ABSTRACT
In this paper new methods, generalizing those of Shamir, are presented for attacking generalizations of the basic system. It is shown how these methods may be applied to the Graham-Shamir public-key crypto-system [2], and the iterated Merkle-Hellman public-key cryptosystem. We are unable to present a rigorous proof that the attacks presented here are effective. However, in the case of the Graham-Shamir system, the methods have been implemented and have performed well in tests.
The method of attack uses recent results of Lenstra, Lenstra, and Lovasz [5]. The cryptanalytic problem is treated as a lattice problem rather than a linear programming one as in Shamir's result.
- 1.W. Diffie, and N. Hellman, New Directions in Cryptography, IEEE Trans: Information Theory, IT-22-6, November, 1976.Google Scholar
- 2.A. Lempel, Cyrptology in Transition: A Survey, Program 134-45-90, Discrete Mathematics Department, Digital Techniques Laboratory, Sperry Research Center (1978).Google Scholar
- 3.Lagarias, J., Knapsack-Type Public Key Cryptosystems and Dcophantine Approximation, (abstract).Google Scholar
- 4.J. Lagarias, The Computational Complexity of Simultaneous Dcophantine Approximation Problems, Proceedings 23rd Foundations of Computer Science Conference (1982) pg. 32.Google Scholar
- 5.A.K. Lenstra, H.W. Lenstra, Jr., and L. Lovasz, Factoring Polynomials with Rational Coefficients, Report 82-05, Mathematics Institute, University of Amsterdam, March 1982.Google ScholarCross Ref
- 6.K.L. Manders and L. Adleman, NP-Complete Decision Problems for Binary Quadratics, J. Computer and Systems Science 16 (1978), 168-184.Google ScholarCross Ref
- 7.R. Merkle, N. Hellman, Hiding Information and Signatures in Trapdoor Knapsacks, IEEE Trans. Information Theory, IT-24-5, September, 1978.Google Scholar
- 8.A. Shamir, A Polynomial Time Algorithm for Breaking Merkle-Hellman Cryptosystems, Proceedings 23rd Foundations of Computer Science Conference (1982).Google Scholar
- 9.R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, CACM 21-2, February, 1978. Google ScholarDigital Library
Index Terms
- On breaking generalized knapsack public key cryptosystems
Recommendations
Securely combining public-key cryptosystems
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications SecurityIt is a maxim of sound computer-security practice that a cryptographic key should have only a single use. For example, an RSA key pair should be used only for public-key encryption or only for digital signatures, and not for both.In this paper we show ...
Chosen ciphertext secure keyed-homomorphic public-key cryptosystems
In homomorphic encryption schemes, anyone can perform homomorphic operations, and therefore, it is difficult to manage when, where and by whom they are performed. In addition, the property that anyone can "freely" perform the operation inevitably means ...
Immunizing public key cryptosystems against chosen ciphertext attacks
Three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks are presented. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with ...
Comments