Solving low-density subset sum problems
Journal of the ACM (JACM)
A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Improved low-density subset sum algorithms
Computational Complexity
The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Computing Partitions with Applications to the Knapsack Problem
Journal of the ACM (JACM)
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Fast Correlation Attacks: An Algorithmic Point of View
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem
Mathematics of Computation
SWIFFT: A Modest Proposal for FFT Hashing
Fast Software Encryption
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
The knapsack hash function proposed at Crypto'89 can be broken
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
A hybrid lattice-reduction and meet-in-the-middle attack against NTRU
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Improved generic algorithms for hard knapsacks
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Cryptanalysis of the knapsack generator
FSE'11 Proceedings of the 18th international conference on Fast software encryption
A low-memory algorithm for finding short product representations in finite groups
Designs, Codes and Cryptography
Decoding random linear codes in Õ(20.054n)
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Decoding random binary linear codes in 2n/20: how 1 + 1 = 0 improves information set decoding
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Square root algorithms for the number field sieve
WAIFI'12 Proceedings of the 4th international conference on Arithmetic of Finite Fields
Faster algorithm for solving hard knapsacks for moderate message length
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Towards super-exponential side-channel security with efficient leakage-resilient PRFs
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Space---Time tradeoffs for subset sum: an improved worst case algorithm
ICALP'13 Proceedings of the 40th international conference on Automata, Languages, and Programming - Volume Part I
| Hi-index | 0.00 |
In this paper, we study the complexity of solving hard knapsack problems, i.e., knapsacks with a density close to 1 where lattice-based low density attacks are not an option. For such knapsacks, the current state-of-the-art is a 31-year old algorithm by Schroeppel and Shamir which is based on birthday paradox techniques and yields a running time of $\tilde{O}(2^{n/2})$ for knapsacks of n elements and uses $\tilde{O}(2^{n/4})$ storage. We propose here two new algorithms which improve on this bound, finally lowering the running time down to either $\tilde{O} (2^{0.385\, n})$ or $\tilde{O} (2^{0.3113\, n})$ under a reasonable heuristic. We also demonstrate the practicality of these algorithms with an implementation.