Paper 2024/485

A Variation on Knellwolf and Meier's Attack on the Knapsack Generator

Florette Martinez, École Normale Supérieure - PSL
Abstract

Pseudo-random generators are deterministic algorithms that take in input a random secret seed and output a flow of random-looking numbers. The Knapsack generator, presented by Rueppel and Massey in 1985 is one of the many attempt at designing a pseudo-random generator that is cryptographically secure. It is based on the subset-sum problem, a variant of the Knapsack optimization problem, which is considered computationally hard. In 2011 Simon Knellwolf et Willi Meier found a way to go around this hard problem and exhibited a weakness of this generator. In addition to be able to distinguish the outputs from the uniform distribution, they designed an algorithm that retrieves a large portion of the secret. We present here an alternate version of the attack, with similar costs, that works on the same range of parameters but retrieves a larger portion of the secret.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
pseudo-random generatorcryptanalysislatticesknapsack
Contact author(s)
florette martinez @ ens fr
History
2024-03-26: approved
2024-03-25: received
See all versions
Short URL
https://ia.cr/2024/485
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/485,
      author = {Florette Martinez},
      title = {A Variation on Knellwolf and Meier's Attack on the Knapsack Generator},
      howpublished = {Cryptology ePrint Archive, Paper 2024/485},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/485}},
      url = {https://eprint.iacr.org/2024/485}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.