Merkle–Hellman knapsack cryptosystem

E434684

The Merkle–Hellman knapsack cryptosystem is an early public-key encryption scheme based on the subset sum (knapsack) problem, historically significant as one of the first practical public-key systems though later found to be insecure.

All labels observed (1)

Label Occurrences
Merkle–Hellman knapsack cryptosystem canonical 1

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf encryption scheme
knapsack cryptosystem
public-key cryptosystem
application theoretical study of cryptanalytic techniques
basedOn knapsack problem
subset sum problem NERFINISHED
brokenBy Adi Shamir NERFINISHED
brokenIn 1982
ciphertextType integer
cipherType asymmetric-key cipher
public-key cipher
consideredSecure false
constructionStep choose a modulus larger than the sum of the superincreasing sequence
choose a multiplier relatively prime to the modulus
choose a superincreasing sequence as private key
compute public key by modular multiplication of private sequence
creator Martin Hellman NERFINISHED
Ralph Merkle NERFINISHED
decryptionMethod multiply ciphertext by modular inverse of multiplier
solve superincreasing subset sum greedily
encryptionMethod encode bits as subset sums of public key weights
field cryptography
public-key cryptography
hasComponent decryption algorithm
encryption algorithm
key generation algorithm
hasVariant general knapsack cryptosystem NERFINISHED
multiple-iterated Merkle–Hellman knapsack cryptosystem NERFINISHED
historicalSignificance demonstrated practicality of public-key cryptography
early example of public-key encryption
inspiredBy Diffie–Hellman key exchange NERFINISHED
introducedIn 1978
keyType private key
public key
namedAfter Martin Hellman NERFINISHED
Ralph Merkle NERFINISHED
notableAs one of the first practical public-key cryptosystems
plaintextType binary message
problemType NP-complete problem (subset sum)
publicationYear 1978
securityGoal confidentiality
status broken
taughtIn cryptography courses
uses modular inverse
modular multiplication
superincreasing sequence
vulnerableTo Shamir’s attack NERFINISHED
lattice-based attacks
low-density subset sum attacks

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Merkle knownFor Merkle–Hellman knapsack cryptosystem
subject surface form: Ralph Merkle