It is proven that many public-key cryptosystems would be broken by the quantum computer. The knapsack cryptosystem which is based on the subset sum problem has the potential to be a quantum-resistant cryptosystem. Murakami and Kasahara proposed a SOSI trapdoor sequence which is made by combining shifted-odd (SO) and super-increasing (SI) sequence in the modular knapsack cryptosystem. This paper firstly show that the key generation method could not achieve a secure density against the low-density attack. Second, we propose a high-density key generation method and confirmed that the proposed scheme is secure against the low-density attack.

The subset sum problem, which is often called as the knapsack problem, is known as an NP-hard problem, and there are several cryptosystems based on the problem. Assuming an oracle for shortest vector problem of lattice, the low-density attack algorithm by Lagarias and Odlyzko and its variants solve the subset sum problem efficiently, when the “density” of the given problem is smaller than some threshold. When we define the density in the context of knapsack-type cryptosystems, weights are usually assumed to be chosen uniformly at random from the same interval. In this paper, we focus on general subset sum problems, where this assumption may not hold. We assume that weights are chosen from different intervals, and make analysis of the effect on the success probability of above algorithms both theoretically and experimentally. Possible application of our result in the context of knapsack cryptosystems is the security analysis when we reduce the data size of public keys.

In 2003, Kobayashi et al. proposed a new class of knapsack public-key cryptosystems over Gaussian integer ring. This scheme using two-sequences as the public key. In 2005, Sakamoto and Hayashi proposed an improved version of Kobayashi's scheme. In this paper, we propose the knapsack PKC using l-sequences as the public key and present the low-density attack on it. We have described Schemes R and G for l=2, in which the public keys are constructed over rational integer ring and over Gaussian integer ring, respectively. We discusses on the difference of the security against the low-density attack. We show that the security levels of Schemes R and G differ only slightly.

We analyze the Lagarias-Odlyzko low-density attack precisely, and show that this low-density attack can be applied to the Chor-Rivest and the Okamoto-Tanaka-Uchiyama cryptosystemes, which are considered to be secure against the low-density attack. According to our analysis, these schemes turn out to be no longer secure against the low-density attack.

Recently, Kasahara and Murakami proposed new product-sum type public-key cryptosystems with the Chinese remainder theorem, Methods B-II and B-IV. They also proposed a new technique of selectable encryption key, which is referred to as 'Home Page Method (HP Method).' In this paper, first, we describe Methods B-II and B-IV. Second, we propose an effective attack for Method B-II and discuss the security of Methods B-II and B-IV. Third, applying the HP Method to Methods B-II and B-IV, we propose new product-sum type PKC with selectable encryption key. Moreover, we discuss the security of the proposed cryptosystems.

Recently, Kasahara and Murakami proposed new product-sum public-key cryptosystems using the Chinese remainder theorem as the trapdoor. We proposed 'Yaezakura' as the high-density product-sum PKC applying the method using the reduced bases. In this paper, we propose another high-density scheme with the Chinese remainder theorem trapdoor using the message extension. We also show that the proposed scheme is invulnerable to the low-density attack. In the proposed scheme, the sender can freely select the positions of the dummy messages.

The encryption and the decryption of the product-sum type public key cryptosystems can be performed extremely fast. However, when the density is low, the cryptosystem should be broken by the low-density attack. In this paper, we propose a new class of the product-sum type public key cryptosystems based on the reduced bases, which is invulnerable to the low-density attack.