Selected Areas in Cryptography

Volume 6544 of the series Lecture Notes in Computer Science pp 171-186

A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem

  • Pierre-Louis CayrelAffiliated withCASED – Center for Advanced Security Research Darmstadt
  • , Pascal VéronAffiliated withIMATH, Université du Sud Toulon-Var
  • , Sidi Mohamed El Yousfi AlaouiAffiliated withCASED – Center for Advanced Security Research Darmstadt

* Final gross prices may vary according to local VAT.

Get Access


At CRYPTO’93, Stern proposed a 3-pass code-based identification scheme with a cheating probability of 2/3. In this paper, we propose a 5-pass code-based protocol with a lower communication complexity, allowing an impersonator to succeed with only a probability of 1/2. Furthermore, we propose to use double-circulant construction in order to dramatically reduce the size of the public key.

The proposed scheme is zero-knowledge and relies on an NP-complete coding theory problem (namely the q-ary Syndrome Decoding problem). The parameters we suggest for the instantiation of this scheme take into account a recent study of (a generalization of) Stern’s information set decoding algorithm, applicable to linear codes over arbitrary fields \(\mathbb{F}_q\); the public data of our construction is then 4 Kbytes, whereas that of Stern’s scheme is 15 Kbytes for the same level of security. This provides a very practical identification scheme which is especially attractive for light-weight cryptography.


post-quantum cryptography code-based cryptography Stern’s scheme identification zero-knowledge