Advertisement

Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

A New \(\mathcal{N}\mathcal{P} \)-Complete Problem and Public-Key Identification

Abstract

The appearance of the theory of zero-knowledge, presented by Goldwasser, Micali and Rackoff in 1985, opened a way to secure identification schemes. The first application was the famous Fiat-Shamir scheme based on the problem of modular square roots extraction. In the following years, many other schemes have been proposed, some Fiat-Shamir extensions but also new discrete logarithm based schemes. Therefore, all of them were based on problems from number theory. Their main common drawback is high computational load because of arithmetical operations modulo large integers. Implementation on low-cost smart cards was made difficult and inefficient.

With the Permuted Kernels Problem (PKP), Shamir proposed the first efficient scheme allowing for an implementation on such low-cost smart cards, but very few others have afterwards been suggested.

In this paper, we present an efficient identification scheme based on a combinatorial \(\mathcal{N}\mathcal{P}\)-complete problem: the Permuted Perceptrons Problem (PPP). This problem seems hard enough to be unsolvable even with very small parameters, and some recent cryptanalysis studies confirm that position. Furthermore, it admits efficient zero-knowledge proofs of knowledge and so it is well-suited for cryptographic purposes. An actual implementation completes the optimistic opinion about efficiency and practicability on low-cost smart cards, and namely with less than 2KB of EEPROM and just 100 Bytes of RAM and 6.4 KB of communication.

This is a preview of subscription content, log in to check access.

References

  1. 1.

    T. Baritaud, M. Campana, P. Chauvaud and H. Gilbert, On the security of the permuted kernel identification scheme, In Crypto '92, LNCS, Vol. 740 Springer-Verlag, Berlin (1992) pp. 305–311.

  2. 2.

    E. B. Baum, D. Boneh and C. Garrett, On Genetic Algorithms, In Proc. of the 8th COLT, ACM Press, New York (1995) pp. 230–239.

  3. 3.

    M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, In Proc. of the 1st CCS, ACM Press, New York (1993) pp. 62–73.

  4. 4.

    E. F. Brickell and K. S. McCurley, An interactive identification scheme based on discrete logarithms and factoring, In Eurocrypt '90, LNCS, Vol. 473 Springer-Verlag, Berlin (1991) pp. 63–71.

  5. 5.

    E. F. Brickell and K. S. McCurley, An interactive identification scheme based on discrete logarithms and factoring, Journal of Cryptology, Vol. 5 (1992) pp. 29–39.

  6. 6.

    F. Chabaud, On the security of some cryptosystems based on error-correcting codes, In Eurocrypt '94, LNCS, Vol. 950 Springer-Verlag, Berlin (1995) pp. 131–139.

  7. 7.

    I. B. Damgård, T. P. Pedersen and B. Pfitzmann, On the existence of statistically hiding bit-commitment schemes and fail-stop signatures, In Crypto '93, LNCS, Vol. 773 Springer-Verlag, Berlin (1994) pp. 250–267.

  8. 8.

    L. Davis (ed.), Genetics Algorithms and Simulated Annealing, Pitman, London (1987).

  9. 9.

    A. Fiat and A. Shamir, How to prove yourself: practical solutions of identification and signature problems, In Crypto '86, LNCS, Vol. 263 Springer-Verlag, Berlin (1987) pp. 186–194.

  10. 10.

    M. R. Garey and D. S. Johnson, Computers and Intractability, A Guide to the Theory of NP-Completeness, Freeman, San Francisco, CA (1979).

  11. 11.

    J. Georgiades, Some remarks on the security of the identification scheme based on permuted kernels, Journal of Cryptology, Vol. 5 No. 2 (1992) pp. 133–137.

  12. 12.

    M. Girault, An identity-based identification scheme based on discrete logarithms modulo a composite number, In Eurocrypt '90, LNCS, Vol. 473 Springer-Verlag, Berlin (1991) pp. 481–486.

  13. 13.

    M. Girault, Self-certified public keys, In Eurocrypt '91, LNCS, Vol. 547 Springer-Verlag, Berlin (1992) pp. 490–497.

  14. 14.

    M. Girault and J.-C. Paillès, An identity-based identification scheme providing zero-knowledge authentication and authenticated key exchange, In ESORICS '90, LNCS, Springer-Verlag, Berlin (1990) pp. 173–184.

  15. 15.

    M. Girault and J. Stern, On the length of cryptographic hash-values used in identification schemes, In Crypto '94, LNCS, Vol. 839 Springer-Verlag, Berlin (1994) pp. 202–215.

  16. 16.

    D. E. Goldberg, Genetic Algorithms in Search, Optimization and Machine Learning, Addison-Wesley, Reading, MA (1989).

  17. 17.

    O. Goldreich, S. Micali and A. Wigderson, How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design, In Crypto '86, LNCS, Vol. 263 Springer-Verlag, Berlin (1987) pp. 171–185.

  18. 18.

    S. Goldwasser, S. Micali and C. Rackoff, The knowledge complexity of interactive proof systems, In Proc. of the 17th STOC, ACM Press, New York (1985) pp. 291–304.

  19. 19.

    L. C. Guillou and J.-J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, In Eurocrypt '88, LNCS, Vol. 330 Springer-Verlag, Berlin (1988) pp. 123–128.

  20. 20.

    S. Halevi and S. Micali, Practical and provably-secure commitment schemes from collision-free hashing, In Crypto '96, LNCS, Vol. 1109, Springer-Verlag, Berlin (1996) pp. 201–215.

  21. 21.

    J. H. Holland, Adaptation in Natural and Artificial Systems, The University of Michigan Press (1975).

  22. 22.

    H. J. Knobloch, A smart card implementation of the fiat-shamir identification scheme, In Eurocrypt '88, LNCS, Vol. 330 Springer-Verlag, Berlin (1988) pp. 87–95.

  23. 23.

    L. Knudsen and W. Meier, Cryptanalysis of an identification scheme based on the permuted perceptron problem, In Eurocrypt '99, LNCS, Vol. 1592, Springer-Verlag, Berlin (1999) pp. 363–374.

  24. 24.

    D. E. Knuth, The Art of Computer Programming, Vol. 2 Addison-Wesley, London (1969).

  25. 25.

    M. Luby and Ch. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, SIAM Journal of Computing, Vol. 17 No. 2 (1988) pp. 373–386.

  26. 26.

    NIST, Secure Hash Standard (SHS), Federal Information Processing Standards Publication (180–1), April (1995).

  27. 27.

    K. Ohta and T. Okamoto, A modification of the fiat-shamir scheme, In Crypto '88, LNCS, Vol. 403 Springer-Verlag, Berlin (1989) pp. 232–243.

  28. 28.

    H. Ong and C. P. Schnorr, Fast signature generation with a fiat-shamir-like scheme, In Eurocrypt '90, LNCS, Vol. 473 Springer-Verlag, Berlin (1991) pp. 432–440.

  29. 29.

    C. Papadimitriou and M. Yannakakis, Optimization, approximation and complexity classes, Journal of Computer and Systems Sciences, Vol. 43 (1991) pp. 425–440.

  30. 30.

    J. Patarin and P. Chauvaud, Improved agorithms for the permuted kernel problem, In Crypto '93, LNCS, Vol. 773 Springer-Verlag, Berlin (1994) pp. 391–402.

  31. 31.

    D. Pointcheval, Neural networks and their cryptographic applications, In Eurocode '94, INRIA (1994) pp. 183–193.

  32. 32.

    D. Pointcheval, A new identification scheme based on the perceptrons problem, In Eurocrypt '95, LNCS, Vol. 921 Springer-Verlag, Berlin (1995) pp. 319–328.

  33. 33.

    D. Pointcheval, The composite discrete logarithm and secure authentication, In PKC 2000, LNCS, Vol. 1151 Springer-Verlag, Berlin (2000) pp. 113–128.

  34. 34.

    G. Poupard, A realistic security analysis of identification schemes based on combinatorial problems, European Transactions on Telecommunications, Vol. 8 No. 5 (1997) pp. 471–480.

  35. 35.

    G. Poupard and J. Stern, Security analysis of a practical “on the fly” authentication and signature generation, In Eurocrypt '98, LNCS, Vol. 1403, Springer-Verlag, Berlin (1998) pp. 422–436.

  36. 36.

    G. Poupard and J. Stern, On the fly signatures based on factoring, In Proceedings of 6th ACM-CCS, ACM press (1999) pp. 37–45.

  37. 37.

    G. Poupard and J. Stern, Short proofs of knowledge for factoring, In PKC 2000, LNCS, Vol. 1751, Springer-Verlag (2000) pp. 147–166.

  38. 38.

    B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis, Katholieke Universiteit Leuven, Departement Elektrotechniek, January (1993).

  39. 39.

    R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321, The Internet Engineering Task Force, April (1992).

  40. 40.

    R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM, Vol. 21 No. 2 (1978) pp. 120–126.

  41. 41.

    C. P. Schnorr, Efficient identification and signatures for smart cards, In Crypto '89, LNCS,Vol. 435 Springer-Verlag, Berlin (1990) pp. 235–251.

  42. 42.

    A. Shamir, An efficient identification scheme based on permuted kernels, In Crypto '89, LNCS, Vol. 435 Springer-Verlag, Berlin (1990) pp. 606–609.

  43. 43.

    V. Shoup, On the security of a practical identification scheme, In Eurocrypt '96, LNCS, Vol. 1070, Springer-Verlag, Berlin (1996) pp. 344–353.

  44. 44.

    J. Stern, A new identification scheme based on syndrome decoding, In Crypto '93, LNCS,Vol. 773 Springer-Verlag, Berlin (1994) pp. 13–21.

  45. 45.

    J. Stern, Designing identification schemes with keys of short size, In Crypto '94, LNCS, Vol. 839 Springer-Verlag, Berlin (1994) pp. 164–173.

  46. 46.

    J. Stern, A new paradigm for public-key identification, IEEE Transaction on Information Theory, IT-42 (1996) pp. 1757–1768.

Download references

Author information

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Pointcheval, D., Poupard, G. A New \(\mathcal{N}\mathcal{P} \)-Complete Problem and Public-Key Identification. Designs, Codes and Cryptography 28, 5–31 (2003). https://doi.org/10.1023/A:1021835718426

Download citation

  • zero-knowledge identification
  • (permuted) perceptrons problem
  • \(\mathcal{N}\mathcal{P}\)-complete problem
  • simulated annealing