Theory of linear and integer programming
Theory of linear and integer programming
Solving a System of Linear Diophantine Equations with Lower and Upper Bounds on the Variables
Mathematics of Operations Research
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
A knapsack-based probabilistic encryption scheme
Information Sciences: an International Journal
New definition of density on knapsack cryptosystems
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Adapting density attacks to low-weight knapsacks
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Hiding information and signatures in trapdoor knapsacks
IEEE Transactions on Information Theory
Analysis of the efficiency of the Chor-Rivest cryptosystem implementation in a safe-parameter range
Information Sciences: an International Journal
Cryptanalysis of a quadratic compact knapsack public-key cryptosystem
Computers & Mathematics with Applications
Improved cryptanalysis of a knapsack-based probabilistic encryption scheme
Information Sciences: an International Journal
| Hi-index | 0.07 |
Wang et al. [B. Wang, Q. Wu, Y. Hu, A knapsack-based probabilistic encryption scheme, Information Sciences 177(19) (2007) 3981-3994] proposed a high density knapsack-based probabilistic encryption scheme with non-binary coefficients. In this paper, we present a heuristic attack that can be used to recover the private key parameters from the known public key parameters. In particular, we show that the restrictions imposed on the system parameters allow the attacker to recover a short list of candidates for the first half of the public key. The second half of the public key can then be recovered using an attack based on lattice basis reduction. Finally, by encrypting an arbitrary plaintext using the known public key then decrypting the resulting ciphertext using these estimated candidate solutions, the right private key can be uniquely determined.