CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the Ajtai-Dwork Cryptosystem
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
The Béguin-Quisquater Server-Aided RSA Protocol from Crypto '95 is not Secure
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
The Hardness of the Hidden Subset Sum Problem and Its Cryptographic Implications
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Lattice Basis Reduction with Dynamic Approximation
WAE '00 Proceedings of the 4th International Workshop on Algorithm Engineering
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
PSS Is Secure against Random Fault Attacks
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Modulus fault attacks against RSA-CRT signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Fault attacks against EMV signatures
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Hi-index | 0.00 |
At SAC '97, Itoh, Okamoto and Mambo presented a fast public key cryptosystem. After analyzing several attacks including lattice-reduction attacks, they claimed that its security was high, although the cryptosystem had some resemblances with the former knapsack cryptosystems, since decryption could be viewed as a multiplicative knapsack problem. In this paper, we show how to recover the private key from a fraction of the public key in less than 10 minutes for the suggested choice of parameters. The attack is based on a systematic use of the notion of the orthogonal lattice which we introduced as a cryptographic tool at Crypto '97. This notion allows us to attack the linearity hidden in the scheme.