- Source: Knapsack cryptosystems
Knapsack cryptosystems are cryptosystems whose security is based on the hardness of solving the knapsack problem. They remain quite unpopular because simple versions of these algorithms have been broken for several decades. However, that type of cryptosystem is a good candidate for post-quantum cryptography.
The most famous knapsack cryptosystem is the Merkle-Hellman Public Key Cryptosystem, one of the first public key cryptosystems, published the same year as the RSA cryptosystem. However, this system has been broken by several attacks: one from Shamir, one by Adleman, and the low density attack.
However, there exist modern knapsack cryptosystems that are considered secure so far: among them is Nasako-Murakami 2006.
Knapsack cryptosystems, when not subject to classical cryptoanalysis, are believed to be difficult even for quantum computers. That is not the case for systems that rely on factoring large integers, like RSA, or computing discrete logarithms, like ECDSA, problems solved in polynomial time with Shor's algorithm.
References
Bibliography
Adleman, Leonard (1983). "On Breaking the Iterated Merkle-Hellman Public-Key Cryptosystem". Advances in Cryptology. Springer. pp. 303–308. doi:10.1007/978-1-4757-0602-4_29. ISBN 978-1-4757-0604-8.
Shamir, Adi (1982), "A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystems", Focs '82: 145–152, doi:10.1109/SFCS.1982.5
Nasako, T.; Murakami, Y. (2006), "A high-density knapsack cryptosystem using combined trapdoor", Japan Society for Industrial and Applied Mathematics, 16 (4): 519–605, doi:10.11540/jsiamt.16.4_591