Abstract
In this paper, we revisit Shamir’s well-known attack (and a variant due to Lagarias) on the basic Merkle-Hellman Knapsack cryptosystem (MH scheme). The main observation is that the superincreasing property of the secret key sequence \(\boldsymbol{\mathfrak{a}}\) used in the original MH construction is not necessary for the attack. More precisely, the attack is applicable as long as there are sufficiently many secret key elements \(\mathfrak{a}_i\) whose size is much smaller than the size of the secret modulus M.
We then exploit this observation to give practical attacks on two recently introduced MH-like cryptosystems. Both schemes are particularly designed to avoid superincreasing sequences but still provide enough structure to allow for complete recovery of (equivalent) decryption keys. Similarly to Shamir’s attack, our algorithms run in two stages and we need to solve different fixed-dimensional simultaneous Diophantine approximation problems (SDA). We implemented the attacks in Sage and heuristically solved the SDA by lattice reduction. We recovered secret keys for both schemes and various security levels in a matter of seconds.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Merkle, R.C., Hellman, M.E.: Hiding Information and Signatures in Trapdoor Knapsacks. IEEE Transactions on Information Theory IT-24(5) (September 1978)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness
Brickell, E.F.: Solving Low Density Knapsacks. In: Chaum, D. (ed.) Advances in Cryptology, Proceedings of CRYPTO 1983, pp. 25–37. Plenum Press, New York (1983)
Brickell, E.F., Lagarias, J.C., Odlyzko, A.M.: Evaluation of the Adleman Attack on Multiply Iterated Knapsack Cryptosystems. In: Chaum, D. (ed.) Advances in Cryptology, Proceedings of CRYPTO 1983, pp. 39–42. Plenum Press, New York (1983)
Lagarias, J.C.: Knapsack Public Key Cryptosystems and Diophantine Approximation. In: Chaum, D. (ed.) Advances in Cryptology, Proceedings of CRYPTO 1983, pp. 3–23. Plenum Press, New York (1983)
Lenstra, H.W.: Integer Programming with a Fixed Number of Variables. Mathematics of Operations Research 8(4) (November 1983)
Brickell, E.F.: Breaking Iterated Knapsacks. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 342–358. Springer, Heidelberg (1985)
Lagarias, J.C.: Performance Analysis of Shamir’s Attack on the Basic Merkle-Hellman Knapsack Cryptosystem. In: Paredaens, J. (ed.) ICALP 1984. LNCS, vol. 172, pp. 312–323. Springer, Heidelberg (1984)
Shamir, A.: A Polynomial-Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem. IEEE Transactions on Information Theory IT-30(5) (September 1984)
Lagarias, J.C., Odlyzko, A.M.: Solving Low-Density Subset Sum Problems. Journal of the ACM 32(1), 229–246 (1985)
Brickel, E.F., Odlyzko, M.: Cryptanalysis: A Survey of Recent Results. Proceedings of the IEEE 76(5), 578–593 (1988)
Odlyzko, A.M.: The rise and fall of knapsack cryptosystems. In: Cryptology and Computational Number Theory. Proc. Symp. Appl. Math., vol. 42, pp. 75–88. Am. Math. Soc. (1990)
Joux, A., Stern, J.: Improving the Critical Density of the Lagarias-Odlyzko Attack Against Subset Sum Problems. In: Budach, L. (ed.) FCT 1991. LNCS, vol. 529, pp. 258–264. Springer, Heidelberg (1991)
Coster, M.J., Joux, A., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.-P., Stern, J.: Improved Low-Density Subset Sum Algorithms. In: Computational Complexity, vol. 2, pp. 111–128 (1992)
Ajtai, M., Dwork, C.: A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence. In: Proceedings of the Twenty-Ninth Annual ACM Symposium on the Theory of Computing, STOC, pp. 284–293 (1997)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, STOC, pp. 84–93 (2005)
Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC, pp. 333–342 (2009)
Zhang, W., Wang, B., Hu, Y.: A New Knapsack Public-Key Cryptosystem. In: 2009 International Conference on Information Assurance and Security (IAS), vol. 2, pp. 53–56 (2009)
Kobayashi, K., Tadaki, K., Kasahara, M., Tsujii, S.: A knapsack cryptosystem based on multiple knapsacks. In: 2010 International Symposium on Information Theory and its Applications (ISITA), pp. 428–432 (October 2010)
Lyubashevsky, V., Palacio, A., Segev, G.: Public-Key Cryptographic Primitives Provably as Secure as Subset Sum. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 382–400. Springer, Heidelberg (2010)
Herold, G., Meurer, A.: New Attacks for Knapsack Based Cryptosystems. Full Version, http://eprint.iacr.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Herold, G., Meurer, A. (2012). New Attacks for Knapsack Based Cryptosystems. In: Visconti, I., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2012. Lecture Notes in Computer Science, vol 7485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32928-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-32928-9_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32927-2
Online ISBN: 978-3-642-32928-9
eBook Packages: Computer ScienceComputer Science (R0)