Journal ArticleDOI
Solving low-density subset sum problems
Reads0
Chats0
TLDR
This method gives a polynomial time attack on knapsack public key cryptosystems that can be expected to break them if they transmit information at rates below dc (n), as n → ∞.Abstract:
The subset sum problem is to decide whether or not the 0-l integer programming problem Sni=l aixi = M, ∀I, xI = 0 or 1, has a solution, where the ai and M are given positive integers. This problem is NP-complete, and the difficulty of solving it is the basis of public-key cryptosystems of knapsack type. An algorithm is proposed that searches for a solution when given an instance of the subset sum problem. This algorithm always halts in polynomial time but does not always find a solution when one exists. It converts the problem to one of finding a particular short vector v in a lattice, and then uses a lattice basis reduction algorithm due to A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovasz to attempt to find v. The performance of the proposed algorithm is analyzed. Let the density d of a subset sum problem be defined by d = n/log2(maxiai). Then for “almost all” problems of density dread more
Citations
More filters
Book
Analytic Combinatorics
TL;DR: This text can be used as the basis for an advanced undergraduate or a graduate course on the subject, or for self-study, and is certain to become the definitive reference on the topic.
Journal ArticleDOI
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Claus-Peter Schnorr,M. Euchner +1 more
TL;DR: Empirical tests show that the strongest of these algorithms solves almost all subset sum problems with up to 66 random weights of arbitrary bit length within at most a few hours on a UNISYS 6000/70 or within a couple of minutes on a SPARC1 + computer.
Proceedings ArticleDOI
Generating hard instances of lattice problems (extended abstract)
TL;DR: A random class of lattices in Zn is given whose elements can be generated together with a short vector in them so that, if there is a probabilistic polynomial time algorithm which finds a long vector in a random lattice with a probability of at least ~ then there is also a prob probability-based algorithm which solves the following three lattice problems in ev-e~g lattice inZn with a probabilities exponentially close to one.
Journal Article
Generating Hard Instances of Lattice Problems
TL;DR: A random class of lattices in Z n is given so that, if there is a probabilistic polynomial time algorithm which nds a short vector in a random lattice with a probability of at least 1 2 then there is also a prob probability-based algorithm which solves the following three lattice problems in every lattice inZ n with a probabilities exponentially close to one.
BookDOI
Applied cryptography, second edition : protocols, algorithms,and source code in C
TL;DR: Part I—Cryptographic Protocols Chapter 2—Protocol Building Blocks 2.
References
More filters
Book
Computers and Intractability: A Guide to the Theory of NP-Completeness
TL;DR: The second edition of a quarterly column as discussed by the authors provides a continuing update to the list of problems (NP-complete and harder) presented by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NP-Completeness,” W. H. Freeman & Co., San Francisco, 1979.
Journal ArticleDOI
Factoring Polynomials with Rational Coefficients
TL;DR: This paper presents a polynomial-time algorithm to solve the following problem: given a non-zeroPolynomial fe Q(X) in one variable with rational coefficients, find the decomposition of f into irreducible factors in Q (X).
Factoring polynomials with rational coeficients
TL;DR: In this paper, a polynomial-time algorithm was proposed to decompose a primitive polynomials into irreducible factors in Z(X) if the greatest common divisor of its coefficients is 1.
Journal ArticleDOI
Hiding information and signatures in trapdoor knapsacks
TL;DR: Specific instances of the knapsack problem that appear very difficult to solve unless one possesses "trapdoor information" used in the design of the problem are demonstrated.