A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem

At CRYPTO'93, Stern proposed a 3-pass code-based identification scheme with a cheating probability of 2/3. In this paper, we propose a 5-pass code-based protocol with a lower communication complexity, allowing an impersonator to succeed with only a probability of 1/2. Furthermore, we propose to use double-circulant construction in order to dramatically reduce the size of the public key. The proposed scheme is zero-knowledge and relies on an NP-complete coding theory problem (namely the q-ary Syndrome Decoding problem). The parameters we suggest for the instantiation of this scheme take into account a recent study of (a generalization of) Stern's information set decoding algorithm, applicable to linear codes over arbitrary fields Fq; the public data of our construction is then 4 Kbytes, whereas that of Stern's scheme is 15 Kbytes for the same level of security. This provides a very practical identification scheme which is especially attractive for light-weight cryptography.

[1]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[2]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[3]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[4]  Christiane Peters,et al.  Information-Set Decoding for Linear Codes over Fq , 2010, PQCrypto.

[5]  Antoine Joux,et al.  Cryptanalysis of PKP: A New Approach , 2001, Public Key Cryptography.

[6]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[7]  Adi Shamir,et al.  An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract) , 1989, CRYPTO.

[8]  T. Moh On the method of "XL" and its inefficiency to TTM , 2001, IACR Cryptol. ePrint Arch..

[9]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[10]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[11]  Pascal Véron,et al.  Improved identification schemes based on error-correcting codes , 2009, Applicable Algebra in Engineering, Communication and Computing.

[12]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[13]  John N. Pierce Limit distribution of the minimum distance of random linear codes , 1967, IEEE Trans. Inf. Theory.

[14]  P. Godlewski,et al.  Coding Theory and Applications , 1986, Lecture Notes in Computer Science.

[15]  Pierre-Louis Cayrel,et al.  Secure Implementation of the Stern Authentication and Signature Schemes for Low-Resource Devices , 2008, CARDIS.

[16]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[17]  Classical Cryptography,et al.  Bonn-Aachen International Center for Information Technology , 2008 .

[18]  Oded Goldreich,et al.  Zero-Knowledge twenty years after its invention , 2002, Electron. Colloquium Comput. Complex..

[19]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[20]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[21]  David Pointcheval,et al.  A New Identification Scheme Based on the Perceptrons Problem , 1995, EUROCRYPT.

[22]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[23]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[24]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[25]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[26]  K. Chen Improved Girault identification scheme , 1994 .

[27]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[28]  Bart Preneel,et al.  MQ*-IP: An Identity-based Identification Scheme without Number-theoretic Assumptions , 2010, IACR Cryptol. ePrint Arch..

[29]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[30]  David Pointcheval,et al.  A New $$\mathcal{N}\mathcal{P} $$ -Complete Problem and Public-Key Identification , 2003 .

[31]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[32]  Hideki Imai,et al.  Comparison Between XL and Gröbner Basis Algorithms , 2004, ASIACRYPT.

[33]  Moritz Horsch,et al.  MobilePACE - Password Authenticated Connection Establishment implementation on mobile devices , 2009 .

[34]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[35]  Carlos Coronado On the security and the efficiency of the Merkle signature scheme , 2005, IACR Cryptol. ePrint Arch..

[36]  Bo-Yin Yang,et al.  All in the XL Family: Theory and Practice , 2004, ICISC.

[37]  P. Gaborit,et al.  Identity-based identification and signature schemes using correcting codes , 2007 .

[38]  Marc Girault,et al.  Lightweight code-based identification and signature , 2007, 2007 IEEE International Symposium on Information Theory.

[39]  Claus Diem,et al.  The XL-Algorithm and a Conjecture from Commutative Algebra , 2004, ASIACRYPT.

[40]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[41]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[42]  Pierre-Louis Cayrel,et al.  A New Efficient Threshold Ring Signature Scheme Based on Coding Theory , 2008, IEEE Transactions on Information Theory.

[43]  Gaëtan Leurent,et al.  An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[44]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[45]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[46]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[47]  David Pointcheval,et al.  A New NP-Complete Problem and Public-Key Identification , 2003, Des. Codes Cryptogr..

[48]  Guillaume Poupard A realistic security analysis of identification schemes based on combinatorial problems , 1997, Eur. Trans. Telecommun..

[49]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[50]  Jacques Stern,et al.  The Cryptographic Security of the Syndrome Decoding Problem for Rank Distance Codes , 1996, ASIACRYPT.

[51]  Pierre-Louis Cayrel,et al.  Identity-Based Identification and Signature Schemes using Error Correcting Codes , 2009, Identity-Based Cryptography.

[52]  Jacques Stern,et al.  Designing Identification Schemes with Keys of Short Size , 1994, CRYPTO.

[53]  Stanislav Bulygin,et al.  On lower bounds for Information Set Decoding over F_q , 2010 .

[54]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[55]  Franziskus Kiefer Effiziente Implementierung des PACE- und EACProtokolls für mobile Geräte , 2010 .

[56]  Christian Rossow,et al.  RUHR-UNIVERSITÄT BOCHUM , 2009 .

[57]  Gregor Leander,et al.  Practical Key Recovery Attacks On Two McEliece Variants , 2009, IACR Cryptol. ePrint Arch..