E. Brickell and A. Odlyzko, Cryptanalysis: A survey of recent results, Proceedings of the IEEE, 76 (1988), pp. 578-593. 39  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... notably by Schnorr [121, 122] Those algorithms have proved invaluable in many areas of mathematics and computer science (see [91, 78, 132, 64, 36, 84] In particular, their relevance to cryptology was immediately understood, and they were used to break schemes based on the knapsack problem (see [119, 29]) which were early alternatives to the RSA cryptosystem [120] The success of reduction algorithms at breaking various cryptographic schemes over the past twenty years (see [75] have arguably established lattice reduction techniques as the most popular tool in public key cryptanalysis. As a ....

E. F. Brickell and A. M. Odlyzko. Cryptanalysis: A survey of recent results. In G. J. Simmons, editor, Contemporary Cryptology, pages 501--540. IEEE Press, 1991.

....exists, then a 1 cannot be in the subset which sums to s, and we know that e 1 = 0. We can then recurse and determine e 2 ; e 3 ; e n in sequence. Many public key cryptosystems have been proposed with the difficulty of solving subset sum problems as the basis for their security. See [7, 8, 13, 31] for surveys of this field. Almost all of these cryptosystems have been shown to be insecure; the Chor Rivest one [11] is perhaps the most widely known system which has not yet been broken. The majority of the attacks on knapsack based cryptosystems have involved discovering the secret ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: a survey of recent results, Proc. IEEE 76 (1988), 578-593. 95

.... and computer science (see [75, 64, 109, 52, 30, 69] In particular, their relevance to The technique is however polynomial time for fixed dimension, which was enough in [74] cryptology was immediately understood, and they were used to break schemes based on the knapsack problem (see [99, 23]) which were early alternatives to the RSA cryptosystem [100] The success of reduction algorithms at breaking various cryptographic schemes over the past twenty years (see [61] have arguably established lattice reduction techniques as the most popular tool in public key cryptanalysis. As a ....

E. F. Brickell and A. M. Odlyzko. Cryptanalysis: A survey of recent results. In Contemporary Cryptology, pages 501--540. IEEE Press, 1991.

....sum T , find a subset of the numbers whose sum is T . Many schemes were suggested that use this problem as the basis for public key encryption. However, none of these schemes have been proven to be as secure as subset sum, and, in fact, most of them have been broken. See Brickell and Odlyzko [9] and Odlyzko [41] for a survey. The first to suggest using subset sum were Merkle and Hellman [36] and the only method for using subset sum in a public key protocol that has not been broken is Chor and Rivest s [11] The approach taken here is different in two ways. We are less ambitious, and ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: A Survey of Recent Results, Proc. of the IEEE, vol. 76, pp. 578-593, May 1988.

....sum T , find a subset of the numbers whose sum is T . Many schemes were suggested that use this problem as the basis for public key encryption. However, none of these schemes have been proven to be as secure as subset sum, and, in fact, most of them have been broken. See Brickell and Odlyzko [9] and Odlyzko [37] for a survey. The first to suggest using it were Merkle and Hellman [32] and the only method that has not been broken is Chor and Rivest s [10] The approach taken here is different in two ways. We are less ambitious, and are not attempting to construct a public key ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: A Survey of Recent Results, Proc. of the IEEE, vol. 76, pp. 578-593, May 1988.

.... and computer science (see [75, 64, 109, 52, 30, 69] In particular, their relevance to 1 The technique is however polynomial time for fixed dimension, which was enough in [74] 2 cryptology was immediately understood, and they were used to break schemes based on the knapsack problem (see [99, 23]) which were early alternatives to the RSA cryptosystem [100] The success of reduction algorithms at breaking various cryptographic schemes over the past twenty years (see [61] have arguably established lattice reduction techniques as the most popular tool in public key cryptanalysis. As a ....

E. F. Brickell and A. M. Odlyzko. Cryptanalysis: A survey of recent results. In Contemporary Cryptology, pages 501--540. IEEE Press, 1991.

....to some extent, a security parameter. A possible strategy for finding p and q is to use the estimators p = maxfb ij g and q = maxfc ij g. However, p and q are not good enough to get polynomially close to p or q with polynomially many ciphertexts. On the other hand, the techniques described in [3] and [4] to break congruential generators with unknown parameters do not seem to apply here, since there is no recurrent relation between the known cleartexts and ciphertexts that can be exploited. A supplementary way to increase security is for the classified level to keep m secret, because in ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: a survey of recent results, in: G. J. Simmons, ed., Contemporary Cryptology (IEEE Press, New York, 1992) 501-540.

....far more attention, study, and actual use than any other public key cryptosystem, and thus RSA has more empirical evidence of its security than more recent and less scrutinized systems. In fact, a large number of public key cryptosystems which at first appeared secure were later broken; see [13] for some case histories. 2.16 Is RSA currently in use today The use of RSA is undergoing a period of rapid expansion and may become ubiquitous within a few years. It is currently used in a wide variety of products, platforms and industries around the world. It is found in many commercial ....

....used in DSS was first proposed for cryptographic use in 1989 by Schnorr [75] and has not received much public study. In general, any new cryptosystem could have serious flaws that are only discovered after years of scrutiny by cryptographers. Indeed this has happened many times in the past; see [13] for some detailed examples. RSA has withstood over 15 years of vigorous examination for weaknesses. In the absence of mathematical proofs of security, nothing builds confidence in a cryptosystem like sustained attempts to crack it. Although DSS may well turn out to be a strong cryptosystem, its ....

E.F. Brickell and A.M. Odlyzko. Cryptanalysis: A survey of recent results. Proceedings of the IEEE, 76:578--593, 1988.

....good if the error term is less than n Gamma1=k 0 [3] For the given parameter lengths, this is so when k is 13 or more. Given a set of moduli known to have such approximations, finding the approximations is straightforward. Following techniques for breaking knapsack cryptosystems (see [2], 3] 4] one finds a set of short vectors in the lattice generated by the basis 0 B B B B B B B n 0 0 0 Delta Delta Delta 0 0 n 0 0 Delta Delta Delta . 0 . 0 . 0 Delta Delta Delta 0 n 0 0 Gamman 1 Gamman 2 Delta Delta Delta Gamman k 1 1 C C C C C C C A ....

E.F. Brickell and A.M. Odlyzko. Cryptanalysis: A survey of recent results. Proceedings of the IEEE, 76:578--593, 1988.

.... Dawson and Clark [8] Goli c and Mihaljevi c [16] Gollmann and Chambers [17] Klapper [24] Meier and Stafelbach [29] and Siegenthaler [35] Many classical results are proven in Peterson and Weldon [30] and Berlekamp [2] For a general survey of cryptanalytic techniques, see Brickell and Odlyzko [3]. These references, however, do not adequately address the algorithmic aspects of efficiently applying linear algebra (including matrix decompositions) to cryptanalysis. Moreover, we found no previous work that describes in complete practical detail how to break any stream cipher. 2 Gifford s ....

Brickell, Ernest F.; and Andrew M. Odlyzko, "Cryptanalysis: A survey of recent results" in [36], Chapter 10 (1992), 501--540.

.... code obtained by concatenation of the [8,4,4] binary extended Hamming code with a [13,6] punctured Reed Solomon code over GF (16) of minimum distance 8, and the other using a [30,12,19] Reed Solomon code over GF (31) Both of these examples have been proved insecure by Brickell and Odlyzko [3]. Note 1. McEliece s and Niederreiter s cryptosystems therefore rely on the following principle: the secret key is a code C which is easy to decode, and the public key is a generator or parity check matrix of a permutation equivalent code. The invertible matrix S has no cryptographic function; ....

E.F. Brickell and A.M. Odlyzko. Cryptanalysis: A survey of recent results. In Proceedings of IEEE, volume 76, pages 578--593, May 1988.

....encryption and decryption. However, the scheme is subjected to some weaknesses [4,5] Rao and Nam [6,7] modified McEliece s scheme to construct a private key algebraic code cryptosystem which allows the use of simpler codes. The Rao Nam system is still subjected to some chosen plaintext attacks [7 10], and therefore is also insecure. Many modifications to Rao Nam private key cryptosystem were proposed [7,11,12] These schemes are based on either allowing nonlinear codes or modifying the set of allowed error patterns. The Rao Nam scheme using Preparata codes [7,11] was proven to be insecure ....

Brickell, E.F., and Odlyzko, A., "Cryptanalysis: A Survey of Recent Results," Proc. IEEE 76 (5) (1988) 153-165

.... Dawson and Clark [9] Goli c and Mihaljevi c [18] Gollmann and Chambers [19] Klapper [26] Meier and Stafelbach [33] and Siegenthaler [41] Many classical results are proven in Peterson and Weldon [35] and Berlekamp [2] For a general survey of cryptanalytic techniques, see Brickell and Odlyzko [3]. For abstract linear algebra, we used standard texts by Hoffman and Kunze [22] Hungerford [23] and Jacob [24] In addition, Watkins [43] surveys matrix theory, and Giesbrecht [13] presents some algorithms for matrix normal forms. These references, however, do not adequately address the ....

Brickell, Ernest F.; and Andrew M. Odlyzko, "Cryptanalysis: A survey of recent results," Proceedings of the IEEE, 76:5 (May 1988), 578--593.

....mathematical foundation, e.g. public key cryptosystems such as the RSA system [105] See Schneier [109] for a comprehensive survey and large bibliography. Seberry and Pieprzyk [112] is a less exhaustive alternative. The mathematics of public key cryptography is covered in Brickell and Odlyzko [38], Goldwasser and Bellare [60] Riesel [104] Schroeder [110] and Stinson [122] For practical and political aspects, see Schneier [108, 109] and Zimmermann [135] 4 Integer factorization and primality testing algorithms The problem of distinguishing prime numbers from composites; and of ....

! Ernest F. Brickell and Andrew M. Odlyzko, Cryptanalysis: a survey of recent results, in Contemporary Cryptology (G. J. Simmons, ed.), IEEE Press, 1991, 501--540. Preliminary version in Proc. IEEE 76, 1988, 578--593. An excellent survey up to 1991. Available from http://www.research.att.com/~amo/doc/complete.html.

.... [by the quantum cryptography apparatus] 1 [18] Also, Brickell and Odlyzko close their thorough survey of recent (1988) results in cryptanalysis with these words: If such systems [quantum cryptography] become feasible, the cryptanalytic tools discussed here [in their paper] will be of no use [15]. In this paper, we report on the first experimental quantum key distribution channel ever designed and actually put together. Section 2 provides background information on quantum cryptography. For further detail on the basic quantum channel, see chapter 6 of [13] We first review the original ....

Brickell, E. F. and A. M. Odlyzko, "Cryptanalysis: A survey of recent results", Proceedings of the IEEE , Vol. 76, no. 5, May 1988, pp. 578 -- 593.

....sum T , find a subset of the numbers whose sum is T . Many schemes were suggested that use this problem as the basis for public key encryption. However, none of these schemes have been proven to be as secure as subset sum, and, in fact, most of them have been broken. See Brickell and Odlyzko [9] and Odlyzko [40] for a survey. The first to suggest using subset sum were Merkle and Hellman [35] and the only method for using subset sum in a public key protocol that has not been broken is Chor and Rivest s [11] The approach taken here is different in two ways. We are less ambitious, and are ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: A Survey of Recent Results, Proc. of the IEEE, vol. 76, pp. 578-593, May 1988.

....a i = s: 1) This problem is known to be NP complete [9] in its feasibility recognition form) and so is thought to be very hard in general. This has led to the invention of several public key cryptosystems based on the knapsack problem. Almost all of these have been broken by now, however. See [2, 3, 5, 15] for surveys of this field. Most of the attacks exploited specific constructions of the relevant cryptosystems. In addition, two algorithms have been proposed, one by Brickell [1] and the other by Lagarias and Odlyzko [11] which show that almost all low density subset sum problems can be solved ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: a survey of recent results, Proc. IEEE 76 (1988), 578-593.

....problem is known to be NP complete [10] in its feasibility recognition form) and so is thought to be very hard in general. This has led to the invention of several public key cryptosystems based on the knapsack problem. 2 Coster et al. Almost all of these have been broken by now, however. See [2, 3, 6, 17] for surveys of this field. Most of the attacks exploited specific constructions of the relevant cryptosystems. In addition, two algorithms have been proposed, one by Brickell [1] and the other by Lagarias and Odlyzko [13] which show that almost all low density subset sum problems can be solved ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: a survey of recent results, Proc. IEEE 76 (1988), 578-593.

....i = s: 1.1) This problem is known to be NP complete [10] in its feasibility recognition form) and so is thought to be very hard in general. This has led to the invention of several public key cryptosystems based on the knapsack problem. Almost all of these have been broken by now, however. See [2, 3, 6, 17] for surveys of this field. Most of the attacks exploited specific constructions of the relevant cryptosystems. In addition, two algorithms have been proposed, one by Brickell [1] and the other by Lagarias and Odlyzko [13] which show that 2 Coster et al. almost all low density subset sum ....

E. F. Brickell and A. M. Odlyzko, Cryptanalysis: a survey of recent results, Proc. IEEE 76 (1988), 578-593.

....borne out; their constructions can often be unraveled, and in addition, many cases of the general knapsack problem can be solved efficiently. A large variety of knapsack cryptosystems have been shown to be insecure, most with the use of tools from the area of diophantine approximation. The paper [6] contains a survey of many of the systems that have been broken as well as descriptions of some of the attacks. For full details, the reader is advised to consult [6] and many of the references contained there, such as [3,4,5,8,11,16,17,18,22,26] The remainder of this paper is devoted to a ....

....cryptosystems have been shown to be insecure, most with the use of tools from the area of diophantine approximation. The paper [6] contains a survey of many of the systems that have been broken as well as descriptions of some of the attacks. For full details, the reader is advised to consult [6] and many of the references contained there, such as [3,4,5,8,11,16,17,18,22,26] The remainder of this paper is devoted to a description of one each of the two kinds of basic attacks that have been used. Section 2 describes the attack on the singly iterated Merkle Hellman cryptosystem. This ....

[Article contains additional citation context not shown here]

E. F. Brickell and A. M. Odlyzko, "Cryptanalysis: A Survey of Recent Results," Proc. IEEE, vol. 76, 1988, pp. 578-593.

No context found.

E. Brickell and A. Odlyzko, Cryptanalysis: A survey of recent results, Proceedings of the IEEE, 76 (1988), pp. 578-593. 39

No context found.

E.F. Brickell and A.M. Odlyzko. Cryptanalysis: A survey of recent results. Proceedings of the IEEE, 76:578-593, 1988.

No context found.

E.F. Brickell and A.M. Odlyzko. Cryptanalysis: A survey of recent results. Proceedings of the IEEE, 76:578-593, 1988.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC