On the Cryptocomplexity of Knapsack Systems

Shamir, Adi

Author(s)

Shamir, Adi

DownloadMIT-LCS-TM-129.pdf (5.006Mb)

Metadata

Show full item record

Abstract

A recent trend in cryptographic systems is to base their encryption/decryption functions on NP-complete problems, and in particular on the knapsack problem. To analyze the security of these systems, we need a complexity theory which is less worst-case oriented and which takes into account the extra conditions imposed on the problems to make them cryptographically useful. In this paper we consider the two classes of one-to-one and onto knapsack systems, analyze the complexity of recognizing them and of solving their instances, introduce a new complexity measure (median complexity), and show that this complexity is inversely proportional to the density of the knapsack system. The tradeoff result is based on a fast probabilistic knapsack solving algorithm which is applicable only to one-to-one systems, and it indicates that knapsack-based cryptographic systems in which one can both encrypt and sign messages are relatively insecure.

Date issued

1979-04

URI

https://hdl.handle.net/1721.1/148957

Series/Report no.

MIT-LCS-TM-129

Collections

LCS Technical Memos (1974 - 2003)