论文信息 - Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

We introduce algorithms for lattice basis reduction that are improvements of the famous L3-algorithm. If a random L3-reduced lattice basis b1, . . . , bn, is given such that the vector of reduced Gram-Schmidt coefficients ({µi, j} 1 ≤ j < i ≤ n) is uniformly distributed in (0, 1)(n 2), then the pruned enumeration finds with positive probability a shortest lattice vector. We demonstrate the power of these algorithms by solving random subset sum problems of arbitrary density with 74 and 82 many weights, by breaking the Chor-Rivest cryptoscheme in dimensions 103 and 151 and by breaking Damgard's hash function.

Claus-Peter Schnorr | Horst Helmut Hörner | C. Schnorr

[1] László Lovász,et al. Factoring polynomials with rational coefficients , 1982 .

[2] A. Odlyzko,et al. Lattice points in high-dimensional spheres , 1990 .

[3] Ronald L. Rivest,et al. A knapsack-type public key cryptosystem based on arithmetic in finite fields , 1988, IEEE Trans. Inf. Theory.

[4] Ronald L. Rivest,et al. A Knapsack Type Public Key Cryptosystem Based On Arithmetic in Finite Fields , 1984, CRYPTO.

[5] Jeffrey C. Lagarias,et al. Solving low density subset sum problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[6] C. P. Schnorr,et al. A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[7] Ravi Kannan,et al. Minkowski's Convex Body Theorem and Integer Programming , 1987, Math. Oper. Res..

[8] Claus-Peter Schnorr,et al. Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[9] Donald L. Kreher,et al. Solving subset sum problems with the L^3 algorithm , 1988 .

[10] Claus-Peter Schnorr,et al. Block Reduced Lattice Bases and Successive Minima , 1994, Combinatorics, Probability and Computing.

[11] Antoine Joux,et al. A Practical Attack against Knapsack based Hash Functions (Extended Abstract) , 1994, EUROCRYPT.

[12] Ivan Damgård,et al. A Design Principle for Hash Functions , 1989, CRYPTO.