Solving low-density subset sum problems
Journal of the ACM (JACM)
Minkowski's convex body theorem and integer programming
Mathematics of Operations Research
Improved low-density subset sum algorithms
Computational Complexity
Complexity of Lattice Problems
Complexity of Lattice Problems
Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Quantum Public-Key Cryptosystems
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Dimension Reduction Methods for Convolution Modular Lattices
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Attacking the Chor-Rivest cryptosystem by improved lattice reduction
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Noisy polynomial interpolation and noisy chinese remaindering
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
The hardness of the closest vector problem with preprocessing
IEEE Transactions on Information Theory
A knapsack-based probabilistic encryption scheme
Information Sciences: an International Journal
Broadcast Attacks against Lattice-Based Cryptosystems
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Cryptanalysis of a knapsack-based probabilistic encryption scheme
Information Sciences: an International Journal
Parallel Lattice Basis Reduction Using a Multi-threaded Schnorr-Euchner LLL Algorithm
Euro-Par '09 Proceedings of the 15th International Euro-Par Conference on Parallel Processing
Relationship between weight of plaintext and successful attacks in knapsack cryptosystems
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
Quadratic compact knapsack public-key cryptosystem
Computers & Mathematics with Applications
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
New definition of density on knapsack cryptosystems
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Toward basing fully homomorphic encryption on worst-case hardness
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Fully homomorphic encryption over the integers
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
Cryptosystems based on the knapsack problem were among the first public-key systems to be invented. Their high encryption/ decryption rate attracted considerable interest until it was noticed that the underlying knapsacks often had a low density, which made them vulnerable to lattice attacks, both in theory and practice. To prevent low-density attacks, several designers found a subtle way to increase the density beyond the critical density by decreasing the weight of the knapsack, and possibly allowing non-binary coefficients. This approach is actually a bit misleading: we show that low-weight knapsacks do not prevent efficient reductions to lattice problems like the shortest vector problem, they even make reductions more likely. To measure the resistance of low-weight knapsacks, we introduce the novel notion of pseudo-density, and we apply the new notion to the Okamoto-Tanaka-Uchiyama (OTU) cryptosystem from Crypto ’00. We do not claim to break OTU and we actually believe that this system may be secure with an appropriate choice of the parameters. However, our research indicates that, in its current form, OTU cannot be supported by an argument based on density. Our results also explain why Schnorr and Hörner were able to solve at Eurocrypt ’95 certain high-density knapsacks related to the Chor-Rivest cryptosystem, using lattice reduction.