A Simple and Efficient Attack on the Merkle-Hellman Knapsack Cryptosystem

Abstract

Abstract The Merkle-Hellman knapsack cryptosystem was one of the two earliest public key cryptosystems, which was invented by Merkle and Hellman in 1978. One can recover the whole group of equivalent keys by using Shamir's method. The most time-consuming part of Shamir's attack is to recover the critical intermediate parameters by solving an integer programming problem with a fixed number of variables, whose worst-case complexity is exponential in the number of variables. In this paper, we present an improved algorithm to analyze the basic Merkle-Hellman public key cryptosystem. The main idea of our method is that we recover a partial super-increasing sequence as the equivalent private key, which is the main difference from Shamir's. More precisely, we first obtain a super-increasing sequence except for the first small part by invoking the LLL algorithm on a special lattice with a small dimension. After that, we can recover most part of the plaintext from the tail by solving the super-increasing knapsack method. Finally, we can recover the first part of plaintext from solving a size-reduced knapsack problem. Experimental data shows that one can recover the whole plaintext in less than 1 second on a laptop successfully for the typical parameters of the Merkle-Hellman cryptosystem, whose time complexity is reduced by a polynomial level compared with Shamir's algorithm.