New Conditions for Secure Knapsack Schemes against Lattice Attack
スポンサーリンク
概要
- 論文の詳細を見る
Many knapsack cryptosystems have been proposed but almost all the schemes are vulnerable to lattice attack because of their low density. To prevent the lattice attack, Chor and Rivest proposed a low weight knapsack scheme, which made the density higher than critical density. In Asiacrypt2005, Nguyen and Stern introduced pseudo-density and proved that if the pseudo-density is low enough (even if the usual density is not low enough), the knapsack scheme can be broken by a single call to SVP/CVP oracle. However, the usual density and the pseudo-density are not sufficient to measure the resistance to the lattice attack individually. In this paper, we first introduce the new notion of density D, which naturally unifies the previous two density. Next, we derive conditions for our density so that a knapsack scheme is secure against lattice attack. We obtain a critical bound of density which depends only on the rate of the message length and its Hamming weight. Furthermore, we show that if D < 0.8677, the knapsack scheme is solved by lattice attack. Next, we show that the critical bound goes to 1 if the Hamming weight decreases, which means that it is (almost) impossible to construct a low weight knapsack scheme which is supported by an argument of density.
- 2010-06-01
著者
関連論文
- New Conditions for Secure Knapsack Schemes against Lattice Attack
- Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols
- A Strict Evaluation on the Number of Conditions for SHA-1 Collision Search
- Small Secret Key Attack on a Takagi's Variant of RSA
- Provably Secure Untraceable Electronic Cash against Insider Attacks(Discrete Mathematics and Its Applications)
- Public Key Encryption Schemes from the (B)CDH Assumption with Better Efficiency
- On the Hardness of Subset Sum Problem from Different Intervals