Results 1 
6 of
6
Knapsack public key cryptosystems and diophantine approximation
 In CRYPTO
, 1983
"... This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic MerkleHellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’ ’ simultaneous Diophantine ap ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic MerkleHellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’ ’ simultaneous Diophantine approximations to a vector constructed from the public key. This aspect of Shamir’s attack carries over to multiply iterated knapsack cryptosystems: there are ‘‘unusually good’ ’ simultaneous Diophantine approximations to an analogous vector constructed from the public key. These ‘‘unusually good’ ’ simultaneous Diophantine approximations can be used to break multiply iterated knapsack cryptosystems provided one can solve a certain nonlinear Diophantine approximation problem. This nonlinear problem is solved in the simplest case and then used to give a new cryptanalytic attack on doubly iterated knapsack cryptosystems. 1.
Cryptanalytic attacks on the multiplicative knapsack cryptosystem and on Shamir's fast signature scheme
, 1984
"... The basic MerkleHellman additive trapdoor knapsack publickey cryptosystem was recently shown to be insecure, and attacks have also been developed on stronger variants of it, such as the GrahamShamir system and the iterated knapsack cryptosystem. This paper shows that some simple variants of anoth ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
The basic MerkleHellman additive trapdoor knapsack publickey cryptosystem was recently shown to be insecure, and attacks have also been developed on stronger variants of it, such as the GrahamShamir system and the iterated knapsack cryptosystem. This paper shows that some simple variants of another MerkleHellman system, the multiplicative knapsack cryptosystem, are insecure. It is also shown that the Shamir fast signature scheme can be broken quickly. Similar attacks can also be used to break the Scho .. biMassey authentication scheme. These attacks have not been rigorously proved to succeed, but heuristic arguments and empirical evidence indicate that they work on systems of practical size. Cryptanalytic attacks on the multiplicative knapsack cryptosystem and on Shamir's fast signature scheme A. M. Odlyzko AT&T Bell Laboratories Murray Hill, New Jersey 07974 1. Introduction One of the bestknown publickey cryptosystems, the basic MerkleHellman additive trapdoor knapsack sys...
On the Hardness of the Shortest Vector Problem
, 1998
"... An ndimensional lattice is the set of all integral linear combinations of n linearly independent vectors in R^m. One of the most studied algorithmic problems on lattices is the shortest vector problem (SVP): given a lattice, find the shortest nonzero vector in it. We prove that the shortest vector ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
An ndimensional lattice is the set of all integral linear combinations of n linearly independent vectors in R^m. One of the most studied algorithmic problems on lattices is the shortest vector problem (SVP): given a lattice, find the shortest nonzero vector in it. We prove that the shortest vector problem is NPhard (for randomized reductions) to approximate within some constant factor greater than 1 in any norm l_p (p>1). In particular, we prove the NPhardness of approximating SVP in the Euclidean norm within any factor less than sqrt 2. The same NPhardness results hold for deterministic nonuniform reductions. A deterministic uniform reduction is also given under a reasonable number theoretic conjecture concerning the distribution of smooth numbers. In proving the NPhardness of SVP we develop a number of technical tools that might be of independent interest. In particular, a lattice packing is constructed with the property that the number of unit spheres contained in an ndimensional ball of radius greater then 1 + (sqrt 2) grows exponentially in n, a new constructive version of Sauer's lemma(a combinatorial result somehow related to the notion of VCdimension) is presented, considerably simplifying all previously known constructions.
On the Expressiveness of SubsetSum Representations
 Acta Inform
, 2000
"... We develop a general theory for representing information as sums of elements in a subset of the basic set A of numbers of cardinality n, often refered to as a "knapsack vector". How many numbers can be represented in this way depends heavily on A. The lower, resp. upper, bound for the cardinality ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We develop a general theory for representing information as sums of elements in a subset of the basic set A of numbers of cardinality n, often refered to as a "knapsack vector". How many numbers can be represented in this way depends heavily on A. The lower, resp. upper, bound for the cardinality of the set of representable numbers is quadratic, resp. exponential, in terms of n. We give an algorithm for the construction of a knapsack vector of any prescribed expressiveness (that is, the cardinality of the set of representable numbers), provided it falls within the range possible for expressiveness. Keywords: subsetsum, knapsack vector, expressiveness, injectivity Introduction Consider a finite set A of positive integers. Actually we need only the assumption that a commutative and an associative operation + is defined on A. Then each subset SA of A represents a number, namely, the sum of the elements of SA . If A has n elements, then at most 2 n numbers can be represented i...
Paral el lattice basis reduction
"... Nous 6tudions ici la paral161isation de l’algorithme.L3 pour la r6duction des bases de u.%eaux. Sous le mod~le des architectures parallbles ~ m6moires distributes, l’algorithme propos6 ..."
Abstract
 Add to MetaCart
Nous 6tudions ici la paral161isation de l’algorithme.L3 pour la r6duction des bases de u.%eaux. Sous le mod~le des architectures parallbles ~ m6moires distributes, l’algorithme propos6