Paper 2007/066

Low-Density Attack Revisited

Tetsuya Izu, Jun Kogure, Takeshi Koshiba, and Takeshi Shimoyama

Abstract

The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density < 0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.'s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
subset sum problemknapsack-based cryptosystemlow-density attacklattice problem
Contact author(s)
koshiba @ tcs ics saitama-u ac jp
History
2007-02-28: received
Short URL
https://ia.cr/2007/066
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/066,
      author = {Tetsuya Izu and Jun Kogure and Takeshi Koshiba and Takeshi Shimoyama},
      title = {Low-Density Attack Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/066},
      year = {2007},
      url = {https://eprint.iacr.org/2007/066}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.