Low-density attack revisited

Tetsuya Izu, Jun Kogure, Takeshi Koshiba, Takeshi Shimoyama

Research output: Contribution to journalArticle

11 Citations (Scopus)

Abstract

The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density <0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.'s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.

Original languageEnglish
Pages (from-to)47-59
Number of pages13
JournalDesigns, Codes, and Cryptography
Volume43
Issue number1
DOIs
Publication statusPublished - 2007 Apr
Externally publishedYes

Fingerprint

Cryptography
Attack
Subset Sum Problem
Cryptosystem
Set theory
Apothem or short radius
Computational complexity
Hamming Weight
Integral Points
Public-key Cryptosystem
Lattice Points
NP-hard Problems

Keywords

  • Knapsack-based cryptosystem
  • Lattice problem
  • Low-density attack
  • Public-key cryptosystem
  • Subset sum problem

ASJC Scopus subject areas

  • Computer Science Applications
  • Applied Mathematics

Cite this

Low-density attack revisited. / Izu, Tetsuya; Kogure, Jun; Koshiba, Takeshi; Shimoyama, Takeshi.

In: Designs, Codes, and Cryptography, Vol. 43, No. 1, 04.2007, p. 47-59.

Research output: Contribution to journalArticle

Izu, Tetsuya ; Kogure, Jun ; Koshiba, Takeshi ; Shimoyama, Takeshi. / Low-density attack revisited. In: Designs, Codes, and Cryptography. 2007 ; Vol. 43, No. 1. pp. 47-59.
@article{9412fd8138a2479a93768ca2cab33453,
title = "Low-density attack revisited",
abstract = "The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density <0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.'s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.",
keywords = "Knapsack-based cryptosystem, Lattice problem, Low-density attack, Public-key cryptosystem, Subset sum problem",
author = "Tetsuya Izu and Jun Kogure and Takeshi Koshiba and Takeshi Shimoyama",
year = "2007",
month = "4",
doi = "10.1007/s10623-007-9058-5",
language = "English",
volume = "43",
pages = "47--59",
journal = "Designs, Codes, and Cryptography",
issn = "0925-1022",
publisher = "Springer Netherlands",
number = "1",

}

TY - JOUR

T1 - Low-density attack revisited

AU - Izu, Tetsuya

AU - Kogure, Jun

AU - Koshiba, Takeshi

AU - Shimoyama, Takeshi

PY - 2007/4

Y1 - 2007/4

N2 - The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density <0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.'s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.

AB - The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density <0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.'s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.

KW - Knapsack-based cryptosystem

KW - Lattice problem

KW - Low-density attack

KW - Public-key cryptosystem

KW - Subset sum problem

UR - http://www.scopus.com/inward/record.url?scp=34247146502&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34247146502&partnerID=8YFLogxK

U2 - 10.1007/s10623-007-9058-5

DO - 10.1007/s10623-007-9058-5

M3 - Article

VL - 43

SP - 47

EP - 59

JO - Designs, Codes, and Cryptography

JF - Designs, Codes, and Cryptography

SN - 0925-1022

IS - 1

ER -