Improved identification schemes based on error-correcting codes

As it is often the case in public-key cryptography, the first practical identification schemes were based on hard problems from number theory (factoring, discrete logarithms). The security of the proposed scheme depends on an NP-complete problem from the theory of error correcting codes: the syndrome decoding problem which relies on the hardness of decoding a binary word of given weight and given syndrome. Starting from Stern’s scheme [18], we define a dual version which, unlike the other schemes based on the SD problem, uses a generator matrix of a random linear binary code. This allows, among other things, an improvement of the transmission rate with regards to the other schemes. Finally, by using techniques of computation in a finite field, we show how it is possible to considerably reduce:- the complexity of the computations done by the prover (which is usually a portable device with a limited computing power).- the size of the data stored by the latter.

[1]  Neal Zierler On the theorem of Gleason and Marsh , 1958 .

[2]  Adi Sbamir,et al.  An Efficient Identification Scheme Based on Permuted Kernels ( extended abstract ) , 2022 .

[3]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Adi Shamir,et al.  An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract) , 1989, CRYPTO.

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Jacques Stern,et al.  Designing Identification Schemes with Keys of Short Size , 1994, CRYPTO.

[8]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[9]  Neil J. A. Sloane,et al.  The theory of error-correcting codes (north-holland , 1977 .

[10]  Jacques Stern,et al.  On the Length of Cryptographic Hash-Values Used in Identification Schemes , 1994, CRYPTO.

[11]  Marc Girault,et al.  A (non-practical) three-pass identification protocol using coding theory , 1990, AUSCRYPT.

[12]  Elwyn R. Berlekamp,et al.  Algebraic coding theory , 1984, McGraw-Hill series in systems science.

[13]  Jeffrey S. Leon,et al.  A probabilistic algorithm for computing minimum weights of large error-correcting codes , 1988, IEEE Trans. Inf. Theory.

[14]  D. Pointcheval Neural Networks and their Cryptographic Applications , 1994 .

[15]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[16]  Elwyn R. Berlekamp,et al.  Bit-serial Reed - Solomon encoders , 1982, IEEE Transactions on Information Theory.

[17]  Sami Harari A new authentication algorithm , 1988, Coding Theory and Applications.

[18]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[19]  Florent Chabaud,et al.  On the Security of Some Cryptosystems Based on Error-correcting Codes , 1994, EUROCRYPT.

[20]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[21]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.