Results 1  10
of
16
Solving lowdensity subset sum problems
 in Proceedings of 24rd Annu. Symp. Foundations of comput. Sci
, 1983
"... Abstract. The subset sum problem is to decide whether or not the O1 integer programming problem C aixi = M, Vi,x,=O or 1, il has a solution, where the ai and M are given positive integers. This problem is NPcomplete, and the difficulty of solving it is the basis of publickey cryptosystems of kna ..."
Abstract

Cited by 108 (5 self)
 Add to MetaCart
Abstract. The subset sum problem is to decide whether or not the O1 integer programming problem C aixi = M, Vi,x,=O or 1, il has a solution, where the ai and M are given positive integers. This problem is NPcomplete, and the difficulty of solving it is the basis of publickey cryptosystems of knapsack type. An algorithm is proposed that searches for a solution when given an instance of the subset sum problem. This algorithm always halts in polynomial time but does not always find a solution when one exists. It converts the problem to one of finding a particular short vector v in a lattice, and then uses a lattice basis reduction algorithm due to A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovasz to attempt to find v. The performance of the proposed algorithm is analyzed. Let the density d of a subset sum problem be defined by d = n/log2(maxi ai). Then for “almost all ” problems of density d c 0.645, the vector v we searched for is the shortest nonzero vector in the lattice. For “almost all ” problems of density d < l/a it is proved that the lattice basis reduction algorithm locates v. Extensive computational tests of the algorithm suggest that it works for densities d < de(n), where d=(n) is a cutoff value that is substantially larger than I/n. This method gives a polynomial time attack on knapsack publickey cryptosystems that can be expected to break them if they transmit information at rates below d=(n), as n+ 01.
The rise and fall of knapsack cryptosystems
 In Cryptology and Computational Number Theory
, 1990
"... ..."
A New PublicKey Cryptosystem
, 1997
"... This paper describes a new publickey cryptosystem where the ciphertext is obtained by multiplying the publickeys indexed by the message bits and the cleartext is recovered by factoring the ciphertext raised to a secret power. ..."
Abstract

Cited by 40 (5 self)
 Add to MetaCart
This paper describes a new publickey cryptosystem where the ciphertext is obtained by multiplying the publickeys indexed by the message bits and the cleartext is recovered by factoring the ciphertext raised to a secret power.
A knapsacktype public key cryptosystem based on arithmetic in finite fields
 IEEE Trans. Inform. Theory
, 1988
"... AbstractA new knapsacktype public key cryptosystem is introduced. The system is based on a novel application of arithmetic in finite fields, following a construction by Bose and Chowla. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ra ..."
Abstract

Cited by 40 (0 self)
 Add to MetaCart
AbstractA new knapsacktype public key cryptosystem is introduced. The system is based on a novel application of arithmetic in finite fields, following a construction by Bose and Chowla. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ratio between the number of elements in the knapsack and their sue in bits. In particular, the density can be made high enough to foil “lowdensity ” attacks against our system. At the moment, no attacks capable of “breaking ” this system in a reasonable amount of time are known. I.
A Knapsack Type Public Key Cryptosystem Based On Arithmetic in Finite Fields
 IEEE Trans. Inform. Theory
, 1988
"... { A new knapsack type public key cryptosystem is introduced. The system is based on a novel application of arithmetic in nite elds, following a construction by Bose and Chowla. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ratio between ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
{ A new knapsack type public key cryptosystem is introduced. The system is based on a novel application of arithmetic in nite elds, following a construction by Bose and Chowla. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ratio between the number of elements in the knapsack and their size in bits. In particular, the density can be made high enough to foil \low density" attacks against our system. At the moment, no attacks capable of \breaking" this system in a reasonable amount of time are known. Research supported by NSF grant MCS{8006938. Part of this research was done while the rst author was visiting Bell Laboratories, Murray Hill, NJ. A preliminary version of this work was presented in Crypto 84 and has appeared in [8]. 1 1.
Quantum publickey cryptosystems
 in Proc. of CRYPT0 2000
, 2000
"... Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no q ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor oneway function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum publickey cryptosystems: a quantum publickey encryption scheme or quantum trapdoor oneway function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subsetsum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.
Knapsack public key cryptosystems and diophantine approximation
 In CRYPTO
, 1983
"... This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic MerkleHellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’ ’ simultaneous Diophantine ap ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic MerkleHellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’ ’ simultaneous Diophantine approximations to a vector constructed from the public key. This aspect of Shamir’s attack carries over to multiply iterated knapsack cryptosystems: there are ‘‘unusually good’ ’ simultaneous Diophantine approximations to an analogous vector constructed from the public key. These ‘‘unusually good’ ’ simultaneous Diophantine approximations can be used to break multiply iterated knapsack cryptosystems provided one can solve a certain nonlinear Diophantine approximation problem. This nonlinear problem is solved in the simplest case and then used to give a new cryptanalytic attack on doubly iterated knapsack cryptosystems. 1.
A Linear Algebraic Attack on the AAFG1 Braid Group Cryptosystem
 In 7th Australasian Conference on Information Security and Privacy, ACISP’02, Lecture Notes in Computer Science
, 2002
"... Our purpose is to describe a promising linear algebraic attack on the AAFG1 braid group cryptosystem proposed in [2] employing parameters suggested by the authors. Our method employs the well known Burau matrix representation of the braid group and techniques from computational linear algebra and pr ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Our purpose is to describe a promising linear algebraic attack on the AAFG1 braid group cryptosystem proposed in [2] employing parameters suggested by the authors. Our method employs the well known Burau matrix representation of the braid group and techniques from computational linear algebra and provide evidence which shows that at least a certain class of keys are weak. We argue that if AAFG1 is to be viable the parameters must be fashioned to defend against this attack. 1
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC '97
, 1998
"... At SAC '97, Itoh, Okamoto and Mambo presented a fast public key cryptosystem. After analyzing several attacks including latticereduction attacks, they claimed that its security was high, although the cryptosystem had some resemblances with the former knapsack cryptosystems, since decryption cou ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
At SAC '97, Itoh, Okamoto and Mambo presented a fast public key cryptosystem. After analyzing several attacks including latticereduction attacks, they claimed that its security was high, although the cryptosystem had some resemblances with the former knapsack cryptosystems, since decryption could be viewed as a multiplicative knapsack problem. In this paper, we show how to recover the private key from a fraction of the public key in less than 10 minutes for the suggested choice of parameters. The attack is based on a systematic use of the notion of the orthogonal lattice which we introduced as a cryptographic tool at Crypto '97. This notion allows us to attack the linearity hidden in the scheme.
A natural lattice basis problem with applications
 Mathematics of Computation 67
, 1998
"... Abstract. Integer lattices have numerous important applications, but some of them may have been overlooked because of the common assumption that a lattice basis is part of the problem instance. This paper gives an application that requires finding a basis for a lattice defined in terms of linear con ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. Integer lattices have numerous important applications, but some of them may have been overlooked because of the common assumption that a lattice basis is part of the problem instance. This paper gives an application that requires finding a basis for a lattice defined in terms of linear constraints. We show how to find such a basis efficiently. 1.