Abstract
Cryptosystems based on the knapsack problem were among the first public key systems to be invented and for a while were considered quite promising. Basically all knapsack cryptosystems that have been proposed so far have been broken, mainly by means of lattice reduction techniques. However, a few knapsack-like cryptosystems have withstood cryptanalysis, among which the Chor-Rivest scheme [2] even if this is debatable (see [16]), and the Qu-Vanstone scheme proposed at the Dagstuhl'93 workshop [13] and published in [14]. The Qu-Vanstone scheme is a public key scheme based on group factorizations in the additive group of integers modulo n that generalizes Merkle-Hellman cryptosystems. In this paper, we present a novel use of lattice reduction, which is of independent interest, exploiting in a systematic manner the notion of an orthogonal lattice. Using the new technique, we successfully attack the Qu-Vanstone cryptosystem. Namely, we show how to recover the private key from the public key. The attack is based on a careful study of the so-called Merkle-Hellman transformation.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
E. Brickell. Are most low density polynomial knapsacks solvable in polynomial time? In Proc. 14th Southeastern Conference on Combinatorics, Graph Theory, and Computing, 1983.
B. Chor and R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34, 1988.
H. Cohen. A course in computational algebraic number theory. Springer-Verlag, Berlin, 1993.
M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.-P. Schnorr, and J. Stern. Improved low-density subset sum algorithms. Comput. Complexity, 2:111–128, 1992.
P. M. Gruber and C. G. Lekkerkerker. Geometry of numbers. North-Holland, Amsterdam, 1969.
A. Joux. La réduction des réseaux en cryptographie. PhD thesis, école Polytechnique, 1993.
A. Joux and J. Stern. Lattice reduction: a toolbox for the cryptanalyst. (to appear in J. of Cryptology).
A. K. Lenstra, H. W. Lenstra, and L. Lovász. Factoring polynomials with rational coefficients. Math. Ann., 261:515–534, 1982.
J. Martinet. Les réseaux parfaits des espaces euclidiens (perfect lattices in euclidean spaces). Editions Masson, 1996.
R. Merkle and M. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Trans. Inform. Theory, IT-24:525–530, September 1978.
P. L. Montgomery. Square roots of products of algebraic numbers. Draft of June, 1995.
A. M. Odlyzko. The rise and fall of knapsack cryptosystems. In Cryptology and Computational Number Theory, volume 42 of Proceedings of Symposia in Applied Mathematics, pages 75–88. A.M.S., 1990.
M. Qu and S. A. Vanstone. New public-key cryptosystem based on the subset factorizations in Z n. (to appear).
M. Qu and S. A. Vanstone. The knapsack problem in cryptography. In Finite Fields: Theory, Applications, and Algorithms, volume 168 of Contemporary Mathematics, pages 291–308. A.M.S., 1994.
C.-P. Schnorr. A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science, 53:201–224, 1987.
C.P. Schnorr and H.H. Hörner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Advances in Cryptology: Proceedings of Eurocrypt' 95, volume 921 of LNCS, pages 1–12. Springer-Verlag, 1995.
A. Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Proceedings of the 23rd Annual Symposium on the Foundations of Computer Science (IEEE), pages 145–152, 1982.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Nguyen, P., Stern, J. (1997). Merkle-Hellman revisited: A cryptanalysis of the Qu-Vanstone cryptosystem based on group factorizations. In: Kaliski, B.S. (eds) Advances in Cryptology — CRYPTO '97. CRYPTO 1997. Lecture Notes in Computer Science, vol 1294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0052236
Download citation
DOI: https://doi.org/10.1007/BFb0052236
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63384-6
Online ISBN: 978-3-540-69528-8
eBook Packages: Springer Book Archive