A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem

  • Pierre-Louis Cayrel
  • Pascal Véron
  • Sidi Mohamed El Yousfi Alaoui
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6544)

Abstract

At CRYPTO’93, Stern proposed a 3-pass code-based identification scheme with a cheating probability of 2/3. In this paper, we propose a 5-pass code-based protocol with a lower communication complexity, allowing an impersonator to succeed with only a probability of 1/2. Furthermore, we propose to use double-circulant construction in order to dramatically reduce the size of the public key.

The proposed scheme is zero-knowledge and relies on an NP-complete coding theory problem (namely the q-ary Syndrome Decoding problem). The parameters we suggest for the instantiation of this scheme take into account a recent study of (a generalization of) Stern’s information set decoding algorithm, applicable to linear codes over arbitrary fields \(\mathbb{F}_q\); the public data of our construction is then 4 Kbytes, whereas that of Stern’s scheme is 15 Kbytes for the same level of security. This provides a very practical identification scheme which is especially attractive for light-weight cryptography.

Keywords

post-quantum cryptography code-based cryptography Stern’s scheme identification zero-knowledge 

References

  1. 1.
    Barg, S.: Some new NP-complete coding problems. Probl. Peredachi Inf. 30, 23–28 (1994)MathSciNetMATHGoogle Scholar
  2. 2.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the mcEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3), 384–386 (1978)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Bernstein, D.J., Buchmann, J., Dahmen, E.: Post-Quantum Cryptography. Springer, Heidelberg (2008)Google Scholar
  5. 5.
    Cayrel, P.-L., Gaborit, P., Girault, M.: Identity-based identification and signature schemes using correcting codes. In: Augot, D., Sendrier, N., Tillich, J.-P. (eds.) International Workshop on Coding and Cryptography, WCC 2007, pp. 69–78 (2007)Google Scholar
  6. 6.
    Cayrel, P.-L., Gaborit, P., Prouff, E.: Secure implementation of the stern authentication and signature schemes for low-resource devices. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 191–205. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Chabaud, F., Stern, J.: The cryptographic security of the syndrome decoding problem for rank distance codes. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 368–381. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  8. 8.
    Chen, K.: Improved girault identification scheme. Electronics Letters 30(19), 1590–1591 (1994)CrossRefGoogle Scholar
  9. 9.
    Interactive comparison of some zero knowledge identification schemes, http://tinyurl.com/32gxn8w
  10. 10.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of mcEliece variants with compact keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  12. 12.
    Gaborit, P., Girault, M.: Lightweight code-based authentication and signature. In: IEEE International Symposium on Information Theory – ISIT 2007, Nice, France, pp. 191–195. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O.: Zero-knowledge twenty years after its invention (2002), http://eprint.iacr.org/
  14. 14.
    Jaulmes, É., Joux, A.: Cryptanalysis of pkp: a new approach. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 165–172. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    MacWilliams, F.J., Sloane, N.J.A.: The theory of error correcting codes. North-Holland, Amsterdam (1977)MATHGoogle Scholar
  16. 16.
    Aguilar Melchor, C., Cayrel, P.-L., Gaborit, P.: A new efficient threshold ring signature scheme based on coding theory. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Misoczki, R., Barreto, P.S.L.M.: Compact mcEliece keys from goppa codes. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Niebuhr, R., Cayrel, P.-L., Bulygin, S., Buchmann, J.: On lower bounds for information set decoding over Fq. In: SCC 2010 (2010) (preprint)Google Scholar
  19. 19.
    Peters, C.: Information-set decoding for linear codes over Fq (2009), http://eprint.iacr.org/
  20. 20.
    Pierce, J.N.: Limit distributions of the minimum distance of random linear codes. IEEE Trans. Inf. theory 13, 595–599 (1967)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Pointcheval, D.: A new identification scheme based on the perceptrons problem. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 319–328. Springer, Heidelberg (1995)Google Scholar
  22. 22.
    Pointcheval, D., Poupard, G.: A new NP-complete problem and public-key identification. Des. Codes Cryptography 28(1), 5–31 (2003)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Poupard, G.: A realistic security analysis of identification schemes based on combinatorial problems. European Transactions on Telecommunications 8(5), 471–480 (1997)CrossRefGoogle Scholar
  24. 24.
    Shamir, A.: An efficient identification scheme based on permuted kernels. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 606–609. Springer, Heidelberg (1990)Google Scholar
  25. 25.
    Stern, J.: A method for finding codewords of small weight. In: Wolfmann, J., Cohen, G. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)CrossRefGoogle Scholar
  26. 26.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  27. 27.
    Stern, J.: Designing identification schemes with keys of short size. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 164–173. Springer, Heidelberg (1994)Google Scholar
  28. 28.
    Gauthier Umana, V., Leander, G.: Practical key recovery attacks on two McEliece variants (2009), http://eprint.iacr.org/2009/509.pdf
  29. 29.
    Véron, P.: Improved identification schemes based on error-correcting codes. Appl. Algebra Eng. Commun. Comput. 8(1), 57–69 (1996)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Wolf, C., Preneel, B.: \({{\mathcal MQ}}^*\)-ip: An identity-based identification scheme without number-theoric assumptions (2010), http://eprint.iacr.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Pierre-Louis Cayrel
    • 1
  • Pascal Véron
    • 2
  • Sidi Mohamed El Yousfi Alaoui
    • 1
  1. 1.CASED – Center for Advanced Security Research DarmstadtDarmstadtGermany
  2. 2.IMATHUniversité du Sud Toulon-VarLa Garde CedexFrance

Personalised recommendations