Open main menu

Knapsack Cryptosystems are cryptosystems which security is based on the hardness of solving the knapsack problem. They remain quite unpopular because these algorithms have been broken for several decades[1]. However that type of cryptosystem is a good candidate for post-quantum cryptography.[citation needed]

The most famous knapsack cryptosystem is the Merkle-Hellman Public Key Cryptosystem, one of the first public key cryptosystems, published the same year as the RSA cryptosystem. However this system has been broken by several attacks : one from Shamir,[2] one by Adleman,[3] and the low density attack.

However, there exist modern knapsack cryptosystems that are considered secure so far: among them is Nasako-Murakami 2006.[4]

What is interesting with those systems is that the Knapsack problem, in the settings where no attack were found, is believed to be difficult to solve even by a quantum computer. This is not the case for systems as RSA relying on the problem of factoring large integers, a problem that is solved in polynomial time[citation needed] by Shor's algorithm.


  1. ^ Schneier, Bruce (2004). Secrets and Lies. Wiley Publishing, Inc. p. 95. ISBN 978-0-471-25311-2.
  2. ^ Shamir 1982.
  3. ^ Adleman 1982.
  4. ^ Nasako & Murikami 2006.