Improved identification schemes based on error-correcting codes

Article

Abstract

As it is often the case in public-key cryptography, the first practical identification schemes were based on hard problems from number theory (factoring, discrete logarithms). The security of the proposed scheme depends on an NP-complete problem from the theory of error correcting codes: the syndrome decoding problem which relies on the hardness of decoding a binary word of given weight and given syndrome. Starting from Stern’s scheme [18], we define a dual version which, unlike the other schemes based on the SD problem, uses a generator matrix of a random linear binary code. This allows, among other things, an improvement of the transmission rate with regards to the other schemes. Finally, by using techniques of computation in a finite field, we show how it is possible to considerably reduce:
  • - the complexity of the computations done by the prover (which is usually a portable device with a limited computing power).

  • - the size of the data stored by the latter.

Keywords

Identification scheme NP-complete problem SD problem Zero-knowledge 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the 1st ACM Conference Comput. Commun. Security, 62–73 (1993)Google Scholar
  2. 2.
    Berlekamp, E. R.: Algebraic Coding Theory, McGraw-Hill Book Company, 1968Google Scholar
  3. 3.
    Berlekamp, E. R., Mc Eliece, R. J., Van Tilborg, H. C. A.: On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory, 384–386 (1978)Google Scholar
  4. 4.
    Berlekamp, E. R.: Bit-Serial Reed-Solomon Encoders. IEEE Trans. Inform. Theory, vol IT-28, 6, 869–874 (1982)CrossRefGoogle Scholar
  5. 5.
    Canteaut, A., Chabanne, H.: A further improvement of the workfactor in an attempt at breaking Mc Eliece’s cryptosystem. Proceedings of Eurocode’94, 163–167Google Scholar
  6. 6.
    Chabaud, F.: On the Security of Some Cryptosystems Based On Error-Correcting Codes, Eurocrypt’94. Lecture Notes in Computer Science Vol. 950, pp. 131–139. Berlin, Heidelberg, New York: Springer 1995Google Scholar
  7. 7.
    Fiat, A., Shamir, A.: How To Prove Yourself: Practical Solutions to Identification and Signatures Problems. Advances in Cryptology, Crypto’86, Lecture Notes in Computer Science Vol. 263, pp. 186–194. Berlin, Hiedelberg, New York: SpringerGoogle Scholar
  8. 8.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identify. Proc. 19th ACM Symp. Theory of Computing, 210–217 (1987)Google Scholar
  9. 9.
    Girault, M.: A (non-practical) three-pass identification protocol using coding theory, Advances in Cryptology, Auscrypt’90, Lecture Notes in Computer Science Vol. 453, pp. 265–272. Berlin, Heidelberg, New York: SpringerGoogle Scholar
  10. 10.
    Girault, M., Stern, J.: On the length of cryptographic hash-values used in identification schemes. Crypto’94, Lecture Notes in Computer Science Vol. 839, pp. 202–215 Berlin, Heidelberg, New York: Springer 1994Google Scholar
  11. 11.
    Goldwasser, S., Micali S., Rackoff, C.: The knowledge complexity of interactive proof systems. Proc. 17th ACM Symp. Theory Computing, 291–304 (1985)Google Scholar
  12. 12.
    Harari, S. A New Authentication Algorithm, Proceedings of Coding Theory and Applications, Lecture Notes in Computer Science Vol. 388, pp. 91–105, Berlin, Heidelberg, New York: Springer 1988Google Scholar
  13. 13.
    Leon, J. S.: A probabilistic algorithm for computing minimum weights of large error-correcting codes, IEEE Trans. Inform. Theory, IT-34(5): 1354–1359Google Scholar
  14. 14.
    MacWilliams, F. J., Sloane, N. J. A.: The Theory of error-correcting codes, North-Holland, Amsterdam-New-York-Oxford, 1977MATHGoogle Scholar
  15. 15.
    Pointcheval, D.: Neural Networks and their cryptographic applications. Proc. Eurocode’94, 183–193Google Scholar
  16. 16.
    Shamir, A.: An efficient identification scheme based on permuted kernels. Proc. Crypto’89, Lecture Notes in Computer Science Vol. 435, pp. 606–609, Berlin, Heidelberg, New York: SpringerGoogle Scholar
  17. 17.
    Stern, J.: A method for finding codewords of small weight. Coding Theory and Applications. Lecture Notes in Computer Science Vol. 434, pp. 173–180. Berlin, Heidelberg, New York: SpringerGoogle Scholar
  18. 18.
    Stern, J.: A new identification scheme based on syndrome decoding, Crypto’93, Lecture Notes in Computer Science Vol. 773, pp. 13–21, Berlin, Heidelberg, New York: Springer 1994Google Scholar
  19. 19.
    Stern, J.: Designing identification schemes with keys of short size. Crypto’94, Lecture Notes in Computer Science Vol. 839, pp. 164–173, Berlin, Heidelberg, New York: Springer 1994Google Scholar
  20. 20.
    Zierler, N.: On the Theorem of Gleason and Marsh. Proc. Am. Math. Soc., 9: 236–237, Math. Rev., 20: 851, 1958MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  1. 1.G.E.C.T.Université de Toulon et du VarLa Garde CedexFrance

Personalised recommendations