B. Chor & R. Rivest, A knapsack-type public key cryptosystem based on arithmetic on finite fields, IEEE Transactions on Information Theory, vol. it 34, 1988, pp. 901--909.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....in polynomialtime with high probability [CJL 92] Basically all knapsack cryptosystems have been broken, either by specific (often lattice based) attacks or by the low density attacks. The last significant candidate that had resisted such attacks was the Chor Rivest knapsack cryptosystem [CR88] The Chor Rivest cryptosystem involves a combination of number theory ideas and knapsacks. It is the only known knapsack public key encryption scheme that does not use some form of modular multiplication to disguise an easy subset sum problem. The Chor Rivest cryptosystem was broken by Vaudenay ....

B. Chor and R. L. Rivest. A knapsack type public-key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34(5):901--909, September 1988.

....and can attain very high encryption decryption rates. But basically, all knapsack cryptosystems have been broken (for a survey, see [119] either by specific (often lattice based) attacks or by the low density attacks. The last significant candidate to survive was the Chor Rivest cryptosystem [35], broken by Vaudenay [135] in 1997 with algebraic (not lattice) methods. 3.2 Low density attacks on knapsacks We only describe the basic link between lattices and knapsacks. Note that Ajtai s original proof [4] for the NP hardness (under randomized reductions) of SVP used a connection between ....

B. Chor and R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34, 1988.

....e 3 ; e n in sequence. Many public key cryptosystems have been proposed with the difficulty of solving subset sum problems as the basis for their security. See [7, 8, 13, 31] for surveys of this field. Almost all of these cryptosystems have been shown to be insecure; the Chor Rivest one [11] is perhaps the most widely known system which has not yet been broken. The majority of the attacks on knapsack based cryptosystems have involved discovering the secret information hidden in the weights which allows the receiver A to decrypt the message quickly. However, there have been two ....

....vector exists of length nfi(1 Gamma fi) In the worst case, fi = and the solution vector is the familiar e vector with ke k = n. For instances of the general subset sum problem no information is known concerning e i . Some knapsack cryptosystem, such as the Chor Rivest system [11], do use subsets with relatively few weights. When attacking such systems, Algorithm SL should be modified to use the tailored lattice basis described in [12] ....

B. Chor and R. Rivest, A knapsack-type public key cryptosystem based on arithmetic in finite fields, Advances in Cryptology: Proceedings of Crypto '84, Springer-Verlag, NY (1985), 54-65. Revised version in IEEE Trans. Information Theory IT-34 (1988), 901-909.

....and can attain very high encryption decryption rates. But basically, all knapsack cryptosystems have been broken (for a survey, see [99] either by specific (often lattice based) attacks or by the low density attacks. The last significant candidate to survive was the Chor Rivest cryptosystem [29], broken by Vaudenay [112] in 1997 with algebraic (not lattice) methods. 3.1 Low density attacks We only mention some of the links between lattices and knapsacks. Note that Ajtai s original proof [4] for the NP hardness (under randomized reductions) of SVP used a connection between the subset ....

B. Chor and R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34, 1988.

.... proposed such as the GoldwasserMicali scheme [18] based on quadratic residuosity, the Ajtai Dwark scheme [3] based on the lattice problem, the McEliece scheme [26] based on the error correcting code, knapsack type cryptosystems including the Merkle Hellman, Chor Rivest and Naccache Stern schemes [27, 9, 29], and multivariate polynomial type cryptosystems including the Matsumoto Imai and PatarinGoubin schemes [25, 33, 34] However they are not so efficient or not so secure . Therefore, from the practical viewpoint, only two techniques, RSA Rabin and Diffie Hellman ElGamal, have been used in many ....

Chor, B. and Rivest, R.L.: A knapsack type public key cryptosystem based on arithmetic in finite fields, Proc. of Crypto'84, LNCS 196, Springer-Verlag, pp.54-65 (1985).

....subset sum, and, in fact, most of them have been broken. See Brickell and Odlyzko [9] and Odlyzko [41] for a survey. The first to suggest using subset sum were Merkle and Hellman [36] and the only method for using subset sum in a public key protocol that has not been broken is Chor and Rivest s [11]. The approach taken here is different in two ways. We are less ambitious, and are not attempting to construct a public key cryptosystem. Many important tasks in cryptography do not require the full power of public key cryptography. These tasks include: private key encryption, pseudo random ....

B. Chor and R. L. Rivest, A Knapsack Type Public Key Crypto-System Based on arithmetic in finite fields, IEEE Transaction on Information Theory, Vol 34, 1988, pp. 901-909.

....output at each iteration. Given a seed S t , the seed for the next iteration is S t 1 = G (S t ) and the output of the randomizer is R t 1 = D # S t 1 # . This definition of the PRNG allows for very flexible design. For example a subset sum problem similar to the ChorRivest knapsack ([4]) might be used for G and a knapsack modulo 2 cn could be used for D. For now we define G, D as subset sum functions modulo 2 n and 2 cn respectively. Let G and D be based on the sets # = g i g i # 0, 1, 2 n 1 , i = 0, 1, n 1 (1) # = d i d i # 0, ....

B. Chor and R. L. Rivest, A knapsack type public key cryptosystem based on arithmetic in finite fields, in Advances in Cryptology: Proceedings of Crypto '84, G. R. Blakley and D. Chaum, eds., Berlin, 1985, SpringerVerlag, pp. 54--65. Lecture Notes in Computer Science Volume 196.

....However, for small dimensions it might be possible to improve the bound, even though any such advantage will disappear as n grows. In cases where the subset sum problem (Equation 1) to be solved is known to have P e i small (as occurs in some knapsack cryptosystems, such as the Chor Rivest one [4], which has still not been broken) it is possible to again improve on the results of [11] by our approach. For example, if we know that n X i=1 e i = fin; we can replace the vector b n 1 in the basis of L by b 00 n 1 = fi; fi; fi; Ns) and then the lattice L will contain a vector ....

B. Chor and R. Rivest, A knapsack-type public key cryptosystem based on arithmetic in finite fields, IEEE Trans. Information Theory IT-34 (1988), 901-909.

....for publication January 2001) c Academic Press, 2001. INTRODUCTION Factoring polynomials over finite fields intervenes in many areas of computer science and computational mathematics like symbolic computation at large [24] polynomial factorization over the integers [12, 40] cryptography [10, 44, 48], number theory [5] or coding theory [4] The implications include finding complete 1 2 P. FLAJOLET, X. GOURDON, D. PANARIO partial fraction decompositions, designing cyclic redundancy codes, computing the number of points on elliptic curves, and building arithmetic public key cryptosystems. In ....

Chor, B., and Rivest, R. A knapsack-type public key cryptosystem based on arithmetic in finite field. IEEE Trans. Inform. Theory. 34 (1988), 901--909.

....(mod M) then solving the knapsack problem with weights s and sum S recovers the plaintext x. There are many alternative knapsack type public key cryptosystems, a review of which is given in [19] The basic Merkle Hellman cryptosystem was cracked by Shamir [71] and all proposed variants except [12], which is based on arithmetic in a finite field, have been cracked using techniques described in [9] 73 3.6.2 RSA Named after its inventors, Rivest, Shamir and Adleman [64] it is the most popular public key system. The basis of RSA is the difficulty in factoring very large numbers. A public ....

....cipher by solving the hard knapsack problem, although his knapsack contained only 15 items of about 16 bits each, and a real implementation of a knapsack system would have at least 250 items of 200 to 300 bits each. Besides, all variants of the knapsack except the one proposed by Chor and Rivest [12] have been cracked by other methods, and even if 141 the only option was to attack the hard knapsack problem, there are probably better methods than a GA(see [55] As for the systems based on number theory, the problem is finding a fitness measure. RSA relies on the difficulty of factoring large ....

B. Chor and R. L. Rivest. A knapsack type public key cryptosystem based on arithmetic in finite fields. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology - Proceedings of CRYPTO'84. SpringerVerlag, 1985.

....of these schemes have been proven to be as secure as subset sum, and, in fact, most of them have been broken. See Brickell and Odlyzko [9] and Odlyzko [37] for a survey. The first to suggest using it were Merkle and Hellman [32] and the only method that has not been broken is Chor and Rivest s [10]. The approach taken here is different in two ways. We are less ambitious, and are not attempting to construct a public key cryptosystem. Many important tasks in cryptography do not require the full power of public key cryptography. These tasks include: private key encryption, pseudo random ....

B. Chor and R. L. Rivest, A Knapsack Type Public Key Crypto-System Based on arithmetic in finite fields, IEEE Transaction on Information Theory, Vol 34, 1988, pp. 901-909.

....of breaking this system in a reasonable amount of time are known. Research supported by NSF grant MCS 8006938. Part of this research was done while the rst author was visiting Bell Laboratories, Murray Hill, NJ. A preliminary version of this work was presented in Crypto 84 and has appeared in [8]. 1 1. Introduction. In 1976, Die and Hellman [11] introduced the idea of public key cryptography, in which two di erent keys are used: one for encryption, and one for decryption. Each user keeps his decryption key secret, while making the encryption key public, so it can be used by everyone ....

Chor, B. and R.L. Rivest, \A knapsack type public key cryptosystem based on arithmetic in nite elds," (preliminary report) Advances in Cryptology: Proceedings of Crypto84, G.R. Blakely and D. Chaum. eds., Springer{Verlag, 1985, pp. 54-65.

....has not been kind to knapsack schemes; most of them have been broken by extremely clever analysis and the use of the powerful L 3 algorithm [104] for working in lattices. See [114, 140, 142, 1, 144, 100, 32, 122] Some knapsack or knapsack like schemes are still unbroken. The Chor Rivest scheme [39], and the multiplicative versions of the knapsack [114] are examples. McEliece has a knapsack like publickey cryptosystem based on error correcting codes [113] This scheme has not been broken, and was the rst scheme to use randomization in the encryption process. 6.3 Probabilistic Public Key ....

B. Chor and R. L. Rivest. A knapsack type public-key cryptosystem based on arithmetic in nite elds. IEEE Trans. Inform. Theory, 34(5):901-909, September 1988.

No context found.

B. Chor & R. Rivest, A knapsack-type public key cryptosystem based on arithmetic on finite fields, IEEE Transactions on Information Theory, vol. it 34, 1988, pp. 901--909.

No context found.

B. Chor and R. Rivest, A Knapsack Type Public Key Cryptosystem based on arithmetic in finite fields, IEEE Transactions on Information Theory, Vol. 34, 901-909, (1988).

No context found.

B. Chor & R. Rivest, A knapsack-type public key cryptosystem based on arithmetic on finite fields, IEEE Transactions on Information Theory, vol. it 34, 1988, pp. 901--909.

No context found.

B. Chor and R. Rivest. A knapsack-type public key cryptosystem based on arithmetic in nite elds. IEEE Transactions in Information Theory, 34:901-909, 1988.

No context found.

B. Chor & R. Rivest, A knapsack-type public key cryptosystem based on arithmetic on finite fields, IEEE Transactions on Information Theory, vol. it 34, 1988, pp. 901--909.

No context found.

B. Chor and R. Rivest, A knapsack-type public key cryptosystem based on arithmetic in finite fields, IEEE Transactions on Information Theory, 34 (1988), pp. 901-909.

No context found.

B. Chor & R. Rivest, A knapsack-type public key cryptosystem based on arithmetic on finite fields, IEEE Transactions on Information Theory, vol. it 34, 1988, pp. 901--909.

No context found.

B. Chor & R. Rivest, A knapsack-type public key cryptosystem based on arithmetic on finite fields, IEEE Transactions on Information Theory, vol. it 34, 1988, pp. 901--909.

No context found.

B. Chor and R. L. Rivest. A knapsack type public-key cryptosystem based on arithmetic in nite elds. IEEE Trans. Inform. Theory, 34(5):901-909, September 1988.

No context found.

Chor, B., and Rivest, R. L. A knapsack-type public key cryptosystem based on arithmetic in finite fields. In Advances in Cyrptology: Proceedings of Crypto '84 (1984), vol. 196, Springer, pp. 54--65.

No context found.

Chor, B. and Rivest, R.L.: A knapsack type public key cryptosystem based on arithmetic in finite fields, Proc. of Crypto'84, LNCS 196, Springer-Verlag, pp.54-65 (1985).

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC