Naccache–Stern knapsack cryptosystem

Note: this is not to be confused with the Naccache–Stern cryptosystem based on the higher residuosity problem.

The Naccache–Stern Knapsack Cryptosystem is an atypical public-key cryptosystem developed by David Naccache and Jacques Stern in 1997. This cryptosystem is deterministic, and hence is not semantically secure. This system also lacks provable security.

System Overview

This system is based on a type of knapsack problem. Specifically, the underlying problem is this: given integers c,n,p and v₀,...,v_n, find a vector $x \in \{0,1\}^n$ such that

c \equiv \prod_{i=0}^n v_i^{x_i} \mod p

The idea here is that when the v_i are relatively prime and much smaller than the modulus p this problem can be solved easily. It is this observation which allows decryption.

Key Generation

To generate a public/private key pair

Pick a large prime modulus p.
Pick a positive integer n and for i from 0 to n, set p_i to be the ith prime, starting with p₀ = 2 and such that $\prod_{i=0}^np_i < p$ .
Pick a secret integer s < p-1, such that gcd(p-1,s) = 1.
Set $v_i = \sqrt[s]{p_i} \mod p$ .

The public key is then p,n and v₀,...,v_n. The private key is s.

Encryption

To encrypt an n-bit long message m, calculate

c = \prod_{i=0}^n v_i^{m_i} \mod p

where m_i is the ith bit of the message m.

Decryption

To decrypt a message c, calculate

m = \sum_{i=0}^n \frac{2^i}{p_i-1} \times \left( \gcd(p_i,c^s \mod p) -1 \right)

This works because the fraction

\frac{ \gcd(p_i,c^s \mod p) - 1 }{p_i - 1}

is 0 or 1 depending on whether p_i divides c^s mod p.

References

Naccache–Stern knapsack cryptosystem

Contents

System Overview

Key Generation

Encryption

Decryption

See also

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools