Code-Based Zero-Knowledge Protocols and Their Applications

We present a survey of recent results in the area of zero-knowledge (ZK) protocols based on coding problems and the related Learning Parities with Noise (LPN) problem. First, we sketch the constructions of two ZK code-based identification schemes: the one based on general decoding by Jain et al. (Asiacrypt 2012) and the one based on syndrome decoding by Stern (Crypto 1993). Next, we show that these two systems can also be used to implement a proof of plaintext knowledge for the code-based public key encryption schemes: the one by McEliece and the one by Niederreiter, respectively. Finally, we briefly discuss verifiable encryption and digital signatures as applications.

[1]  Marc Fischlin,et al.  Identification Protocols Secure against Reset Attacks , 2001, EUROCRYPT.

[2]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[3]  Kazukuni Kobara,et al.  Coding-Based Oblivious Transfer , 2008, MMICS.

[4]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[5]  Pascal Véron,et al.  Improved identification schemes based on error-correcting codes , 2009, Applicable Algebra in Engineering, Communication and Computing.

[6]  John N. Pierce Limit distribution of the minimum distance of random linear codes , 1967, IEEE Trans. Inf. Theory.

[7]  Sidi Mohamed El Yousfi Alaoui,et al.  A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem , 2010, Selected Areas in Cryptography.

[8]  Raphael Overbeck,et al.  Code-based cryptography , 2009 .

[9]  Tsuyoshi Takagi,et al.  On Zero-Knowledge Identification Based on Q-ary Syndrome Decoding , 2013, 2013 Eighth Asia Joint Conference on Information Security.

[10]  Tsuyoshi Takagi,et al.  Zero-Knowledge Protocols for Code-Based Public-Key Encryption , 2015 .

[11]  Jean-Charles Faugère,et al.  A Distinguisher for High-Rate McEliece Cryptosystems , 2011, IEEE Transactions on Information Theory.

[12]  Tsuyoshi Takagi,et al.  Zero-Knowledge Protocols for the McEliece Encryption , 2012, ACISP.

[13]  Kazukuni Kobara,et al.  Semantic security for the McEliece cryptosystem without random oracles , 2008, Des. Codes Cryptogr..

[14]  Huaxiong Wang,et al.  Provably Secure Group Signature Schemes From Code-Based Assumptions , 2015, IEEE Transactions on Information Theory.

[15]  Sidi Mohamed El Yousfi Alaoui,et al.  Extended Security Arguments for Signature Schemes , 2012, AFRICACRYPT.

[16]  Ivan Damgård,et al.  Honest Verifier vs Dishonest Verifier in Public Coin Zero-Knowledge Proofs , 1995, CRYPTO.

[17]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[18]  Stephan Krenn,et al.  Commitments and Efficient Zero-Knowledge Proofs from Learning Parity with Noise , 2012, ASIACRYPT.

[19]  Kirill Morozov,et al.  Code-Based Public-Key Encryption , 2014 .

[20]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[21]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[22]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[23]  Jonathan Katz,et al.  Efficient and Non-malleable Proofs of Plaintext Knowledge and Applications , 2003, EUROCRYPT.

[24]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[25]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[26]  Jacques Stern,et al.  A new paradigm for public key identification , 1996, IEEE Trans. Inf. Theory.

[27]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[28]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[29]  Shafi Goldwasser,et al.  Proof of Plaintext Knowledge for the Ajtai-Dwork Cryptosystem , 2005, TCC.

[30]  Ron M. Roth,et al.  Introduction to Coding Theory , 2019, Discrete Mathematics.

[31]  Raphael Overbeck,et al.  A Summary of McEliece-Type Cryptosystems and their Security , 2007, J. Math. Cryptol..

[32]  Keisuke Tanaka,et al.  Zero-Knowledge Protocols for NTRU: Application to Identification and Proof of Plaintext Knowledge , 2009, ProvSec.

[33]  Pierre-Louis Cayrel,et al.  A New Efficient Threshold Ring Signature Scheme Based on Coding Theory , 2011, IEEE Trans. Inf. Theory.

[34]  Keisuke Tanaka,et al.  Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems , 2008, ASIACRYPT.

[35]  Thomas M. Cover,et al.  Enumerative source encoding , 1973, IEEE Trans. Inf. Theory.

[36]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[37]  Sidi Mohamed El Yousfi Alaoui,et al.  Extended security arguments for signature schemes , 2016, Des. Codes Cryptogr..

[38]  Tsuyoshi Takagi,et al.  Proof of plaintext knowledge for code-based public-key encryption revisited , 2013, ASIA CCS '13.

[39]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[40]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[41]  Ivan Damgård,et al.  Threshold Decryption and Zero-Knowledge Proofs for Lattice-Based Cryptosystems , 2010, TCC.