Cryptanalysis of a New Knapsack Type Public-Key Cryptosystem
Rooh allah Rastaghi 1 1Electrical Engineering Department, Aeronautical University of Since & Technology (Shahid Sattari), Tehran, Iran [email protected]
quantum computers. Therefore, traditional public key Abstract —In [5], a new knapsack type public key cryptosystem cryptosystem based on the two problems cannot be used to is introduced. In this cryptosystem, Hwang et al. used a new provide privacy protections any longer, and public key algorithm called Permutation Combination Algorithm. By exploiting cryptosystems secure in quantum computing environments are this algorithm, they attempt to increase the density of knapsack to needed to be developed. The knapsack problem is NP- avoid the low-density attack [2], [6]. complete. Hence, we can design cryptosystems based on the We show that this cryptosystem is insecure, since this knapsack problem in order to resist quantum attacks. On the cryptosystem is based on basic Merkel-Hellman [9] knapsack cryptosystem, and because of the superincreasing structure, we can other hand, Although the underlying problem is NP-complete, use the Shamir’s attack on basic Merkle-Hellman knapsack [7], [14] but some of the knapsack cryptosystem such as Merkle- to break this cryptosystem. Hellman [14], Chor-Rivest [16], … was broken due to the special structure of the private key and the mathematical way Keywords — Public key cryptosystem, Knapsack problem, that public key (public knapsack) was built from the private Shamir attack, Cryptanalysis. key. In this paper, we Analysis the knapsack PKC Based on I. INTRODUCTION Permutation Combination Algorithm was presented by Hwang N 1976, Diffie and Hellman [3] introduced the public key et al . and show that Because of the identical structure, in key Icryptosystem (PKC). Most public key cryptosystems fall generation stage, with the basic Merkel-Hellman knapsack into one of the two categories below [1]: cryptosystem, we can use the Shamir’s attack for this • Public key cryptosystems based on hard number- cryptosystem and obtain equivalent private keys theoretic problems: e.g., RSA [13], ElGamal [4] and …. (superincreasing sequence). The rest of this paper is organized • Public key cryptosystems based on subset sum or subset as follows. In the following section, we explain the subset sum product problems: e.g., Merkle-Hellman [9], Chor- problem and the basic Merkle-Hellman cryptosystem briefly.
Rivest [1], Morri-Kasahara [11], Naccache-Stern Then, in Section 3, we review the Shamir’s attack. Hwang et [12],… . al.’s knapsack cryptosystem will be present in Section 4 and Unlike hard number-theoretic problems, the knapsack the cryptanalysis of this system will be discussed in Section 5. problem has been proven to be NP-complete [10]. That is to say, there is no polynomial algorithm will be invented to solve II. THE SUBSET SUM PROBLEM AND THE BASIC MERKLE - HELLMAN CRYPTOSYSTEM the knapsack problem. Since its Merkle-Hellman proposal, knapsack public key The subset sum problem is stated as follows: given a set of cryptosystem had been widely studied, and many knapsack positive integers and positive integer . public key cryptosystems were developed. However, almost Whether there is a { subset , , . of . . , the } that sums to . That is all knapsack cryptosystem were shown insecure in that they equivalent to determine whether there are variables are vulnerable to some known attacks, such as low density such that attack [2], [6], Shamir’s attack [14], and Diophantine ( , , . . . , ) approximation attacks [17]. There is no question that knapsack public key cryptosystems still warrant continuous researches, as a result of the NP-completeness nature, the faster speed, = , {0, 1}, 1 ≤ ≤ and a desire to have a wide variety of available cryptosystems. Nowadays, we reconsider knapsack public key cryptography if the set of positive integers is a also because Shor [15] showed that integer factorization and superincreasing = sequence, { , ,. . . , } discrete logarithm problems can be easily solved by using e.g.