Improved broadcast attacks against subset sum problems via lattice oracle

Subset sum problem is a classical NP-hard problem viewed as a candidate to design quantum-resistant cryptography. Cryptographic constructions based on extended modular subset sum problems are proposed subsequently in recent years. In this paper, we propose an improved broadcast attack against subset sum problems via lattice oracle. We reduce multi-dimensional (modular) subset sum problems to BDD oracle and present an explicit relationship among parameters. To the best of our knowledge, it is the first analysis on the trade-off between the efficiency of broadcast attacks and the number of obtained ciphertexts on subset sum problems. We implement our broadcast attack using LLL and BKZ algorithm and show experimentally that our method is quite practical. Furthermore, our algorithm is applicable to those low-weight subset sum problems which some cryptographic schemes are based on. We claim that our attack is efficient for both binary encoding and powerline encoding under certain parameter settings.