Abstract
Finding the solution to a general multivariate modular linear equation plays an important role in cryptanalysis field. Earlier results show that obtaining a relatively short solution is possible in polynomial time. However, one problem arises here that if the equation has a short solution in given bounded range, the results outputted by earlier algorithms are often not the ones we are interested in. In this paper, we present a probability method based on lattice basis reduction to solve the problem. For a general multivariate modular linear equation with short solution in the given bounded range, the new method outputs this short solution in polynomial time, with a high probability. When the number of unknowns is not too large (smaller than 68), the probability is approximating 1. Experimental results show that Knapsack systems and Lu-Lee type systems are easily broken in polynomial time with this new method.
Similar content being viewed by others
References
Merkle R, Hellman M. Hiding information and signatures in trapdoor knapsacks. IEEE Trans Inf Theory, 1978, 24: 525–530
Lu S C, Lee L N. A simple and effective public-key cryptosystem. COMSAT Tech Rev, 1979, 1: 16–23
Adiga B S, Shankar P. Modified Lu-Lee cryptosystem. Electron Lett, 1985, 18: 794–795
Lenstra A K, Lenstra H W, Lovász L. Factoring polynomials with rational coefficients. Math Ann, 1982, 261(4): 513–534
Kannan R. Improved algorithm for integer programming and related lattice problems. In: Proc 15th ACM Symposium on Theory of Computing, Boston, Massachusetts, 1983. 193–206
Schnorr C P. Fast LLL-type lattice reduction. Unpublished draft available at http://www.mi.informatik.uni-frankfurt.de/research/papers.html, October 2004
Schnorr C P, Euchner M. Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math Program, 1994, 66: 181–199
Nguyen PQ, Stehlé D. Floating-point LLL revisited. In: Proceedings of Eurocrypt 2005. LNCS 3494. Berlin: Springer-Verlag, 2005. 215–233
Nguyen P Q, Stern J. The two faces of lattices in cryptology. In: Proc of CALC’01. LNCS 2146. Berlin: Springer-Verlag, 2001. 146–180
Babai L. On Lovász lattice reduction and the nearest lattice point problem. Combinatorica, 1986, 6(1): 1–13
Ajtai M, Kumar R, Sivakumar D. A sieve algorithm for the shortest lattice vector problem. In: Proc 33rd STOC. New York: ACM, 2001. 601–610
Nguyen P Q, Stehlé D. LLL on the average. In: Proceeding of ANTS VII. LNCS, 4076. Berlin: Springer-Verlag, 2006. 238–256
Gama N, Nguyen P Q. Predicting lattice reduction. In: Proceedsings of Eurocrypt 2008. LNCS 4965. Berlin: Springer-Verlag, 2008. 31–51
Shoup V. NTL Number Theory C++ Library. Available at http://www.shoup.net/ntl/.
Brickell E F, Odlyzko A M. Cryptanalysis: a survey of recent results. Proce IEEE, 1988, 76: 578–592
Zhou H J, Luo P, Wang D S, et al. Cryptanalysis of general Lu-Lee type systems. In: Proceedings of INSCRYPT 2007. LNCS, 4990. Berlin: Springer-Verlag, 2008. 412–426
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by the National Natural Science Foundation of China (Grant Nos. 60873249, 60973142), the National High-Tech Research & Development Program of China (Grant Nos. 2008AA10Z419, 2009AA011906), and the Project Funded by Basic Research Foundation of School of Information Science and Technology of Tsinghua University
Rights and permissions
About this article
Cite this article
Zhou, H., Luo, P., Wang, D. et al. Probability method for cryptanalysis of general multivariate modular linear equation. Sci. China Ser. F-Inf. Sci. 52, 1792–1800 (2009). https://doi.org/10.1007/s11432-009-0159-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-009-0159-9