Our paper addresses a fundamental (but naive) question in the foundations of cryptography: Why haven’t the hosts of well-known NP-hard combinatorial problems been of use in designing cryptosystems? We offer three replies which differ radically from the conventional wisdom. (1) There is no good reason why NP-hard problems cannot serve as the basis for useful public-key cryptosystems. In particular, we argue that a number of general arguments concerning this issue that are commonly found in the literature (in particular, those centering on Brassard’s Theorem) are specious and circular. (2) There are plenty of public-key cryptosystems based on NP-hard combinatorial problems! We describe a general method for constructing public-key cryptosystems based on virtually any kind of problem, yielding an interesting and natural class of public-key cryptosystems which we shall call CA (combinatorially algebraic). We show that NP can be characterized as precisely the class of problems which support public-key cryptosystems in CA. We show that there are public-key systems in CA that are complete, in the sense that they are hardest to crack for the class. (3) The distinction between combinatorial and algebraic problems is misleading and artificial. Our constructions are based on ideals in polynomial algebras generated by a combinatorially derived basis, and seem to have a foot in both camps. We report a number of general theorems concerning this construction, and point to several directions that merit further investigation. In particular, we raise some issues which would appear to be crucial in any practical version of these systems. Invited address at the Second International Symposium on Finite Fields, Las Vegas, July 1993, to appear in the AMS Contemporary Mathematics Series.
[1]
Martin E. Hellman,et al.
Hiding information and signatures in trapdoor knapsacks
,
1978,
IEEE Trans. Inf. Theory.
[2]
Gilles Brassard,et al.
A note on the complexity of cryptography (Corresp.)
,
1979,
IEEE Trans. Inf. Theory.
[3]
A. Meyer,et al.
The complexity of the word problems for commutative semigroups and polynomial ideals
,
1982
.
[4]
Adi Shamir,et al.
A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem
,
1984,
23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).
[5]
Ernest F. Brickell,et al.
Breaking Iterated Knapsacks
,
1985,
CRYPTO.
[6]
J. Kollár.
Sharp effective Nullstellensatz
,
1988
.
[7]
Joan Feigenbaum,et al.
Lower bounds on random-self-reducibility
,
1990,
Proceedings Fifth Annual Structure in Complexity Theory Conference.
[8]
Carsten Lund,et al.
Algebraic methods for interactive proof systems
,
1990,
Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.
[9]
Alan M. Frieze,et al.
Finding hidden Hamiltonian cycles
,
1991,
STOC '91.
[10]
Jarkko Kari.
Cryptosystems Based on Reversible Cellular Automata
,
1992
.
[11]
Michael R. Fellows,et al.
Kid Krypto
,
1992,
CRYPTO.
[12]
Michael R. Fellows,et al.
Combinatorially Based Cryptography for Children (and Adults)
,
1993
.
[13]
Andrew Odlyzko,et al.
The Rise and Fall of Knapsack Cryptosystems
,
1998
.