNetCrossRefGoogle Scholar
  4. 4.
    D. Coppersmith, J. Stern, S. Vaudenay. The security of the birational permutation signature schemes. Journal of Cryptology, vol. 10, pp. 207–221, 1997.MATHMathSciNetCrossRefGoogle Scholar
  5. 5.
    K. Huber. Specialised attack on Chor-Rivest public key cryptosystem. Electronics Letters, vol. 27, no. 23, pp. 2130, 1991.MATHGoogle Scholar
  6. 6.
    A. Joux, J. Stern. Lattice Reduction: a Toolbox for the Cryptanalyst. To appear in Journal of Cryptology.Google Scholar
  7. 7.
    N. Koblitz. A Course in Number Theory and Cryptography, 2nd Edition, Graduate Texts in Mathematics 114, Springer-Verlag, 1994.Google Scholar
  8. 8.
    H.W. Lenstra, Jr. On the Chor-Rivest Knapsack Cryptosystem. Journal of Cryptology, vol. 3, pp. 149–155, 1991.MATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    A.K. Lenstra, H.W. Lenstra Jr., L. Lovász. Factoring polynomials with rational coefficients. Math. Ann., vol. 261, pp. 515–534, 1982.MATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    R.C. Merkle, M. Hellman. Hiding information and signatures in trap-door knap-sacks. IEEE Transactions on Information Theory, vol. IT-24, pp. 525–530, 1978.CrossRefGoogle Scholar
  11. 11.
    S. Pohlig, M. Hellman. An improved algorithm for computing logarithms over GF(q) and its cryptographic significance. IEEE Transactions on Information Theory, vol. IT-24, pp. 106–110, 1978.MathSciNetCrossRefGoogle Scholar
  12. 12.
    A. Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, Chicago, Illinois, U.S.A., pp. 145–152, IEEE, 1982.Google Scholar
  13. 13.
    C.P. Schnorr, H.H. Hörner. Attacking the Chor-Rivest Cryptosystem by improved lattice reduction. In Advances in Cryptology EUROCRYPT'95, Saint-Malo, France, Lectures Notes in Computer Science 921, pp. 1–12, Springer-Verlag, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Serge Vaudenay
    • 1
  1. 1.Ecole Normale Supérieure - CNRSFrance

Personalised recommendations