Which public key cryptosystems are not based on number theory?

Question

Are there any public key cryptographic systems whose hardness assumptions don't involve number theoretic problems?

Answer 1

Yes. The McEliece cryptosystem using Binary Goppa codes has withstood cryptanalysis to date. Its hardness is based on decoding. I should note that it has been broken for certain classes of codes.

Another common example is the Merkle-Hellman knapsack cryptosystem. Unfortunately it was broken. It is likely possible to build a secure cryptosystem based on the knapsack problem. I wanted to at least mention this line of work.

Answer 2

In addition to McEliece (already mentioned by Mike), there's also Hash Based Signatures (such as this one); these are signature algorithms that is based only on some security assumptions of a hash function (and typical hash functions as about as far from numeric-theoretical problems as you can get)

Answer 3

This is only useful as a thought exercise, but Alice and Bob can do key exchange based only on the strength of AES or some other private cipher:

Assumptions: doing $2^{40}$ operations will take "a while" but is doable; $2^{80}$ operations is out of the realm of possibility in a century. Alice can publish arbritary amounts of information which cannot be tampered with

Alice generates $2^{40}$ AES keys (assuming each is a 128 bit key, that $2^{44}$ bytes aka 16 TB) and encrypts each with another random AES key along with a check value. She then publishes this data set with most of the key she picked (all but 40 bits) Assuming the check value is also 128 bits, we're now talking about 48 TB, so again, this is mainly only useful as a thought experiment. This takes $O(2^{40})$ steps and about the same storage.

Bob picks one of the keys at random (after downloading the whole set) and brute forces the remaining bits (which will take $O(2^{40})$ steps). Bob sends a message to Alice using the decrypted key which again has a check value. Alice then has to try all of the $2^{40}$ keys (which again takes $O(2^{40})$ steps) until she finds a key that yields the expected check value, and at that point Bob and Alice have agreed on a 128-bit AES key.

Eve would have to brute force all of the messages (which would take $O(2^{80})$ which is assumed to be reasonably secure without quantum computers).

Answer 4

I am currently looking at “A SAT-based Public Key Cryptography Scheme” (PDF) where it is proposed a Public Key Cryptography Scheme based in Boolean Satisfiability Problem which is NP-complete. It seems pretty interesting and the autor also provides an implementation at GitHub. The public key is a SAT formula satisfied by the private key.