Skip to Main Content
The basic Merkle-Hellman additive trapdoor knapsack public-key cryptosystem was recently shown to be insecure, and attacks have also been developed on stronger variants of it, such as the Graham-Shamir system and the iterated knapsack cryptosystem. It is shown that some simple variants of another Merkle-Hellman system, the multiplicative knapsack cryptosystem, are insecure. It is also shown that the Shamir fast signature scheme can be broken quickly. Similar attacks can also be used to break the Schöbi-Massey authentication scheme. These attacks have not been rigorously proved to succeed, but heuristic arguments and empirical evidence indicate that they work on systems of practical size.