Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions

We study a generalization of the compact knapsack problem for arbitrary rings: given m = O(log n) ring elements a/sub 1/, . . . , a/sub m/ /spl isin/ R and a target value b /spl isin/ R, find coefficients x/sub 1/, . . . , x/sub m/ /spl isin/ X (where X is a subset of R of size 2/sup n/) such that /spl Sigma/a/sub i/x/sub i/ = b. The computational complexity of this problem depends on the choice of the ring R and set of coefficients X. This problem is known to be solvable in quasi polynomial time when R is the ring of the integers and X is the set of small integers {0, . . . , 2/sup n/ $1}. We show that if R is an appropriately chosen ring of modular polynomials and X is the subset of polynomials with small coefficients, then the compact knapsack problem is as hard to solve on the average as the worst case instance of approximating the covering radius (or the length of the shortest vector, or various other well known lattice problems) of any cyclic lattice within a polynomial factor. Our proof adapts, to the cyclic lattice setting, techniques initially developed by Ajtai (1996) for the case of general lattices.

[1]  Jin-Yi Cai,et al.  An improved worst-case to average-case connection for lattice problems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[2]  Bogdan Warinschi,et al.  A linear space algorithm for computing the hermite normal form , 2001, ISSAC '01.

[3]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 1989, 30th Annual Symposium on Foundations of Computer Science.

[4]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[5]  Uriel Feige,et al.  The inapproximability of lattice and coding problems with preprocessing , 2004, J. Comput. Syst. Sci..

[6]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[7]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[8]  A. J. McAuley,et al.  New trapdoor-knapsack public-key cryptosystem , 1985 .

[9]  Oded Goldreich,et al.  Collision-Free Hashing from Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[10]  Jacques Stern,et al.  Lattice Reduction in Cryptology: An Update , 2000, ANTS.

[11]  Ernest F. Brickell,et al.  Breaking Iterated Knapsacks , 1985, CRYPTO.

[12]  Antoine Joux,et al.  Lattice Reduction: A Toolbox for the Cryptanalyst , 1998, Journal of Cryptology.

[13]  Daniele Micciancio,et al.  The hardness of the closest vector problem with preprocessing , 2001, IEEE Trans. Inf. Theory.

[14]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[15]  Shafi Goldwasser,et al.  Complexity of lattice problems , 2002 .

[16]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.

[17]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[18]  Jeffrey C. Lagarias,et al.  Korkin-Zolotarev bases and successive minima of a lattice and its reciprocal lattice , 1990, Comb..

[19]  Claus-Peter Schnorr,et al.  Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems , 1991, FCT.

[20]  A. Shamir A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem , 1982, FOCS 1982.

[21]  Justin M. Reyneri,et al.  Compact knapsacks are polynomially solvable , 1983, SIGA.

[22]  Anthony J. McAuley,et al.  A New Trapdoor Knapsack Public-Key Cryptosystem , 1985, EUROCRYPT.

[23]  N. J. A. Sloane,et al.  Sphere Packings, Lattices and Groups , 1987, Grundlehren der mathematischen Wissenschaften.

[24]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[25]  G. A. Orton,et al.  A Multiple-Iterated Trapdoor for Dense Compact Knapsacks , 1994, EUROCRYPT.

[26]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[27]  Antoine Joux,et al.  Cryptanalysis of Another Knapsack Cryptosystem , 1991, ASIACRYPT.

[28]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[29]  Andrew Odlyzko,et al.  The Rise and Fall of Knapsack Cryptosystems , 1998 .

[30]  Ronald L. Rivest,et al.  A Knapsack Type Public Key Cryptosystem Based On Arithmetic in Finite Fields , 1984, CRYPTO.

[31]  Joseph H. Silverman,et al.  Dimension Reduction Methods for Convolution Modular Lattices , 2001, CaLC.

[32]  Jacques Stern,et al.  Merkle-Hellman Revisited: A Cryptanalysis of the Qu-Vanstone Cryptosystem Based on Group Factorizations , 1997, CRYPTO.

[33]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[34]  Daniele Micciancio Improved cryptographic hash functions with worst-case/average-case connection , 2002, STOC '02.