Non-injective knapsack public-key cryptosystems

Abstract Two public-key 0–1 knapsack cryptosystems are proposed, that have so high a density and use so weak a modular multiplication as a trapdoor, that known attacks can be avoided. Decryption is fairly slow and may produce more than one decipherment, but all alternative decipherments can be found. Disambiguating protocols are needed to determine the correct decipherment. It is suggested to use also redundancy for this purpose. In the first system, the initial knapsack is constructed from the powers of two, which are multiplied by a constant and reduced with respect to a modulus to a specific range, thus producing the “easy” knapsack. Then weak modular multiplication is used as a trapdoor transformation with respect to another modulus, which is typically smaller than some or all of the elements of the easy knapsack. The second knapsack is constructed iteratively from modularly injective or nearly injective components. Decryption of small components is based on look-up tables. The specific form of the proposal uses also one large non-injective component, which is generated and decrypted in a way that resembles superincrease.

[1]  E. Brickell,et al.  Cryptanalysis: a survey of recent results , 1988, Proc. IEEE.

[2]  Andrew Odlyzko,et al.  The Rise and Fall of Knapsack Cryptosystems , 1998 .

[3]  T. Bohman A sum packing problem of Erdös and the Conway-Guy sequence , 1996 .

[4]  Jeffrey C. Lagarias,et al.  Solving low density subset sum problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[5]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[6]  Claus-Peter Schnorr,et al.  Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems , 1991, FCT.

[7]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[8]  Claus-Peter Schnorr,et al.  Factoring Integers and Computing Discrete Logarithms via Diophantine Approximations , 1991, EUROCRYPT.

[9]  R. Guy Sets of Integers Whose Subsets Have Distinct Sums , 1982 .

[10]  Serge Vaudenay,et al.  Cryptanalysis of the Chor-Rivest Cryptosystem , 1998, CRYPTO.

[11]  Claus-Peter Schnorr,et al.  Factoring Integers and Computing Discrete Logarithms via Diophantine Approximation , 1990, Advances In Computational Complexity Theory.

[12]  Ernest F. Brickell,et al.  Breaking Iterated Knapsacks , 1985, CRYPTO.

[13]  Ronald L. Rivest,et al.  A knapsack-type public key cryptosystem based on arithmetic in finite fields , 1988, IEEE Trans. Inf. Theory.

[14]  A. Shamir A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem , 1982, FOCS 1982.