Non-injective knapsack public-key cryptosystems

Jukka A. Koskinen
2001 Theoretical Computer Science  
Two public-key 0-1 knapsack cryptosystems are proposed, that have so high a density and use so weak a modular multiplication as a trapdoor, that known attacks can be avoided. Decryption is fairly slow and may produce more than one decipherment, but all alternative decipherments can be found. Disambiguating protocols are needed to determine the correct decipherment. It is suggested to use also redundancy for this purpose. In the ÿrst system, the initial knapsack is constructed from the powers of
more » ... two, which are multiplied by a constant and reduced with respect to a modulus to a speciÿc range, thus producing the "easy" knapsack. Then weak modular multiplication is used as a trapdoor transformation with respect to another modulus, which is typically smaller than some or all of the elements of the easy knapsack. The second knapsack is constructed iteratively from modularly injective or nearly injective components. Decryption of small components is based on look-up tables. The speciÿc form of the proposal uses also one large non-injective component, which is generated and decrypted in a way that resembles superincrease.
doi:10.1016/s0304-3975(99)00297-2 fatcat:obysbpyseve4dluzllwmrg6bpu