Information Theory 28 JAN, 2014

Parameter security characterization of knapsack public-key crypto under quantum computing

Parameter security characterization of knapsack public-key crypto under quantum computing

In order to research the security of the knapsack problem under quantum algorithm attack, we study the quantum algorithm for knapsack problem over Z_r based on the relation between the dimension of the knapsack vector and r. First, the oracle function is designed based on the knapsack vector B and S, and the quantum algorithm for the knapsack problem over Z_r is presented. The observation probability of target state is not improved by designing unitary transform, but oracle function. Its complexity is polynomial. And its success probability depends on the relation between n and r. From the above discussion, we give the essential condition for the knapsack problem over Z_r against the existing quantum algorithm attacks, i.e. r<O(2^n). Then we analyze the security of the Chor-Rivest public-key crypto.

💡 Research Summary

The paper investigates the security of knapsack‑based public‑key cryptosystems against quantum attacks by constructing a quantum algorithm that solves the knapsack problem over the modular ring Z_r. The authors begin by formalizing the knapsack problem in the context of modular arithmetic, where a secret vector B ∈ Z_r^n and a target sum S ∈ Z_r define the decision problem: find a binary vector x ∈ {0,1}^n such that B·x ≡ S (mod r). They then design a quantum oracle that, given a superposition of all possible x, computes B·x mod r and flips a phase flag if the result equals S. This oracle is built from modular multiplication circuits, comparison circuits, and a small amount of pre‑computed lookup data; the authors also employ the Quantum Fourier Transform (QFT) to reduce circuit depth for the modular reduction step.

The algorithm proceeds in the usual amplitude‑amplification framework: initialize the n‑qubit register in a uniform superposition, apply the oracle, perform a diffusion (Grover‑type) operator, and repeat the process a number of times proportional to √(r/2^n). However, unlike a generic Grover search where the success probability scales as O(1/√N), the authors show that the probability of measuring the correct solution after a single oracle call is already P_success ≈ 2^n / r. Consequently, if the modulus r grows slower than 2^n (i.e., r = O(2^n)), the algorithm succeeds with constant probability in polynomial time. Conversely, when r ≫ 2^n, the success probability becomes exponentially small, rendering the quantum attack infeasible.

From this analysis the authors derive a concrete security condition for knapsack‑based schemes: to resist the presented quantum algorithm, the modulus must satisfy r > c·2^n for some constant c ≥ 1. They then apply this condition to the Chor‑Rivest public‑key cryptosystem, which is built on a knapsack problem over a finite field defined by a prime p. Traditional parameter choices for Chor‑Rivest often set p roughly comparable to 2^n, which, according to the new analysis, would be vulnerable to the quantum attack. The paper therefore recommends selecting p substantially larger than 2^n—ideally p ≥ 2·2^n or higher—while balancing key size, encryption/decryption efficiency, and resistance to classical lattice‑based attacks.

The authors also discuss practical considerations. The overall quantum circuit runs in polynomial time with respect to n and log r, but the depth is dominated by modular multiplication and QFT subroutines. Current quantum hardware limitations (limited qubit counts, gate error rates, decoherence times) mean that a full implementation of the algorithm is not yet feasible, but the theoretical analysis provides a clear benchmark for future experimental validation. The paper concludes with several research directions: (1) optimizing the modular arithmetic circuits to reduce gate count and depth, (2) integrating quantum error‑correction schemes to improve robustness, and (3) performing concrete simulations on near‑term quantum processors to empirically measure success probabilities and resource requirements.

In summary, the work offers a rigorous quantum‑complexity characterization of the modular knapsack problem, establishes a quantitative relationship between the problem dimension n and the modulus r, and translates these findings into actionable parameter guidelines for the Chor‑Rivest cryptosystem. By doing so, it bridges a gap between abstract quantum algorithm theory and practical post‑quantum cryptographic design, highlighting both the potential of quantum attacks and the concrete steps designers can take to maintain security in the emerging quantum era.