Presentation is loading. Please wait.

Presentation is loading. Please wait.

Poking Holes in Knapsack Cryptosystems

Published byBruce Norman O’Brien’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Poking Holes in Knapsack Cryptosystems"— Presentation transcript:

1 Poking Holes in Knapsack Cryptosystems
Grayson Myers

2 Knapsack (Subset Sum) Problem
Given integers a1,…,an Given a target sum S (“knapsack”). Determine if there exists a subset of the integers that sums to S. In other words, find binary x1,…,xn so: S = ∑ xi*ai NP-complete

3 Merkle-Hellman (1978) Public-key cryptosystem based on the knapsack problem Choose large, relatively-prime integers M and W Create a superincreasing sequence b1,…,bn Private key is M, W, and the b’s. Public key is sequence a1,…,an, s.t. ai = bi*W mod M Suggestion: n = 100, M is 202 bits

4 Merkle-Hellman (cont.)
To encrypt an n-bit message x1,…,xn: Compute S = ∑ xi*ai To decrypt: Compute S’ = W-1*S mod M Solve S’ = ∑ xi*bi for xi Easy because b’s are superincreasing Works as long as ∑ bi < M.

5 Shamir’s Attack (1982) Exploits structure in the ai sequence to find M and W-1 Results in some superincreasing sequence that allows the message to be recovered

6 Lagarias and Odlyzko (1983)
Solve low-density subset sum problems directly Do lattice basis reduction on the following basis: V1= 1 0 … 0 -a1 0 1 … 0 -a2 V2= Vn= 0 0 … 1 -an Vn+1= 0 0 … 0 S

7 Lagarias and Odlyzko (Cont.)
Vectors in L look like: z1(v1) + z2(v2) + … + zn(vn) + zn+1(vn+1) In particular, this vector is in L: x = (x1, x2,…, xn, 0) x is very short, therefore likely to appear in the reduced basis Works when density of subset sum is low Defined as n/(# of bits in S)

8 Summary Knapsack cryptosystems: Elegant Fast Insecure
Subset sum problem is NP-complete, but there are too many easy cases.

Download ppt "Poking Holes in Knapsack Cryptosystems"

Similar presentations

Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.

Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
RSA.

RSA.
7. Asymmetric encryption-

7. Asymmetric encryption-
Abdullah Sheneamer CS591-F2010 Project of semester Presentation University of Colorado, Colorado Springs Dr. Edward RSA Problem and Inside PK Cryptography.

Abdullah Sheneamer CS591-F2010 Project of semester Presentation University of Colorado, Colorado Springs Dr. Edward RSA Problem and Inside PK Cryptography.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Public Key Cryptography

Public Key Cryptography
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Chapter 3 Encryption Algorithms & Systems (Part B)

Chapter 3 Encryption Algorithms & Systems (Part B)
1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.

1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.
Public Key Cryptography Bryan Pearsaul. Outline What is Cryptology? Symmetric Ciphers Asymmetric Ciphers Diffie-Hellman RSA (Rivest/Shamir/Adleman) Moral.

Public Key Cryptography Bryan Pearsaul. Outline What is Cryptology? Symmetric Ciphers Asymmetric Ciphers Diffie-Hellman RSA (Rivest/Shamir/Adleman) Moral.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.

The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.
Lecture 5 Overview Does DES Work? Differential Cryptanalysis Idea – Use two plaintext that barely differ – Study the difference in the corresponding.

Lecture 5 Overview Does DES Work? Differential Cryptanalysis Idea – Use two plaintext that barely differ – Study the difference in the corresponding.
CSCI 398 Research Topics in Computer Science Yana Kortsarts Computer Science Department Widener University Chester, PA.

CSCI 398 Research Topics in Computer Science Yana Kortsarts Computer Science Department Widener University Chester, PA.
Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.

Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.
Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339
Merkle-Hellman Knapsack Cryptosystem Merkle offered $100 award for breaking singly - iterated knapsack Singly-iterated Merkle - Hellman KC was broken by.

Merkle-Hellman Knapsack Cryptosystem Merkle offered $100 award for breaking singly - iterated knapsack Singly-iterated Merkle - Hellman KC was broken by.
RSA Ramki Thurimella.

RSA Ramki Thurimella.
Knapsack Cipher. 0-1 knapsack problem Given a positive integer C and a vector A=(a 1,...,a n ) of positive integers, find a subset of the elements of.

Knapsack Cipher. 0-1 knapsack problem Given a positive integer C and a vector A=(a 1,...,a n ) of positive integers, find a subset of the elements of.

Similar presentations

Ads by Google