Generalized Compact Knapsacks are Collision Resistant


The generalized knapsack problem is the following: given m random elements a1, . . . , am in a ring R, and a target t ∈ R, find z1, . . . , zm ∈ D such that P aizi = t, where D is some fixed subset of R. In (Micciancio, FOCS 2002) it was proved that for appropriate choices of R and D, solving the generalized compact knapsack problem on the average is as hard as solving certain worst-case problems for cyclic lattices, even for almost constant values of m. This result immediately yields very efficient one-way functions whose security is based on worst-case hardness assumptions. In this work, we show that while the function proposed by Micciancio is not collision resistant, it can be easily modified to achieve collision resistance under essentially the same complexity assumptions on cyclic lattices. Our modified function is obtained as a special case of a more general result, which yields efficient collision-resistant hash functions based on the worst-case hardness of various new problems. These include new problems from algebraic number theory, and classic lattice problems (e.g., the shortest vector problem) over ideal lattices, a class of lattices that includes cyclic lattices as a special case.

DOI: 10.1007/11787006_13

Extracted Key Phrases

Citations per Year

243 Citations

Semantic Scholar estimates that this publication has 243 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@article{Lyubashevsky2005GeneralizedCK, title={Generalized Compact Knapsacks are Collision Resistant}, author={Vadim Lyubashevsky and Daniele Micciancio}, journal={Electronic Colloquium on Computational Complexity (ECCC)}, year={2005} }