Abstract
The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density <0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.’s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Brickell EF (1985) Breaking iterated knapsacks. In Blakley GR, Chaum D (eds) Advances in cryptology: proceedings of CRYPTO’84 (Lecture notes in computer science). vol 1960. Springer-Verlag, New York, pp 342–358
Coster MJ, Joux A, LaMacchia BA, Odlyzko AM, Schnorr CP, Stern J (1992). Improved low-density subset sum algorithms. Comput Complexity 2: 111–128
Chor B, Rivest RL (1988). A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans Inf Theory 34(5): 901–909
Garey MR, Johnson DS (1979). Computers and intractability: a guide to the theory of NP-completeness. W. H. Freeman, San Fransisco, CA
Lenstra AK, Lenstra HW Jr, Lovász L (1982). Factoring polynomials with rational coefficients. Math Ann 261: 515–534
Lagarias JC, Odlyzko AM (1985). Solving low-density subset sum problems. J Assoc Comput Mach 32(1): 229–246
Merkle RC, Hellman ME (1978). Hiding information and signatures in trapdoor knapsacks. IEEE Trans Inf Theory 24: 525–534
Mazo JE, Odlyzko AM (1990). Lattice points in high-dimensional spheres. Monatsh Math 110: 47–61
Okamoto T, Tanaka K, Uchiyama S (2000) Quantum public-key cryptosystems. In: Bellare M (ed) Advances in cryptology: proceedings of CRYPTO 2000 (Lecture notes in computer science) vol 1880. Springer-Verlag, New York pp 147–165
Schnorr CP, Euchner M (1994). Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math Program 66: 181–199
Schnorr CP, Hörner HH (1995) Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In: Guillou LC, Quisquater J-J (eds) Advances in cryptology: proceedings of EUROCRYPT’95 (Lecture notes in computer science) vol 921. Springer-Verlag, New York, pp 1–12
Shamir A (1982) A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In proceedings of the 23rd annual symposium on foundations of computer science. IEEE Compu. Soc., Chicago, USA pp 145–152.
Vaudenay S (2001). Cryptanalysis of the Chor-Rivest cryptosystem. J Cryptol 14(2): 87–100
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by P. Wild.
Rights and permissions
About this article
Cite this article
Izu, T., Kogure, J., Koshiba, T. et al. Low-density attack revisited. Des Codes Crypt 43, 47–59 (2007). https://doi.org/10.1007/s10623-007-9058-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-007-9058-5
Keywords
- Subset sum problem
- Knapsack-based cryptosystem
- Low-density attack
- Lattice problem
- Public-key cryptosystem